[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available

Theodore Heise schrieb am 2005-08-14:

> > Leafnode 2.0.0.alpha20050810a is available from
> > http://home.pages.de/~mandree/leafnode/beta/
> Thanks for this very useful program, Matthias!

You're welcome.

> I just installed this version over the leafnode-2.0.0.alpha20031221a
> version I've been happliy using for years.  When I finished make
> install I got a message to change permissions on the spool:
> chmod -R o= /usr/local/news

This may take a looong time on a large spool, but it should not...

> I'm thinking this isn't the right command, because it just hung.  I

...hang. I presume your hard disk drive is on the silent side of things
so you might not have heard the seeking noise. :)

Some intermediate versions ran the chmod themselves upon install, which
caused user complaints from those running larger spools, so I made it
into an instruction shown to the user. The next snapshot will add a note
that this chmod can take a long time to run.

I can imagine some reasons why chmod might hang: a. kernel bug, b. file
system corruption, c. recursive links (might happen once in a while), d.
mandatory lock (requires mount option, rather uncommon).

> changed the permissions of the directory to drwxrwsr-x, and things
> seem to be working okay now.  Do I need to also change permissions
> of directories in the spool?  Here's what I have:

Revoking read and execute rights for "other" users prevents malicious
users from setting hard links to articles, which would cause texpire to
skip the hardlinked articles, and ultimately fill up your disk.

If only trusted persons have file system access, or if /usr/local/news
is a file system (mount point) in its own right, you can forget about
this issue, as there are either no malicious users per the assumption,
or there cannot be malicious hard links as hard links cannot cross file
system boundaries.

(leafnode-1 tracks the seen Message-IDs as it offers spool access
officially, leafnode-2 doesn't, so removing user access to the spool is
the natural fix.)

Matthias Andree
leafnode-list mailing list