[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available

On Mon, 15 Aug 2005, Matthias Andree wrote:

> Theodore Heise schrieb am 2005-08-14:
> > chmod -R o= /usr/local/news
> This may take a looong time on a large spool, but it should not...

Oh, sorry.  I probably didn't wait long enough.

> > I'm thinking this isn't the right command, because it just hung.
> ...hang. I presume your hard disk drive is on the silent side of things
> so you might not have heard the seeking noise. :)

I doubt it's that silent, but it wouldn't have mattered since it was
in the basement and I was connected via ssh from the second story of
the house.  I ran it again, and it completed without error in about
two minutes.

> Some intermediate versions ran the chmod themselves upon install,
> which caused user complaints from those running larger spools, so
> I made it into an instruction shown to the user. The next snapshot
> will add a note that this chmod can take a long time to run.

I'm pretty sure I already had all sub-directories set to news for
both user and group, but the note said it needed to be run if
updating from some 2004 version (don't recall which one).

> > Do I need to also change permissions of directories in the
> > spool?
> Revoking read and execute rights for "other" users prevents
> malicious users from setting hard links to articles, which would
> cause texpire to skip the hardlinked articles, and ultimately fill
> up your disk.

Okay, I have no permissions for "other" so I should be okay.

> If only trusted persons have file system access, or if
> /usr/local/news is a file system (mount point) in its own right,
> you can forget about this issue, as there are either no malicious
> users per the assumption, or there cannot be malicious hard links
> as hard links cannot cross file system boundaries.

Good information, thanks.  I'm the only user on this system (except
for a few remote folks with access to smtp and imap), but I still
like keeping things as secure as possible.

Thanks for your patience with my questions.

Theodore (Ted) Heise     <theo@xxxxxxxx>     Bloomington, IN, USA
leafnode-list mailing list