[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available

To: Matthias Andree <matthias.andree@xxxxxx>
Subject: Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
From: Theodore Heise <theo@xxxxxxxx>
Date: Sun, 14 Aug 2005 22:22:30 -0500 (EST)
Delivery-date: Mon, 15 Aug 2005 05:23:38 +0200
List-id: Discussions on the Leafnode Usenet software package <leafnode-list.dt.e-technik.uni-dortmund.de>
Sender: leafnode-list-bounces+list01=leafnode.de@xxxxxxxxxxxxxxxxxxxxxxxxxxxx

On Mon, 15 Aug 2005, Matthias Andree wrote:

> Theodore Heise schrieb am 2005-08-14:
>
> > chmod -R o= /usr/local/news
>
> This may take a looong time on a large spool, but it should not...

Oh, sorry.  I probably didn't wait long enough.

> > I'm thinking this isn't the right command, because it just hung.
>
> ...hang. I presume your hard disk drive is on the silent side of things
> so you might not have heard the seeking noise. :)

I doubt it's that silent, but it wouldn't have mattered since it was
in the basement and I was connected via ssh from the second story of
the house.  I ran it again, and it completed without error in about
two minutes.

> Some intermediate versions ran the chmod themselves upon install,
> which caused user complaints from those running larger spools, so
> I made it into an instruction shown to the user. The next snapshot
> will add a note that this chmod can take a long time to run.

I'm pretty sure I already had all sub-directories set to news for
both user and group, but the note said it needed to be run if
updating from some 2004 version (don't recall which one).

> > Do I need to also change permissions of directories in the
> > spool?
>
> Revoking read and execute rights for "other" users prevents
> malicious users from setting hard links to articles, which would
> cause texpire to skip the hardlinked articles, and ultimately fill
> up your disk.

Okay, I have no permissions for "other" so I should be okay.

> If only trusted persons have file system access, or if
> /usr/local/news is a file system (mount point) in its own right,
> you can forget about this issue, as there are either no malicious
> users per the assumption, or there cannot be malicious hard links
> as hard links cannot cross file system boundaries.

Good information, thanks.  I'm the only user on this system (except
for a few remote folks with access to smtp and imap), but I still
like keeping things as secure as possible.

Thanks for your patience with my questions.

-- 
Theodore (Ted) Heise     <theo@xxxxxxxx>     Bloomington, IN, USA
-- 
_______________________________________________
leafnode-list mailing list
leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx
http://www.dt.e-technik.uni-dortmund.de/mailman/listinfo/leafnode-list
http://leafnode.sourceforge.net/

References:
- [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
  - From: Matthias Andree
- Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
  - From: Theodore Heise
- Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
  - From: Matthias Andree

Prev by Date: Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
Next by Date: [leafnode-list] Common direcoty header for groups
Previous by thread: Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
Next by thread: [leafnode-list] possible bug in leafnode-2.0.0.alpha?
Index(es):
- Date
- Thread