[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
On Mon, 15 Aug 2005, Matthias Andree wrote:
> Theodore Heise schrieb am 2005-08-14:
> > chmod -R o= /usr/local/news
> This may take a looong time on a large spool, but it should not...
Oh, sorry. I probably didn't wait long enough.
> > I'm thinking this isn't the right command, because it just hung.
> ...hang. I presume your hard disk drive is on the silent side of things
> so you might not have heard the seeking noise. :)
I doubt it's that silent, but it wouldn't have mattered since it was
in the basement and I was connected via ssh from the second story of
the house. I ran it again, and it completed without error in about
> Some intermediate versions ran the chmod themselves upon install,
> which caused user complaints from those running larger spools, so
> I made it into an instruction shown to the user. The next snapshot
> will add a note that this chmod can take a long time to run.
I'm pretty sure I already had all sub-directories set to news for
both user and group, but the note said it needed to be run if
updating from some 2004 version (don't recall which one).
> > Do I need to also change permissions of directories in the
> > spool?
> Revoking read and execute rights for "other" users prevents
> malicious users from setting hard links to articles, which would
> cause texpire to skip the hardlinked articles, and ultimately fill
> up your disk.
Okay, I have no permissions for "other" so I should be okay.
> If only trusted persons have file system access, or if
> /usr/local/news is a file system (mount point) in its own right,
> you can forget about this issue, as there are either no malicious
> users per the assumption, or there cannot be malicious hard links
> as hard links cannot cross file system boundaries.
Good information, thanks. I'm the only user on this system (except
for a few remote folks with access to smtp and imap), but I still
like keeping things as secure as possible.
Thanks for your patience with my questions.
Theodore (Ted) Heise <theo@xxxxxxxx> Bloomington, IN, USA
leafnode-list mailing list