[leafnode-list] leafnode-2.0.0.alpha20050810a snapshot available
Theodore Heise
theo at heise.nu
Mon Aug 15 05:22:30 CEST 2005
On Mon, 15 Aug 2005, Matthias Andree wrote:
> Theodore Heise schrieb am 2005-08-14:
>
> > chmod -R o= /usr/local/news
>
> This may take a looong time on a large spool, but it should not...
Oh, sorry. I probably didn't wait long enough.
> > I'm thinking this isn't the right command, because it just hung.
>
> ...hang. I presume your hard disk drive is on the silent side of things
> so you might not have heard the seeking noise. :)
I doubt it's that silent, but it wouldn't have mattered since it was
in the basement and I was connected via ssh from the second story of
the house. I ran it again, and it completed without error in about
two minutes.
> Some intermediate versions ran the chmod themselves upon install,
> which caused user complaints from those running larger spools, so
> I made it into an instruction shown to the user. The next snapshot
> will add a note that this chmod can take a long time to run.
I'm pretty sure I already had all sub-directories set to news for
both user and group, but the note said it needed to be run if
updating from some 2004 version (don't recall which one).
> > Do I need to also change permissions of directories in the
> > spool?
>
> Revoking read and execute rights for "other" users prevents
> malicious users from setting hard links to articles, which would
> cause texpire to skip the hardlinked articles, and ultimately fill
> up your disk.
Okay, I have no permissions for "other" so I should be okay.
> If only trusted persons have file system access, or if
> /usr/local/news is a file system (mount point) in its own right,
> you can forget about this issue, as there are either no malicious
> users per the assumption, or there cannot be malicious hard links
> as hard links cannot cross file system boundaries.
Good information, thanks. I'm the only user on this system (except
for a few remote folks with access to smtp and imap), but I still
like keeping things as secure as possible.
Thanks for your patience with my questions.
--
Theodore (Ted) Heise <theo at heise.nu> Bloomington, IN, USA
More information about the leafnode-list
mailing list