[leafnode-list] Spool permissions in leafnode-2

Adam Funk a24061 at ducksburg.com
Wed Apr 8 14:21:16 CEST 2009


After upgrading from leafnode 1.11 to 2, I noticed (while trying to
grep for something) that the individual message files now have 600
permissions rather than 644.  In this list's archive I found the
threads 2006-08 "[alpha] permission change for news spool" and 2005-08
"leafnode-2.0.0.alpha20050810a snapshot available".

I understand that leafnode-2 supports client access only through NNTP,
and that making the files 644 would let malicious users add unwanted
hard links.  But I still have two questions.


1. If I'm willing to use looser read permissions ("trusted users"), is
   there any secret config option to make newly fetched articles 640
   rather than 600?  Or would I have to chmod them after running
   fetchnews?

2. At the end of [1] it says "(leafnode-1 tracks the seen Message-IDs
   as it offers spool access officially, leafnode-2 doesn't, so
   removing user access to the spool is the natural fix.)" --- I don't
   understand what "tracks the seen Message-IDs" means --- does this
   refer to part of texpire's operation?


(BTW, I really like the new features in leafnode-2, especially the
stuff that supports slrn's find-children and reconstruct-thread
commands, as well as "fetchnews -M <mid>".)


Thanks,
Adam


[1]
http://article.gmane.org/gmane.network.leafnode/3163/




More information about the leafnode-list mailing list