[leafnode-list] Re: Spool permissions in leafnode-2
Matthias Andree
matthias.andree at gmx.de
Wed Apr 8 22:58:34 CEST 2009
Hi Adam,
Am 08.04.2009, 14:21 Uhr, schrieb Adam Funk <a24061 at ducksburg.com>:
> After upgrading from leafnode 1.11 to 2, I noticed (while trying to
> grep for something) that the individual message files now have 600
> permissions rather than 644. In this list's archive I found the
> threads 2006-08 "[alpha] permission change for news spool" and 2005-08
> "leafnode-2.0.0.alpha20050810a snapshot available".
>
> I understand that leafnode-2 supports client access only through NNTP,
> and that making the files 644 would let malicious users add unwanted
> hard links. But I still have two questions.
>
>
> 1. If I'm willing to use looser read permissions ("trusted users"), is
> there any secret config option to make newly fetched articles 640
> rather than 600? Or would I have to chmod them after running
> fetchnews?
Hm - I was under the impression we're doing that already (actually 0660 &
~umask), but indeed it's 0600. That's unintentional, but will likely need
a fix in several places.
> 2. At the end of [1] it says "(leafnode-1 tracks the seen Message-IDs
> as it offers spool access officially, leafnode-2 doesn't, so
> removing user access to the spool is the natural fix.)" --- I don't
> understand what "tracks the seen Message-IDs" means --- does this
> refer to part of texpire's operation?
Indeed it does.
Leafnode-1 and -2 currently use roughly the same spool format:
Assuming an instact spool, each article has at least two links, one in the
message.id/NNN/ (*) directory, and one in the news/group/ directories (or
more if an article is cross-posted to multiple groups you're subscribed
to).
texpire works in two phases. Phase 1 will look at when the threads in a
particular newsgroup were last read and unlink those links from the
news/group/ directories that are past expiry date for the group. After
that, in phase 2, it will traverse the message.id/ directories and unlink
all files that have just one link.
Since the link count is unreliable with a world-readable newsspool:
leafnode-2 does not make these directories or articles world-readable and
continues to use the link count.
Leafnode-1 was designed to offer a traditional (i. e. world-readable)
spool and cannot use the link count. Instead, it records the Message-IDs
of articles it kept during the 1st phase, creating up to 1,000 files named
message.id/NNN/mids - this is the "tracks the seen Message-IDs" part that
you quoted - and these "mids" files get reused in phase 2. The IDs listed
in these "mids" files are protected from expiry, the other files are
removed. This security fix is in place since 1.9.52 which was released 5
years and 5 days ago.
(*) NNN is calculated by a cheapo hash function that changed in the very
early 2.0 snapshots, thus the need to run texpire -r after a 1->2 upgrade.
> (BTW, I really like the new features in leafnode-2, especially the
> stuff that supports slrn's find-children and reconstruct-thread
> commands, as well as "fetchnews -M <mid>".)
Glad you like it. :-)
--
Matthias Andree
More information about the leafnode-list
mailing list