Directory Permission Failure

[Russ Allbery]

Peter Taschner <peter.taschner at space.at> writes:

> When storing articles I get the following error:

> Jun  4 13:15:09 kali innd: [ID 490418 news.error] tradspool: could not
> make directory /opt/news/spool/articles/at/space/igps Permission
> denied
> Jun  4 13:15:09 kali innd: [ID 492761 news.error] SERVER cant store
> article: Permission denied

innd only ever tries to create directories if it received an error when
attempting to just create the article file directly, so you have some
other problem here.  innd was unable to create a file in that directory
for some reason.

> The user as which inn is run is news:
> <kali:root>/opt/news/spool/articles/at/space # niscat passwd.org_dir |
> grep news
> news:*LK*:119:119:news server
> admin:/home/news:/usr/bin/bash:12565::::::
> <kali:root>/opt/news/spool/articles/at/space # groups news
> news staff

> The article storage dir is a symlink to an automounted NFS proj dir:
> <kali:root>/opt/news/spool/articles/at/space # ls -la
> drwxrwxr-x   2 news     news         512 Jun  1 18:10 .
> drwxrwxr-x   3 news     news         512 May 27 10:34 ..
> lrwxrwxrwx   1 root     other         22 Jun  1 18:10 igps ->
> /proj/igps/mailarchive

> root at jupiter:~# ls -la /proj/igps
> drwxr-s---  10 wer      staff        512 Jun  1 18:09 .
> dr-xr-xr-x   2 root     root           2 Jun  7 08:36 ..
> drwxrwxr-x   2 news     news         512 Jun  7 00:55 mailarchive

Ah, you're relying on supplemental groups to give INN access to its
spool.  inndstart doesn't preserve supplemental groups.  By the time that
innd is running, it won't be in the staff group any more, and therefore
won't be able to traverse /proj/igps.

This is fixed in CURRENT, which uses a completely different method to
start innd.

I'm afraid that there isn't an easy fix for this in STABLE.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>