INN commit: trunk (doc/pod/news.pod nnrpd/nnrpd.c)

INN Commit Russ_Allbery at isc.org
Sun Nov 16 18:58:30 UTC 2008


    Date: Sunday, November 16, 2008 @ 10:58:29
  Author: iulius
Revision: 8161

Fix a bug in nnrpd:  it was dropping its permissions to news too soon
(before the binding of the network socket).

Remove that remark from the upgrade process.  Add a few remarks on
inn.conf instead (TLS support without sasl.conf and incominglogfrequency
parameter).

Modified:
  trunk/doc/pod/news.pod
  trunk/nnrpd/nnrpd.c

------------------+
 doc/pod/news.pod |   16 ++++++++++------
 nnrpd/nnrpd.c    |   15 ++++++++-------
 2 files changed, 18 insertions(+), 13 deletions(-)

Modified: doc/pod/news.pod
===================================================================
--- doc/pod/news.pod	2008-11-15 15:35:23 UTC (rev 8160)
+++ doc/pod/news.pod	2008-11-16 18:58:29 UTC (rev 8161)
@@ -6,12 +6,16 @@
 
 =item *
 
-By default, innbind(8) refuses to bind to any port under 1024 other than 119,
-433 and 563 for security reasons.  In order to run B<innd> or B<nnrpd>
-on a different port under 1024, you will have to use the B<--with-innd-port>
-configure option if there is only one supplementary port to use.  Otherwise,
-you can use inetd(8), xinetd(8), or some equivalent, to achieve your need.
+The parameters used by B<nnrpd> to provide TLS support are now I<tlscafile>,
+I<tlscapath>, I<tlscertfile> and I<tlskeyfile> in F<inn.conf>.  The F<sasl.conf>
+file used for that in previous versions of INN is obsolete.  B<innupgrade>
+takes care of the change during C<make update>.
 
+=item *
+
+The I<nntpactsync> parameter has been renamed to I<incominglogfrequency>
+in F<inn.conf>; B<innupgrade> handles this renaming during the update.
+
 =back
 
 =head1 Changes in 2.5.0
@@ -1275,7 +1279,7 @@
 =item *
 
 Support for B<actsyncd> to fetch F<active> file with B<ftp>; configured by default
-to use ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z if you run B<actsyncd>.
+to use <ftp://ftp.isc.org/pub/usenet/CONFIG/active.Z> if you run B<actsyncd>.
 Be sure to read the manual page for B<actsync> to configure an F<actsync.ign>
 file for your site, and test B<simpleftp> if you do not C<configure> with B<wget>
 or B<ncftp>.  Also see L<ftp://ftp.isc.org/pub/usenet/CONFIG/README>.

Modified: nnrpd/nnrpd.c
===================================================================
--- nnrpd/nnrpd.c	2008-11-15 15:35:23 UTC (rev 8160)
+++ nnrpd/nnrpd.c	2008-11-16 18:58:29 UTC (rev 8161)
@@ -851,13 +851,6 @@
     else
         NNRPACCESS = concatpath(innconf->pathetc,INN_PATH_NNRPACCESS);
 
-    /* If started as root, switch to news uid.  Unlike other parts of INN, we
-     * don't die if we can't become the news user.  As long as we're not
-     * running as root, everything's fine; the things we write it's okay to
-     * write as a member of the news group. */
-    if (getuid() == 0) {
-        ensure_news_user_grp(true, true);
-    }
 
     if (DaemonMode) {
         if (ListenAddr6 != NULL)
@@ -869,6 +862,14 @@
         if (lfd < 0)
             die("can't bind to any addresses");
 
+        /* If started as root, switch to news uid.  Unlike other parts of INN, we
+         * don't die if we can't become the news user.  As long as we're not
+         * running as root, everything's fine; it's okay to write the things we
+         * write as a member of the news group. */
+        if (getuid() == 0) {
+            ensure_news_user_grp(true, true);
+        }
+
 	/* Detach. */
 	if (!ForeGroundMode) {
 	    daemonize("/");




More information about the inn-committers mailing list