INN commit: branches/2.5 (8 files)

Sat Feb 8 13:56:55 UTC 2014

Date: Saturday, February 8, 2014 @ 05:56:54
  Author: iulius
Revision: 9599

add a valid shell when su'ing to the news user

Pass "-s /bin/sh" to "su news" to cope with the change of the news
user's shell in base-passwd 3.5.30.

Thanks to Colin Watson for the patch.

Modified:
  branches/2.5/CONTRIBUTORS
  branches/2.5/contrib/sample.init.script
  branches/2.5/contrib/sample.init.systemd
  branches/2.5/doc/pod/checklist.pod
  branches/2.5/doc/pod/install.pod
  branches/2.5/doc/pod/nnrpd.pod
  branches/2.5/doc/pod/rc.news.pod
  branches/2.5/scripts/rc.news.in

-----------------------------+
 CONTRIBUTORS                |    3 ++-
 contrib/sample.init.script  |    8 ++++----
 contrib/sample.init.systemd |    2 +-
 doc/pod/checklist.pod       |   10 +++++-----
 doc/pod/install.pod         |   10 +++++-----
 doc/pod/nnrpd.pod           |    2 +-
 doc/pod/rc.news.pod         |    6 +++---
 scripts/rc.news.in          |    4 ++--
 8 files changed, 23 insertions(+), 22 deletions(-)

Modified: CONTRIBUTORS
===================================================================

--- CONTRIBUTORS	2014-02-08 13:48:49 UTC (rev 9598)
+++ CONTRIBUTORS	2014-02-08 13:56:54 UTC (rev 9599)
@@ -275,4 +275,5 @@
 Lars Magne Ingebrigtsen, Sam Varshavchik, Matthew Vernon, Ian Jackson,
 Edmund H. Ramm, Raphael Barrois, Bo Lindbergh, Matthias Meyser,
 Dennis Preiser, Paolo Amoroso, Dennis Davis, River Tarnell, Jochen Schmitt,
-Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs
+Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs,
+Colin Watson

Modified: contrib/sample.init.script
===================================================================
--- contrib/sample.init.script	2014-02-08 13:48:49 UTC (rev 9598)
+++ contrib/sample.init.script	2014-02-08 13:56:54 UTC (rev 9599)
@@ -11,11 +11,11 @@
 start () {
     ulimit -n unlimited
     # Start INN.
-    su news -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
+    su news -s /bin/sh -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
     # Start another nnrpd daemon, handling initial TLS connections, on port 563.
     # (The preferred way would be to use port 119 and STARTTLS but not all news
     # readers support it yet.)
-    #su news -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news 2>&1
+    #su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news 2>&1
 }
 
 case "$1" in
@@ -26,10 +26,10 @@
 
 stop)
     # Stop INN.
-    su news -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
+    su news -s /bin/sh -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
     # Stop possible other nnrpd daemons.  One of the two following commands is enough.
     #start-stop-daemon --stop --name nnrpd --quiet --oknodo
-    #su news -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
+    #su news -s /bin/sh -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
     ;;
 
 reload|force-reload)

Modified: contrib/sample.init.systemd
===================================================================
--- contrib/sample.init.systemd	2014-02-08 13:48:49 UTC (rev 9598)
+++ contrib/sample.init.systemd	2014-02-08 13:56:54 UTC (rev 9599)
@@ -13,7 +13,7 @@
 PIDFile=/run/news/innd.pid
 Type=forking
 ExecStart=/usr/libexec/news/rc.news
-ExecStop=/bin/su -m news -c '/usr/libexec/news/rc.news stop'
+ExecStop=/bin/su -m news -s /bin/sh -c '/usr/libexec/news/rc.news stop'
 KillMode=control-group
 
 [Install]

Modified: doc/pod/checklist.pod
===================================================================
--- doc/pod/checklist.pod	2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/checklist.pod	2014-02-08 13:56:54 UTC (rev 9599)
@@ -35,9 +35,9 @@
 You want to be careful that things in that directory stay owned by
 C<news> S<-- but> you can't just C<chown -R news:news> after the install,
 because you may have binaries that are SUID root.  You can do the build
-as any user, but you need to be root when doing C<make install> so as
-to set the permissions correctly.  After that point, though, you may
-want to C<su news> to avoid creating any files as root.  (For routine
+as any user, but you need to be root when doing C<make install> so as to
+set the permissions correctly.  After that point, though, you may want to
+C<su news -s /bin/sh> to avoid creating any files as root.  (For routine
 maintenance once INN is working, you can generally be root.  However,
 it is always better to be accustomed to doing that as the news user.)
 
@@ -227,7 +227,7 @@
 Start B<innd> by running I<pathbin>/rc.news B<as the news user>.  It
 is also what you should launch in your init scripts:
 
-    su news -c <pathbin in inn.conf>/rc.news
+    su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
 
 Check I<pathlog>/news.notice to see if everything went well; also use
 C<ps> to see if B<innd> is running.
@@ -331,7 +331,7 @@
 You then need to start a second B<nnrpd> to listen to these connections
 to NNTPS port 563 and put something like that in your init scripts:
 
-    su news -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p 563 -S'
+    su news -s /bin/sh -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p 563 -S'
 
 Note that a news client which supports the STARTTLS command can also
 use the conventional NNTP port 119 to initiate a TLS connection.  However,

Modified: doc/pod/install.pod
===================================================================
--- doc/pod/install.pod	2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/install.pod	2014-02-08 13:56:54 UTC (rev 9599)
@@ -1454,7 +1454,7 @@
 or, if your system does not have per-user crontabs, put the following line
 into your system crontab instead:
 
-    0 3 * * * su -c '<pathbin in inn.conf>/news.daily expireover lowmark' news
+    0 3 * * * su news -s /bin/sh -c '<pathbin in inn.conf>/news.daily expireover lowmark'
 
 If you're using any non-CNFS storage methods, add C<delayrm> to the above
 option list for B<news.daily>.
@@ -1534,7 +1534,7 @@
 news user and not as root.  To start INN on system boot, you therefore
 want to put something like:
 
-    su news -c <pathbin in inn.conf>/rc.news
+    su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
 
 in the system boot scripts.  If B<innd> is stopped or killed, you can restart
 it by running B<rc.news> by hand as the news user.
@@ -1542,7 +1542,7 @@
 The B<rc.news> script may also be used to shut down INN, with the C<stop>
 option:
 
-    su news -c '<pathbin in inn.conf>/rc.news stop'
+    su news -s /bin/sh -c '<pathbin in inn.conf>/rc.news stop'
 
 In the F<contrib> directory of this source tree, two sample init scripts are provided:  one
 for people using System V-style init.d directories, and another for people
@@ -1552,7 +1552,7 @@
 B<nnrpd> to listen to these connections to NNTPS port 563 and put something
 like that in your init scripts:
 
-    su news -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in inn.conf>/readers-ssl.conf -p 563 -S'
+    su news -s /bin/sh -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in inn.conf>/readers-ssl.conf -p 563 -S'
 
 where F<readers-ssl.conf> is the file which indicates whether a given
 connection is allowed to read and post news (you can also use the
@@ -1567,7 +1567,7 @@
 
 or if you do not have a B<start-stop-daemon> utility:
 
-    su news -c 'killall nnrpd'
+    su news -s /bin/sh -c 'killall nnrpd'
 
 =head1 Processing Newsgroup Control Messages
 

Modified: doc/pod/nnrpd.pod
===================================================================
--- doc/pod/nnrpd.pod	2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/nnrpd.pod	2014-02-08 13:56:54 UTC (rev 9599)
@@ -213,7 +213,7 @@
 B<nnrpd> to listen on that port through some other means.  This can be
 done with the B<-D> flag along with C<-p 563> and put into your init scripts:
 
-    su news -c '<pathbin>/nnrpd -D -p 563 -S'
+    su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S'
 
 but the easiest way is probably to add a line like:
 

Modified: doc/pod/rc.news.pod
===================================================================
--- doc/pod/rc.news.pod	2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/rc.news.pod	2014-02-08 13:56:54 UTC (rev 9599)
@@ -67,16 +67,16 @@
 
 To start INN and leave certain error messages going to the terminal:
 
-       su - news -c <pathbin in inn.conf>/rc.news
+       su - news -s /bin/sh -c <pathbin in inn.conf>/rc.news
 
 To run INN at startup time from appropriate system boot scripts:
 
-       su - news -c <pathbin>/rc.news >/dev/console
+       su - news -s /bin/sh -c <pathbin>/rc.news >/dev/console
 
 To stop INN (throttling first):
 
        <pathbin>/ctlinnd throttle reason
-       su - news -c '<pathbin>/rc.news stop'
+       su - news -s /bin/sh -c '<pathbin>/rc.news stop'
 
 =head1 BUGS
 

Modified: scripts/rc.news.in
===================================================================
--- scripts/rc.news.in	2014-02-08 13:48:49 UTC (rev 9598)
+++ scripts/rc.news.in	2014-02-08 13:56:54 UTC (rev 9599)
@@ -3,10 +3,10 @@
 
 ##  $Revision$
 ##  News boot script.  Runs as "news" user.  Run from rc.whatever as:
-##     su news -c /path/to/rc.news >/dev/console
+##     su news -s /bin/sh -c /path/to/rc.news >/dev/console
 ##
 ##  Or to stop INN:
-##     su news -c '/path/to/rc.news stop'
+##     su news -s /bin/sh -c '/path/to/rc.news stop'
 
 waitforpid()
 {

