inn.conf: Support for `newsuser', `newsgrp' options (patch is, hopefully, included)
Russ Allbery
rra at stanford.edu
Fri Dec 21 18:59:57 UTC 2007
Ivan Shmakov <oneingray at gmail.com> writes:
>>>>>> Julien ÉLIE <julien at trigofacile.com> writes:
> > It is a bit different in INN 2.5 since inndstart is no longer used:
> > backends/innbind is now starting everything and it will not change
> > users. So perhaps get_news_uid_gid() should not be used there and
> > the code kept intact (?)
>
> > /* If we're running privileged (effective and real UIDs are different),
> > convert NEWSUSER to a UID and exit if run by another user. Don't do
> > this if we're not running privileged to make installations that don't
> > need privileged ports easier and to make testing easier. */
> > real_uid = getuid();
> > if (real_uid != geteuid()) {
>
> Looks like `ensure_news_user (0)' will fit there, like:
ensure_news_user setuids to the news user, which is the wrong thing to do
for innbind. It needs to continue running as root and just needs to check
that its real UID is the same as the news user (for security reasons).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list