inn.conf: Support for `newsuser', `newsgrp' options (patch is, hopefully, included)
Ivan Shmakov
oneingray at gmail.com
Sat Dec 22 03:17:06 UTC 2007
>>>>> Russ Allbery <rra at stanford.edu> writes:
>>> It is a bit different in INN 2.5 since inndstart is no longer used:
>>> backends/innbind is now starting everything and it will not change
>>> users. So perhaps get_news_uid_gid() should not be used there and
>>> the code kept intact (?)
>>> /* If we're running privileged (effective and real UIDs are different),
>>> convert NEWSUSER to a UID and exit if run by another user. Don't do
>>> this if we're not running privileged to make installations that don't
>>> need privileged ports easier and to make testing easier. */
[...]
>> Looks like `ensure_news_user (0)' will fit there, like:
> ensure_news_user setuids to the news user, which is the wrong thing to do
> for innbind. It needs to continue running as root and just needs to check
> that its real UID is the same as the news user (for security reasons).
Not exactly. Its signature is:
void ensure_news_user (int may_setuid_p);
When MAY_SETUID_P is false it doesn't try to setuid ().
More information about the inn-workers
mailing list