INN commit: trunk/doc/pod (news.pod)
Russ Allbery
rra at stanford.edu
Mon Oct 27 06:17:51 UTC 2008
Ray Banana <rayban at banana.shacknet.nu> writes:
> I used to start nnrpd in daemon mode from an init script as root. In INN
> 2.4 nnrpd will start using any privileged port I specify and spawn new
> nnrpd processes as the news user.
>
> With INN 2.5 however, even if I start nnrpd as root, it will refuse to
> bind to any other port than 119 and the one specified in --with-innd-port=
>
> innbind: cannot bind to restricted port 443 in 4,2,85.214.90.236,443
>
> This seems to be hard-coded in
>
> Line 182 of backends/innbind.c:
innbind's code is actually a red herring -- the problem is that innbind is
being invoked at all. It won't be if the bind is done as root. See
network_bind* in lib/network.c.
I haven't looked, but I suspect that nnrpd is changing users to news too
soon. It needs to do the network socket bind first and then drop
permissions. This is a bug in nnrpd; rather than documenting it, we
should just fix it (although it may take some restructuring).
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
More information about the inn-workers
mailing list