rc.news: checking whether we run as the news user

Mon Oct 20 00:29:59 UTC 2014

On 19/10/2014 13:39, Russ Allbery wrote: 

> Julien ÉLIE <julien at trigofacile.com> writes:
> 
>> In the rc.news man page, there is a BUGS section that mentions:
> 
>> "Running rc.news start as root is never the right thing to do, so we should at minimum check for this and error, or perhaps change effective user ID."
> 
>> I suggest to check whether rc.news is run as another user ID than the "news" user (in all cases, be it start or stop). If it is the case, we exit with the error:
> 
>> rc.news should be run as the "news" user
> 
>> where "news" is in fact the value of the runasuser keyword in inn.conf (the real news user). I don't think we should change effective user ID (if root). It might hide another issue. I don't think I ever said explicitly here, but I think it would be fine tochange users. However, that's rather hard to do safely. I suppose we

How can that be hard to do safely? Other software, far far far more
popular and in much wider and heavier use has been doing it since adam
was a boy, like apache's httpd, sendmail, postfix, dovecot, pureftpd,
bind... the list goes on...

I think the issue here is rc.news is wrongly named, since most sys
admins would see that and say, oh ok, that goes in (or links to)
/etc/rc.d or /etc/<insert_your_os's_init_dir> and call it as rc.news
start|stop|restart etc, but clearly this is however not what rc.news is
for, requiring a wrapper to call it, change to user news before calling
that script. It's also a PITA if something goes wrong, leaving all these
sleeps and innwatches running since most sys admins would assume rc.news
stop would actually stop everything, programmers sometimes need to think
like sys admins, the ones who you rely on to install, configure, and
use, your software :) 

Someone recently mentioned about time management in getting things
running, usually if something doesn't work after an hour or two of
effort from start to end-user usable, I piss it off and find something
else that does, and I know I'm not alone in that mindset, since I
consider anything that complex to get going would be a nightmare to
problem solve should the need arise. So something that requires minimal
fuss, would be used, recommended to others when asked for opinions, and
the software becomes more popular as word of mouth helps propagate it,
so basically making it as easy to use as possible will help the newbies,
not frustrate them into using software X instead of yours.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20141020/e6f8eb14/attachment.html>