headers
Andreas Gredler | 1 Jun 2002 05:49
Picon
Favicon

Problems with authorization and /etc/shadow


Hello,

I realized strange behaviour of my innserver (2.2.3): When I make
/etc/shadow world-readable I can use /etc/shadow to do the
authorization. Because of this maximum security risk this is not a good
solution, so I tried to change back to my default permissions for
/etc/shadow (-rw-r-------   root   shadow) and added user news to the
shadow group. Unfortunately this did not work. Can anyone explain this ?

After trying different things I stopped innd and started only nnrpd,
only with -D flag. This works fine, also when user news is not part of
shadow-group. So why doesn´t it work when nnrpd is called from innd ?

Finally, as i tried to run innd as user root I was just wondering that
ist was again started as user news ? (starting with rc.news).
Now I was completely confused and hope someone can give me some hints
what´s going on.

best regards Andreas Gredler
Permalink | Reply | 2 comments |
headers
Katsuhiro Kondou | 1 Jun 2002 07:36

Re: Problems in news hierachy


In article <3CF1F90B.20007 <at> unav.es>,
	Ignacio Bernal <ibernal <at> unav.es> wrote;

} i'm triying to configure a server to get articles from a master serve=
r.
} (my server is I've several questions :
} =

}     - How can i download only several groups.
}     - How can i control when to sync with the master
} =

} Thanks in advance and sorry for my english , I=F1aki
} =

} P.D.: the server i'm triying to configure, is just defined as a feed =
in
} the master server.

It sounds like you misunderstand how news artcles flow.
Please forgive me, if I do misunderstand you.  News
articles are fed by the server explicitly, and it's not
by downloading them.  To send articles, see INSTALL.
-- =

Katsuhiro Kondou
Permalink | Reply | 0 comments |
headers
Kiernan, Alex | 1 Jun 2002 20:28

RE: SSL (patch 1)


I'll look to apply these in the next few days - I'm currently cleaning up
nnrpd with Purify, once I've dealt with all that I can find, I'll start
applying these.

-- 
Alex Kiernan, Principal Engineer, Development, THUS plc

> -----Original Message-----
> From: Bear Giles [mailto:bear <at> coyotesong.com] 
> Sent: 26 May 2002 17:39
> To: inn-patches <at> isc.org
> Subject: SSL (patch 1)
> 
> 
> Following are a series of patches to the SSL code.  It's a number of
> small patches, instead of one large patch, because most projects have
> an easier time handling the small patches.  It also makes it easier
> for someone more familiar with the architecture of the code to catch
> an oversight.
> 
> The first patch adds calls to SSL_get_error() after SSL_read() and
> SSL_write().  It is necessary because the standard 'errno' function
> can't encode SSL-specific problems.
> 
> Bear Giles
> 
> 
> -- Attached file included as plaintext by Ecartis --
> -- Desc: /tmp/inn1
(Continue reading)

Permalink | Reply | 0 comments |
headers
kajan | 2 Jun 2002 16:38
Picon
Picon

deleting old article


Hi all,

Is there anyway I can delete one month old articles. I have to delete
articles belongs 4th -9th of last month. After the 9th is the articles
expired properly according to expire.ctl.

Regards

Kajan
Permalink | Reply | 2 comments |
headers
Jeffrey M. Vinocur | 2 Jun 2002 17:59

Re: nnrpd & NEXT trouble


On Thu, 30 May 2002, Pavel V. Knyazev wrote:

> 211 47976 833479 881853 alt.binaries.sounds.mp3
> next
> [................NNRPD HANGS UP HERE FOR 60 SECS...............]
> 223 842922 <gic5fuk1bgpc8i59q1i8sfree6asucsas1 <at> 4ax.com> Article retrieved;
> reque
> st text separately.

Is nnrpdcheckart in inn.conf true?  If so, I bet that's the problem -- try 
attaching to nnrpd with gdb and seeing if it is frantically opening and 
closing articles to make sure they exist.

I don't have a good solution; I never had this problem until relatively 
recently, and it seems to have started suddenly despite the number of 
articles in my never-expiring groups growing at a steady rate.  I had to 
disable nnrpdcheckart, which is a user-visible change in trn (lots of 
"skipping unavailable article" messages while reading), for lack of any 
better ideas.

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 3 comments |
headers
Katsuhiro Kondou | 3 Jun 2002 01:32

Re: problem dishing out recieved news threads.


In article <000901c2065a$8718d4d0$837c7541 <at> stanton.crystalauto.com>,
	"Andrew Holdeman" <andy <at> crystalauto.com> wrote;

} My problem right now is the server downloads every one of the proper
} threads I'm telling it to, but when my client pc connects up to the
} server to retrieve a list it doesn't bring up anything.

I don't understand what's going on, but can you investigate
the problem to the protocol level(nntp)?  Namely, can you
examine what is wrong with the result of certain command?
--

-- 
Katsuhiro Kondou
Permalink | Reply | 0 comments |
headers
Jeffrey M. Vinocur | 3 Jun 2002 02:04

Re: INND server Crashed... trying to fix.


On Thu, 30 May 2002, McPheeters, Scott wrote:

> May 30 10:49:12 mwnews innd: SERVER cant dbzinit /var/lib/news/history
> Numerical argument out of domain

Have you run inncheck (with -a or -perm), or manually checked the 
ownership on the database files is correct?

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 0 comments |
headers
ali mutlu aydin | 3 Jun 2002 02:14
Picon
Favicon

inconsistency between expireover and expire logs at expire.log


hi,
i run "news.daily delayrm expireover lowmark" daily and  expiring log is 
arised at expire.log file. according to log records, expireover has 
processed less article lines than expire has processed...expireover has 
processed about 250000 and expire has processed about 500 000...
there is big discrepancy.. is there any problem? if there is, how can i 
solve this problem...is there a problem at spool?
not: there is group base expiring.
     thanks...

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Permalink | Reply | 1 comment |
headers
Jeffrey M. Vinocur | 3 Jun 2002 02:18

Re: ovdb.c warning with INN 2.3.3 and BerkeleyDB


On Fri, 31 May 2002, Antoine Delvaux wrote:

> ovdb.c: In function `ovdb_open_berkeleydb':
> ovdb.c:697: warning: passing arg 2 of pointer to function from 
> incompatible pointer type

I can't reproduce that warning (what compiler are you using?), but I'm
pretty sure you can ignore it.  If you like, see if it can be fixed by
changing line 350 of storage/ovdb/ovdb.c from

static void OVDBerror(char *db_errpfx, char *buffer)

to

static void OVDBerror(const char *db_errpfx, char *buffer)

and if so I can commit that change.

> having trouble with INN crashing very often 

Really?  Anything in the logs?

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 1 comment |
headers
Jeffrey M. Vinocur | 3 Jun 2002 02:21

Re: Problems with authorization and /etc/shadow


On 1 Jun 2002, Andreas Gredler wrote:

> I realized strange behaviour of my innserver (2.2.3): When I make
> /etc/shadow world-readable I can use /etc/shadow to do the
> authorization. Because of this maximum security risk this is not a good
> solution, so I tried to change back to my default permissions for
> /etc/shadow (-rw-r-------   root   shadow) and added user news to the
> shadow group. Unfortunately this did not work. Can anyone explain this ?

Did you shut down INN and start it up again?  Changes to unix group 
membership generally do not take effect until the next login.

> Finally, as i tried to run innd as user root I was just wondering that
> ist was again started as user news ? (starting with rc.news).

Yes, INN needs to start as root to bind to port 119 (which is why 
inndstart is SUID root), but then becomes the news user as soon as 
possible.

--

-- 
Jeffrey M. Vinocur
jeff <at> litech.org
Permalink | Reply | 1 comment |

Gmane