Path: utzoo!utstat!news-server.csri.toronto.edu!cs.utexas.edu!bcm!tmc.edu!sob From: sob@tmc.edu (Stan Barber) Newsgroups: news.software.nntp Subject: Re: "setgroups: not owner" problem with 1.5.10 Message-ID: <1887@gazette.bcm.tmc.edu> Date: 8 Sep 90 02:30:54 GMT References: <1886@gazette.bcm.tmc.edu> <3|?%Q9@rpi.edu> Sender: usenet@bcm.tmc.edu Organization: Baylor College of Medicine, Houston, Tx Lines: 29 Nntp-Posting-Host: tmc.edu In article lear@turbo.bio.net (Eliot) writes: >The way the code is written, initgroups is only called if the process >is already root. Otherwise it blissfully continues. Yep. That's true. My manual pages tell me that this error condition only results if setgroups is called as someone other than the super-user. Perhaps there is a problem with the groups or passwd file. Anyone know? I will dig up my 4.3 source if no one else happens to know other conditions under which a call to setgroups will fail with this error. Also, if you don't run NNTPD as root, it will still work as long as it runs as the NEWSUSER and there are no permissions problems on the news programs and spool directory. Some people have both "news" and "usenet" and you need to be sure that nntp is running as the right one (particularly if you are using FAKESYSLOG). The main things done to deal with security issues can be seen in the spawn.c and batch.c source files. I went to alot of trouble to reset userids, groups (hence the setgroups call) and other similiar efforts before forking other programs. If someone sees a security problem that would prevent NNTP from being run as root, I'd appreciate some mail. Thanks -- Stan internet: sob@bcm.tmc.edu Director, Networking Olan uucp: {rutgers,mailrus}!bcm!sob and Systems Support Barber Opinions expressed are only mine. Baylor College of Medicine