Path: utzoo!utgpu!watserv1!watmath!att!linac!uwm.edu!ux1.cso.uiuc.edu!mp.cs.niu.edu!rickert From: rickert@mp.cs.niu.edu (Neil Rickert) Newsgroups: news.software.b Subject: Re: Restricting article posting with C News... Message-ID: <1991Jan11.232729.5079@mp.cs.niu.edu> Date: 11 Jan 91 23:27:29 GMT References: <1991Jan10.213702.9298@zoo.toronto.edu> <1991Jan11.002040.25338@mp.cs.niu.edu> <663605062.9312@mindcraft.com> Organization: Northern Illinois University Lines: 27 In article <663605062.9312@mindcraft.com> karish@mindcraft.com (Chuck Karish) writes: >In article <1991Jan11.002040.25338@mp.cs.niu.edu> rickert@mp.cs.niu.edu >(Neil Rickert) writes: >>group permissions are used to control who can search $NEWSBIN/relay and >>$NEWSBIN/input, won't the problem be easily solved? > >relaynews is the key program here. It has to be setgid on systems that >have System V-style inheritence of file group ownership, in order to >maintain proper group ownership of the files in the spool. This means >that just changing access to relaynews won't do the job unless you're >willing to make all authorized posters members of the 'news' group, Did you READ what I said? On my system relaynews is setuid news, setgid news. I DID NOT suggest changing that. But it is in a directory not owned by news, and not in group news. I referred to the permissions (specifically the 'x' permission) on the directory containing relaynews. If a restricted user can't access the directory containing relaynews he can't access relaynews, so he can't execute relaynews. -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Neil W. Rickert, Computer Science Northern Illinois Univ. DeKalb, IL 60115 +1-815-753-6940