rob@xyzoom.info.com (Rob Lingelbach) (05/12/91)
I just installed cnews and I am getting the following error message
right after I poll my news feed:
newsspool failed!!!
/usr/lib/newsbin/input/newsrun: /usr/lib/news/L.13680: cannot create
I elected during the build of cnews to have news spooled immediately.
The $binuid is news, /usr/lib/news is owned by news, and I don't
believe newsrun has to be suid news, does it?
My answer to "build"'s set(g)uid() question was yes, my system can do
the setuid system call; I'm running ISC 2.2.1 here.
I'd appreciate any help; please use mail as my news for incoming
articles is broken.
--Rob
--
Rob Lingelbach rob@xyzoom.info.com -or- {well-connected}!uunet!xyzoom!rob
2641 Rinconia Dr L.A. CA 90068 voice: 213 464-6266 rob@xyzoom.info.com (Rob Lingelbach) (05/13/91)
In article <1991May12.162822.14342@xyzoom.info.com> rob@xyzoom.info.com (Rob Lingelbach) writes: > >I just installed cnews and I am getting the following error message >right after I poll my news feed: > >newsspool failed!!! >/usr/lib/newsbin/input/newsrun: /usr/lib/news/L.13680: cannot create > >I elected during the build of cnews to have news spooled immediately. >The $binuid is news, /usr/lib/news is owned by news, and I don't >believe newsrun has to be suid news, does it? >My answer to "build"'s set(g)uid() question was yes, my system can do >the setuid system call; I'm running ISC 2.2.1 here. > >I'd appreciate any help; please use mail as my news for incoming >articles is broken. Thanks to the folks who responded to my plea. I got the answer from Neil Rickert: > newsrun must be invoked by a uid which has write permission to > /usr/lib/news . > If you are using a UUCP feed, it is best to be starting newsrun > independently from crontab. Make sure it runs as news. It might > be possible to have /usr/lib/news in group daemon, group > writeable, so that this also works from > uucp invocations. I would not recommend it. I rebuilt cnews with the answer to build's question about immediate processing as [no]. Then I kept having the problem, until I found the file $NEWSCTL/rnews.newsrun, which had the single word "yes". Ichanged it to "no", and still newsrun was invoked immediately...I deleted the file, and that seems to have worked. Doit.news does not write over or delete configuration files as a safety precaution. But I wonder how I could have news spooled immediately. Currently I have cron su'ing to news and calling newsrun twice an hour; is there a way to have it turned on with "newsrunning on" command? --Rob -- Rob Lingelbach rob@xyzoom.info.com -or- {well-connected}!uunet!xyzoom!rob 2641 Rinconia Dr L.A. CA 90068 voice: 213 464-6266
pausv@sssab.se (Paul Svensson) (05/13/91)
rob@xyzoom.info.com (Rob Lingelbach) writes: >My answer to "build"'s set(g)uid() question was yes, my system can do >the setuid system call; I'm running ISC 2.2.1 here. Henry: I know setnewsids is scheduled for extinction, but in the meanwhile, wouldn't it be a good idea to change the wording in conf/build a little ? Just replacing "old Unixes" with "old Unixes and most SysV's" would do it. -- Paul Svensson _ /| - Every absurdity needs a champion to defend it - SM5SJS \'o.0' Scandinavian System Support Fax: +46 13 115193 paul@sssab.se =(___)= Box 535 _ Phone: +46 13 111660 sunic!sssab!paul U SE-581 06 Linkoping, Sweden Home: +46 13 121021
henry@zoo.toronto.edu (Henry Spencer) (05/13/91)
In article <1991May12.234639.18084@xyzoom.info.com> rob@xyzoom.info.com (Rob Lingelbach) writes: >> newsrun must be invoked by a uid which has write permission to >> /usr/lib/news . Normally, however, this should be okay in this situation, because newsspool (the guts of rnews) is running setuid-news and thus its children can write on /usr/lib/news. Further investigation is called for on why this did not work. >But I wonder how I could have news spooled immediately. Currently I >have cron su'ing to news and calling newsrun twice an hour; is there a >way to have it turned on with "newsrunning on" command? "newsrunning on" just sets permissions, so to speak; it does not arrange for things to be run. -- And the bean-counter replied, | Henry Spencer @ U of Toronto Zoology "beans are more important". | henry@zoo.toronto.edu utzoo!henry
clewis@ferret.ocunix.on.ca (Chris Lewis) (05/14/91)
In article <1991May13.161913.1812@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: >In article <1991May12.234639.18084@xyzoom.info.com> rob@xyzoom.info.com (Rob Lingelbach) writes: >>> newsrun must be invoked by a uid which has write permission to >>> /usr/lib/news . >Normally, however, this should be okay in this situation, because newsspool >(the guts of rnews) is running setuid-news and thus its children can write >on /usr/lib/news. Further investigation is called for on why this did not >work. Rob answered "yes" to the "can your machine do setuid(geteuid())". ISC 386/IX cannot. He has to set it to "no" and rebuild. -- Chris Lewis, Phone: (613) 832-0541, Domain: clewis@ferret.ocunix.on.ca UUCP: ...!cunews!latour!ecicrl!clewis; Ferret Mailing List: ferret-request@eci386; Psroff (not Adobe Transcript) enquiries: psroff-request@eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!
rob@xyzoom.info.com (Rob Lingelbach) (05/15/91)
In article <1494@ecicrl.ocunix.on.ca> clewis@ferret.ocunix.on.ca (Chris Lewis) writes: >In article <1991May13.161913.1812@zoo.toronto.edu> henry@zoo.toronto.edu (Henry Spencer) writes: >>In article <1991May12.234639.18084@xyzoom.info.com> rob@xyzoom.info.com (Rob Lingelbach) writes: >>>> newsrun must be invoked by a uid which has write permission to >>>> /usr/lib/news . > >>Normally, however, this should be okay in this situation, because newsspool >>(the guts of rnews) is running setuid-news and thus its children can write >>on /usr/lib/news. Further investigation is called for on why this did not >>work. > >Rob answered "yes" to the "can your machine do setuid(geteuid())". ISC >386/IX cannot. He has to set it to "no" and rebuild. I made the change and did the rebuild, and the same thing is happening (newsrun complains that it can't create /usr/lib/news/L.<pid>). I made /usr/lib/news mode 777 and the lock file was written allowing newsrun to work; as soon as I changed $NEWSCTL back to 775 it didn't work. I am testing (and failing) by feeding an article to rnews while logged in as a regular user. If I feed an article to rnews while logged in as news, it works. My newsfeed is via uucp; is rnews invoked with the caller's permissions, and if the caller is allowed the command (/usr/bin/rnews) in /usr/lib/uucp/Permissions, shouldn't it work? Here are the permissions of the appropriate files: in $NEWSBIN/input: 8 -rwsrwsr-x 1 news news 3247 May 12 23:45 newsrun* 102 -rwsrwsr-x 1 news news 50258 May 12 23:45 newsspool* 4 -rwxrwxr-x 1 news news 1201 May 12 23:45 rnews* and /usr/bin/rnews: 4 -rwsr-sr-x 1 news news 1201 May 12 23:45 /usr/bin/rnews* in $NEWSBIN/relay: 262 -rwsrwsr-x 1 news news 132289 May 12 23:45 relaynews* and here is "ls -lad /usr/lib/news" ($NEWSCTL) 4 drwxrwxr-x 7 news news 1392 May 15 00:04 /usr/lib/news/ Right now I have newsrun called from cron, works fine, but it would be nice to have it run immediately. --Rob -- Rob Lingelbach KB6CUN rob@xyzoom.info.com -or- ...!uunet!xyzoom!rob 2641 Rinconia Dr L.A. CA 90068 voice: 213 464-6266 ascetic by nature ---'Tis pride that brings the country down---(Shakespeare)
clewis@ferret.ocunix.on.ca (Chris Lewis) (05/17/91)
In article <1991May15.071141.1990@xyzoom.info.com> rob@xyzoom.info.com (Rob Lingelbach) writes: >In article <1494@ecicrl.ocunix.on.ca> clewis@ferret.ocunix.on.ca (Chris Lewis) writes: >>Rob answered "yes" to the "can your machine do setuid(geteuid())". ISC >>386/IX cannot. He has to set it to "no" and rebuild. >I made the change and did the rebuild, and the same thing is >happening (newsrun complains that it can't create >/usr/lib/news/L.<pid>). I made /usr/lib/news mode 777 and the lock file >was written allowing newsrun to work; as soon as I changed >$NEWSCTL back to 775 it didn't work. I suspect what's happening is that the rebuilds are somehow not doing the whole job of "switching". When you answer "no", relaynews is supposed to be invoked by a small setuid *root* program "setnewsid". This is required on all System V systems (not sure about SVR4, but that doesn't apply to you) I think a make clean is in order, and then a careful examination of what the installation stuff is doing and what it's deciding *not* to do. Did doit.bin create setnewsid? Did "again.root" install it? Did you forget to run all four doit's in the right order? >I am testing (and failing) by feeding an article to rnews while >logged in as a regular user. If I feed an article to rnews while >logged in as news, it works. My newsfeed is via uucp; is rnews invoked >with the caller's permissions, and if the caller is allowed the >command (/usr/bin/rnews) in /usr/lib/uucp/Permissions, shouldn't it work? Rnews is usually invoked as the uid of the process that invoked uuxqt. Which has the real id as *anyone* (but the effective will be "uucp"). In order to get the real and effective id's to be "news", setnewsids has to be invoked for newsspool to work. (I don't have a C-news system up handy at the moment, but setnewsids is definately required on an ISC machine, if setnewsids isn't required, I don't think that the other programs should be setuid news) Doesn't entirely explain why the lock can't be created tho. What are the ownerships on the other files in /usr/lib/news? What owner does the lock file get created? -- Chris Lewis, Phone: (613) 832-0541, Domain: clewis@ferret.ocunix.on.ca UUCP: ...!cunews!latour!ecicrl!clewis; Ferret Mailing List: ferret-request@eci386; Psroff (not Adobe Transcript) enquiries: psroff-request@eci386 or Canada 416-832-0541. Psroff 3.0 in c.s.u soon!