[news.admin] Ownership and permission of news directories and files

duane@anasaz.UUCP (Duane Morse) (09/09/89)

Who should be the owner of news directories and news files? news? root?
Does it matter?

What should be the permissions on those directories and files?

On our system (B news version 2.11, patch 17), some directories and files
are owned by news and some are owned by root. Some directories are
rwxrwxrwx, and some are rwxrwxr-x. Some files are rw-rw-rw, some are rw-rw-r-.
This inconsistency makes me very nervous.
-- 

Duane Morse	...{asuvax or mcdphx}!anasaz!duane
(602) 861-7609

duane@anasaz.UUCP (Duane Morse) (09/13/89)

I got a couple of e-mail responses (thanks, guys!) to this and have
corrected our system accordingly. This short summary may be of interest
to some usenet administrators.

'news' should be the owner of all news directories and files, and
the 'news' group should be the group owner of same. Permissions should
be rwxr-xr-x or rwxrwxr-x for directories and rw-r--r--
or rw-rw-r-- for files. Binaries (expire, rnews, inews, etc.) should
be owned by news and in the 'news' group. rnews/inews should have the
setuid bit on.

A problem our system had was that rnews/inews was owned by root; hence,
newly-created news directories and all news articles were owned by
root. This made it somewhat difficult for expire, owned by 'news', to
delete files.
-- 

Duane Morse	...{asuvax or mcdphx}!anasaz!duane
(602) 861-7609

duane@anasaz.UUCP (Duane Morse) (09/16/89)

In article <717@anasaz.UUCP>, duane@anasaz.UUCP (Duane Morse) writes:
> 'news' should be the owner of all news directories and files, and
> the 'news' group should be the group owner of same. Permissions should
> be rwxr-xr-x or rwxrwxr-x for directories and rw-r--r--
> or rw-rw-r-- for files.

An alert reader noted an error with my statement about directory
permissions. News directories are usually created on the fly when
the first news article comes in for that directory; this means that
the program which gets things started (e.g., uucp) has the real uid
and gid, and if the parent directory isn't rwxrwxrwx, the subdirectory
cannot be created even though the parent is owned by 'news' and
rnews has the setuid bit turned on.
(The real story is no doubt much more complicated.)

In short, news directories should probably have rwxrwxrwx permissions.
rnews knows enough to do this on its own, but if you ever have to
recreate the directories (for whatever reason), keep the permissions
and ownership in mind.
-- 

Duane Morse	...{asuvax or mcdphx}!anasaz!duane
(602) 861-7609