>Quoting: m...@linux.it (Marco d'Itri) >retitle 511054 inncheck suggests insecure permissions >severity 511054 minor >tag 511054 help >thanks
>On Jan 07, The Eclectic One <eclec...@sdf.lonestar.org> wrote: >> The inn system doesn't even start after installation. There are plenty Mmm... Re-reading what I wrote gives a slight feeling of impatience, but... >Quoting: m...@linux.it (Marco d'Itri) >Bullshit. Next time try checking the log for specific errors. This is a little strong considering you haven't seen the behavior of inn NOT starting, in this brand-new installation on a clean disk. Unfortunately I didn't save the cron emails that said something like: "no inn.pid file, did server die?" Here's what showed up in news.err and news.crit Jan 4 16:45:28 lenny innd: SERVER cant freopen stdout to /var/log/news/news: Permission denied Jan 4 21:33:46 lenny innd: SERVER cant freopen stdout to /var/log/news/news: Permission denied Jan 6 17:30:48 lenny innd: SERVER cant freopen stdout to /var/log/news/news: Permission denied >> Orignially, I also said: >> of files with the wrong ownership and permissions per inncheck (see >> output below). Running "inncheck -f -perm | sh" fixes it and then Given that this worked, and given the error messages above, it still looks like there is a permission/ownership problem that doesn't allow innd (running as user news) to write where it needs to. >> ... >inncheck is wrong. Maybe so, but it fixed the problem. > /var/log/news:0: mode 644, should be 755 >So your system was already broken. From postinst: If the system was already broken, it was broken by the original Lenny install, as this was a clean install from scratch on a blank HD. > if [ ! -d /var/log/news ]; then > install -d -m 775 -o news -g news /var/log/news > fi Well, the system is now fixed, so I can't go back and see how it used to be, but maybe /var/log/news/news is created with the wrong ownership (root most likely) or permissions, even though it might be an empty file at first? Or maybe /var/log/news had already been created somewhere else with root ownership or 644 permissions? >From: Russ Allbery <r...@debian.org> >You don't want to blindly apply the results of inncheck. Most of what >it's finding is not relevant to a Debian installation; it's assuming a >stand-alone install from source, with a much different permission and >ownership scheme. Mmm... Ok. But at least it found the problem. >Something in here is causing the problem from what you say about how you >fixed it, but just doing all of these changes almost certainly isn't the >right fix. >From the start I suspected that this was a permission problem in the Debian install scripts. While researching a fix I found the inncheck tests and thought that a script that is part of inn would certainly know the correct ownership/permissions. Why should the debian install be so different (with regards to file ownership/permissions) from the install from source? >I'm afraid I don't know what the right fix is, though. :/ > >(For the record, I'm an upstream INN maintainer.) Yes, I recognize your name from way way back, when the Internet was a group of universities and the routing tables were flat files. I'm honored to exchange bits with you. Thanks for taking the time to reply. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
