inn has the capability to authenticate users. So it's possible to put sensitive data into local newsgroups (e.g. postings from maillists). Because the whole /var/spool/news hierarchy is world-readable: $ rpm -ql -vv inn ... drwxrwxr-x 1 news news 4096 Sep 14 05:28 /var/spool/news drwxrwxr-x 1 news news 4096 Sep 14 05:28 /var/spool/news/archive ... a local user without rights to read the NNTP-spool can do it anyhow by going into this directory and reading the raw-data I suggest to remove the world-readability
I'd like to leave the spool dir public readable. Please consider using a new machine or chaning the perms just on that one box instead of making this change within the standard rpm of Red Hat.