Description of problem:
The rnews job that runs out of /etc/cron.hourly/inn-cron-rnews doesn't work. It
launches 'rnews' as the 'news' user, but rnews is then unable to read spooled
articles in /var/spool/news/incoming. The reason is that rnews is setuid
'uucp', and the 'incoming' directory is set to 0755,news:news (readable by the
news user, but not writable by the news group or the uucp user).
I can suggest two fixes for this:
1. Change the permissions of /var/spool/news/incoming to 0775 instead of 0755
2. Change the setuid user for 'rnews' to 'news' instead of 'uucp'.
I have to admit that I don't know what the security implications are for these
two solutions. I'm open to other suggestions.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Let me correct that -- it can probably read the spooled articles, but the group
permissions prevent it from unlinking the articles after it spools them.
I like the idea of 0775 directory rights much more. Build as inn-2.4.3-14.fc10.
Was the 0775 solution working for you? (just by chmod) I could make F8 update if
it is enough.
inn-2.4.3-10.fc8 has been submitted as an update for Fedora 8
inn-2.4.3-10.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update inn'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-3313
inn-2.4.3-10.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.