PM> Some where some how the owner of ifcico changed from root.root to
PM> news.news.
After having lots of those permissions problems I decided to use a compeltly
new scheme here:
all ifmail programs are fnet.fnet (I creted those user and group), whith
the ifmail outbound only owned by fnet and readable by fnet.
ifmail,ifnews and ifcico are suid fnet, and only executable by group fnet
and user (not by others).
So, we need:
* ifcico being able to dial out, as it is suid fnet that means 'fnet' must
be a member of the modem owner group ('modem' here).
* news server must be able to send articles to ifnews, that is user 'news'
must be member of group fnet.
* for the same reasons the user 'mail' (or 'root' depending on machines)
must be a member of group fnet; also, whith sendmail, it is possible
to make the maielr definition for ifmail change to user fnet, eg:
Mfnet, P=/usr/lib/ifmail/ifmail, F=8mDFMuSC, S=11, R=21,
U=fnet:fnet,
A=ifmail -r $h -g h $u
* ifunpack is run as user fnet (from crontab) and calls as fnet iftoss
which then sends messages to MTA or news server; that means user fnet
must be member of groups mail and news.
and in sendmail 'fnet' must be a trusted user (Tfnet)
Finally, I have:
group "modem", determines who can access the modem, members: fnet, uucp,...
group "news", determines who can write news to the server,
members: news, fnet, uucp.
group "fnet", determines who can call ifcio/ifmail/ifnews; that is those
programs whose comand line parametrs are potentially
dangerous; members: fnet, mail, news.
group "mail", determines who can send instructions to MTA, it is not
needed whith sendmail. members: mail, uucp, fnet.
mail::12:mail,uucp,fnet
news::13:news,fnet,uucp,srtxg
fnet::2200:fnet,news,mail,srtxg
modem::104:uucp,fnet,root,srtxg
(I added myself to fnet group, so I can manually launch ifcico, that
is force a call before schedule)
and files are:
-rws--x--- 1 fnet 196660 Sep 24 20:13 ifcico*
-rwx------ 1 fnet 1081 Jan 28 1998 ifdbm-edit.pl*
-rwx--x--x 1 fnet 40176 Sep 24 20:13 ifindex*
-rwx--x--x 1 fnet 40788 Sep 24 20:13 ifinfo*
-rws--x--- 2 fnet 116244 Nov 10 08:23 ifmail*
-rwxr-xr-x 1 fnet 4490 Jan 19 1998 ifman*
-rws--x--- 2 fnet 116244 Nov 10 08:23 ifnews*
-rwx--x--x 1 fnet 51108 Nov 10 08:23 ifpack*
-rwx--x--x 1 fnet 41120 Sep 24 20:13 ifreq*
-rwx--x--x 1 fnet 42808 Sep 24 20:13 ifroute*
-rws--x--- 1 fnet 42672 Nov 10 08:23 ifstat*
-rwx--x--x 1 fnet 104780 Nov 10 08:23 iftoss*
-rwx--x--x 1 fnet 40312 Nov 10 08:23 ifunpack*
PM> It also gave me a no carrier (3:639/50) yesterday 24th Feb,
PM> That will be because of the permissions I suspect.
I think the 'NO CARRIER' simply means there hasn't been any modem answer on
the other side; but if you have permissions problems you don't even access
the modem.
-- À bientôt, Pablo Saratxaga PGP Key available, key ID: 0x8F0E4975