Send inn-committers mailing list submissions to
inn-committers@lists.isc.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-committers
or, via email, send a message with subject or body 'help' to
inn-committers-requ...@lists.isc.org
You can reach the person managing the list at
inn-committers-ow...@lists.isc.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-committers digest..."
Today's Topics:
1. INN commit: trunk (8 files) (INN Commit)
2. INN commit: branches/2.5 (8 files) (INN Commit)
----------------------------------------------------------------------
Message: 1
Date: Sat, 8 Feb 2014 05:48:49 -0800 (PST)
From: INN Commit <r...@isc.org>
To: inn-committ...@isc.org
Subject: INN commit: trunk (8 files)
Message-ID: <20140208134849.949f967...@hope.eyrie.org>
Date: Saturday, February 8, 2014 @ 05:48:49
Author: iulius
Revision: 9598
add a valid shell when su'ing to the news user
Pass "-s /bin/sh" to "su news" to cope with the change of the news
user's shell in base-passwd 3.5.30.
Thanks to Colin Watson for the patch.
Modified:
trunk/CONTRIBUTORS
trunk/contrib/sample.init.script
trunk/contrib/sample.init.systemd
trunk/doc/pod/checklist.pod
trunk/doc/pod/install.pod
trunk/doc/pod/nnrpd.pod
trunk/doc/pod/rc.news.pod
trunk/scripts/rc.news.in
-----------------------------+
CONTRIBUTORS | 2 +-
contrib/sample.init.script | 8 ++++----
contrib/sample.init.systemd | 2 +-
doc/pod/checklist.pod | 10 +++++-----
doc/pod/install.pod | 10 +++++-----
doc/pod/nnrpd.pod | 2 +-
doc/pod/rc.news.pod | 6 +++---
scripts/rc.news.in | 4 ++--
8 files changed, 22 insertions(+), 22 deletions(-)
Modified: CONTRIBUTORS
===================================================================
--- CONTRIBUTORS 2014-01-06 04:38:51 UTC (rev 9597)
+++ CONTRIBUTORS 2014-02-08 13:48:49 UTC (rev 9598)
@@ -276,4 +276,4 @@
Edmund H. Ramm, Raphael Barrois, Bo Lindbergh, Matthias Meyser,
Dennis Preiser, Paolo Amoroso, Dennis Davis, River Tarnell, Jochen Schmitt,
Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs,
-Jesse Rehmer
+Jesse Rehmer, Colin Watson
Modified: contrib/sample.init.script
===================================================================
--- contrib/sample.init.script 2014-01-06 04:38:51 UTC (rev 9597)
+++ contrib/sample.init.script 2014-02-08 13:48:49 UTC (rev 9598)
@@ -11,11 +11,11 @@
start () {
ulimit -n unlimited
# Start INN.
- su news -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
+ su news -s /bin/sh -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
# Start another nnrpd daemon, handling initial TLS connections, on port
563.
# (The preferred way would be to use port 119 and STARTTLS but not all news
# readers support it yet.)
- #su news -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news 2>&1
+ #su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news
2>&1
}
case "$1" in
@@ -26,10 +26,10 @@
stop)
# Stop INN.
- su news -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
+ su news -s /bin/sh -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
# Stop possible other nnrpd daemons. One of the two following commands is
enough.
#start-stop-daemon --stop --name nnrpd --quiet --oknodo
- #su news -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
+ #su news -s /bin/sh -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
;;
reload|force-reload)
Modified: contrib/sample.init.systemd
===================================================================
--- contrib/sample.init.systemd 2014-01-06 04:38:51 UTC (rev 9597)
+++ contrib/sample.init.systemd 2014-02-08 13:48:49 UTC (rev 9598)
@@ -13,7 +13,7 @@
PIDFile=/run/news/innd.pid
Type=forking
ExecStart=/usr/libexec/news/rc.news
-ExecStop=/bin/su -m news -c '/usr/libexec/news/rc.news stop'
+ExecStop=/bin/su -m news -s /bin/sh -c '/usr/libexec/news/rc.news stop'
KillMode=control-group
[Install]
Modified: doc/pod/checklist.pod
===================================================================
--- doc/pod/checklist.pod 2014-01-06 04:38:51 UTC (rev 9597)
+++ doc/pod/checklist.pod 2014-02-08 13:48:49 UTC (rev 9598)
@@ -35,9 +35,9 @@
You want to be careful that things in that directory stay owned by
C<news> S<-- but> you can't just C<chown -R news:news> after the install,
because you may have binaries that are SUID root. You can do the build
-as any user, but you need to be root when doing C<make install> so as
-to set the permissions correctly. After that point, though, you may
-want to C<su news> to avoid creating any files as root. (For routine
+as any user, but you need to be root when doing C<make install> so as to
+set the permissions correctly. After that point, though, you may want to
+C<su news -s /bin/sh> to avoid creating any files as root. (For routine
maintenance once INN is working, you can generally be root. However,
it is always better to be accustomed to doing that as the news user.)
@@ -227,7 +227,7 @@
Start B<innd> by running I<pathbin>/rc.news B<as the news user>. It
is also what you should launch in your init scripts:
- su news -c <pathbin in inn.conf>/rc.news
+ su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
Check I<pathlog>/news.notice to see if everything went well; also use
C<ps> to see if B<innd> is running.
@@ -331,7 +331,7 @@
You then need to start a second B<nnrpd> to listen to these connections
to NNTPS port 563 and put something like that in your init scripts:
- su news -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p 563 -S'
+ su news -s /bin/sh -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p
563 -S'
Note that a news client which supports the STARTTLS command can also
use the conventional NNTP port 119 to initiate a TLS connection. However,
Modified: doc/pod/install.pod
===================================================================
--- doc/pod/install.pod 2014-01-06 04:38:51 UTC (rev 9597)
+++ doc/pod/install.pod 2014-02-08 13:48:49 UTC (rev 9598)
@@ -1479,7 +1479,7 @@
or, if your system does not have per-user crontabs, put the following line
into your system crontab instead:
- 0 3 * * * su -c '<pathbin in inn.conf>/news.daily expireover lowmark' news
+ 0 3 * * * su news -s /bin/sh -c '<pathbin in inn.conf>/news.daily
expireover lowmark'
If you're using any non-CNFS storage methods, add C<delayrm> to the above
option list for B<news.daily>.
@@ -1559,7 +1559,7 @@
news user and not as root. To start INN on system boot, you therefore
want to put something like:
- su news -c <pathbin in inn.conf>/rc.news
+ su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
in the system boot scripts. If B<innd> is stopped or killed, you can restart
it by running B<rc.news> by hand as the news user.
@@ -1567,7 +1567,7 @@
The B<rc.news> script may also be used to shut down INN, with the C<stop>
option:
- su news -c '<pathbin in inn.conf>/rc.news stop'
+ su news -s /bin/sh -c '<pathbin in inn.conf>/rc.news stop'
In the F<contrib> directory of this source tree, two sample init scripts are
provided: one
for people using System V-style init.d directories, and another for people
@@ -1577,7 +1577,7 @@
B<nnrpd> to listen to these connections to NNTPS port 563 and put something
like that in your init scripts:
- su news -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in
inn.conf>/readers-ssl.conf -p 563 -S'
+ su news -s /bin/sh -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in
inn.conf>/readers-ssl.conf -p 563 -S'
where F<readers-ssl.conf> is the file which indicates whether a given
connection is allowed to read and post news (you can also use the
@@ -1592,7 +1592,7 @@
or if you do not have a B<start-stop-daemon> utility:
- su news -c 'killall nnrpd'
+ su news -s /bin/sh -c 'killall nnrpd'
=head1 Processing Newsgroup Control Messages
Modified: doc/pod/nnrpd.pod
===================================================================
--- doc/pod/nnrpd.pod 2014-01-06 04:38:51 UTC (rev 9597)
+++ doc/pod/nnrpd.pod 2014-02-08 13:48:49 UTC (rev 9598)
@@ -215,7 +215,7 @@
B<nnrpd> to listen on that port through some other means. This can be
done with the B<-D> flag along with C<-p 563> and put into your init scripts:
- su news -c '<pathbin>/nnrpd -D -p 563 -S'
+ su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S'
but the easiest way is probably to add a line like:
Modified: doc/pod/rc.news.pod
===================================================================
--- doc/pod/rc.news.pod 2014-01-06 04:38:51 UTC (rev 9597)
+++ doc/pod/rc.news.pod 2014-02-08 13:48:49 UTC (rev 9598)
@@ -67,16 +67,16 @@
To start INN and leave certain error messages going to the terminal:
- su - news -c <pathbin in inn.conf>/rc.news
+ su - news -s /bin/sh -c <pathbin in inn.conf>/rc.news
To run INN at startup time from appropriate system boot scripts:
- su - news -c <pathbin>/rc.news >/dev/console
+ su - news -s /bin/sh -c <pathbin>/rc.news >/dev/console
To stop INN (throttling first):
<pathbin>/ctlinnd throttle reason
- su - news -c '<pathbin>/rc.news stop'
+ su - news -s /bin/sh -c '<pathbin>/rc.news stop'
=head1 BUGS
Modified: scripts/rc.news.in
===================================================================
--- scripts/rc.news.in 2014-01-06 04:38:51 UTC (rev 9597)
+++ scripts/rc.news.in 2014-02-08 13:48:49 UTC (rev 9598)
@@ -3,10 +3,10 @@
## $Revision$
## News boot script. Runs as "news" user. Run from rc.whatever as:
-## su news -c /path/to/rc.news >/dev/console
+## su news -s /bin/sh -c /path/to/rc.news >/dev/console
##
## Or to stop INN:
-## su news -c '/path/to/rc.news stop'
+## su news -s /bin/sh -c '/path/to/rc.news stop'
waitforpid()
{
------------------------------
Message: 2
Date: Sat, 8 Feb 2014 05:56:55 -0800 (PST)
From: INN Commit <r...@isc.org>
To: inn-committ...@isc.org
Subject: INN commit: branches/2.5 (8 files)
Message-ID: <20140208135655.33f3f67...@hope.eyrie.org>
Date: Saturday, February 8, 2014 @ 05:56:54
Author: iulius
Revision: 9599
add a valid shell when su'ing to the news user
Pass "-s /bin/sh" to "su news" to cope with the change of the news
user's shell in base-passwd 3.5.30.
Thanks to Colin Watson for the patch.
Modified:
branches/2.5/CONTRIBUTORS
branches/2.5/contrib/sample.init.script
branches/2.5/contrib/sample.init.systemd
branches/2.5/doc/pod/checklist.pod
branches/2.5/doc/pod/install.pod
branches/2.5/doc/pod/nnrpd.pod
branches/2.5/doc/pod/rc.news.pod
branches/2.5/scripts/rc.news.in
-----------------------------+
CONTRIBUTORS | 3 ++-
contrib/sample.init.script | 8 ++++----
contrib/sample.init.systemd | 2 +-
doc/pod/checklist.pod | 10 +++++-----
doc/pod/install.pod | 10 +++++-----
doc/pod/nnrpd.pod | 2 +-
doc/pod/rc.news.pod | 6 +++---
scripts/rc.news.in | 4 ++--
8 files changed, 23 insertions(+), 22 deletions(-)
Modified: CONTRIBUTORS
===================================================================
--- CONTRIBUTORS 2014-02-08 13:48:49 UTC (rev 9598)
+++ CONTRIBUTORS 2014-02-08 13:56:54 UTC (rev 9599)
@@ -275,4 +275,5 @@
Lars Magne Ingebrigtsen, Sam Varshavchik, Matthew Vernon, Ian Jackson,
Edmund H. Ramm, Raphael Barrois, Bo Lindbergh, Matthias Meyser,
Dennis Preiser, Paolo Amoroso, Dennis Davis, River Tarnell, Jochen Schmitt,
-Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs
+Tim Fardell, Remco Rijnders, David Binderman, Tony Evans, Christian Garbs,
+Colin Watson
Modified: contrib/sample.init.script
===================================================================
--- contrib/sample.init.script 2014-02-08 13:48:49 UTC (rev 9598)
+++ contrib/sample.init.script 2014-02-08 13:56:54 UTC (rev 9599)
@@ -11,11 +11,11 @@
start () {
ulimit -n unlimited
# Start INN.
- su news -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
+ su news -s /bin/sh -c '<pathbin>/rc.news' >> <pathlog>/rc.news 2>&1
# Start another nnrpd daemon, handling initial TLS connections, on port
563.
# (The preferred way would be to use port 119 and STARTTLS but not all news
# readers support it yet.)
- #su news -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news 2>&1
+ #su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S' >> <pathlog>/rc.news
2>&1
}
case "$1" in
@@ -26,10 +26,10 @@
stop)
# Stop INN.
- su news -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
+ su news -s /bin/sh -c '<pathbin>/rc.news stop' >> <pathlog>/rc.news 2>&1
# Stop possible other nnrpd daemons. One of the two following commands is
enough.
#start-stop-daemon --stop --name nnrpd --quiet --oknodo
- #su news -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
+ #su news -s /bin/sh -c 'killall nnrpd' >> <pathlog>/rc.news 2>&1
;;
reload|force-reload)
Modified: contrib/sample.init.systemd
===================================================================
--- contrib/sample.init.systemd 2014-02-08 13:48:49 UTC (rev 9598)
+++ contrib/sample.init.systemd 2014-02-08 13:56:54 UTC (rev 9599)
@@ -13,7 +13,7 @@
PIDFile=/run/news/innd.pid
Type=forking
ExecStart=/usr/libexec/news/rc.news
-ExecStop=/bin/su -m news -c '/usr/libexec/news/rc.news stop'
+ExecStop=/bin/su -m news -s /bin/sh -c '/usr/libexec/news/rc.news stop'
KillMode=control-group
[Install]
Modified: doc/pod/checklist.pod
===================================================================
--- doc/pod/checklist.pod 2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/checklist.pod 2014-02-08 13:56:54 UTC (rev 9599)
@@ -35,9 +35,9 @@
You want to be careful that things in that directory stay owned by
C<news> S<-- but> you can't just C<chown -R news:news> after the install,
because you may have binaries that are SUID root. You can do the build
-as any user, but you need to be root when doing C<make install> so as
-to set the permissions correctly. After that point, though, you may
-want to C<su news> to avoid creating any files as root. (For routine
+as any user, but you need to be root when doing C<make install> so as to
+set the permissions correctly. After that point, though, you may want to
+C<su news -s /bin/sh> to avoid creating any files as root. (For routine
maintenance once INN is working, you can generally be root. However,
it is always better to be accustomed to doing that as the news user.)
@@ -227,7 +227,7 @@
Start B<innd> by running I<pathbin>/rc.news B<as the news user>. It
is also what you should launch in your init scripts:
- su news -c <pathbin in inn.conf>/rc.news
+ su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
Check I<pathlog>/news.notice to see if everything went well; also use
C<ps> to see if B<innd> is running.
@@ -331,7 +331,7 @@
You then need to start a second B<nnrpd> to listen to these connections
to NNTPS port 563 and put something like that in your init scripts:
- su news -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p 563 -S'
+ su news -s /bin/sh -c '<pathbin>/nnrpd -D -c <pathetc>/readers-ssl.conf -p
563 -S'
Note that a news client which supports the STARTTLS command can also
use the conventional NNTP port 119 to initiate a TLS connection. However,
Modified: doc/pod/install.pod
===================================================================
--- doc/pod/install.pod 2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/install.pod 2014-02-08 13:56:54 UTC (rev 9599)
@@ -1454,7 +1454,7 @@
or, if your system does not have per-user crontabs, put the following line
into your system crontab instead:
- 0 3 * * * su -c '<pathbin in inn.conf>/news.daily expireover lowmark' news
+ 0 3 * * * su news -s /bin/sh -c '<pathbin in inn.conf>/news.daily
expireover lowmark'
If you're using any non-CNFS storage methods, add C<delayrm> to the above
option list for B<news.daily>.
@@ -1534,7 +1534,7 @@
news user and not as root. To start INN on system boot, you therefore
want to put something like:
- su news -c <pathbin in inn.conf>/rc.news
+ su news -s /bin/sh -c <pathbin in inn.conf>/rc.news
in the system boot scripts. If B<innd> is stopped or killed, you can restart
it by running B<rc.news> by hand as the news user.
@@ -1542,7 +1542,7 @@
The B<rc.news> script may also be used to shut down INN, with the C<stop>
option:
- su news -c '<pathbin in inn.conf>/rc.news stop'
+ su news -s /bin/sh -c '<pathbin in inn.conf>/rc.news stop'
In the F<contrib> directory of this source tree, two sample init scripts are
provided: one
for people using System V-style init.d directories, and another for people
@@ -1552,7 +1552,7 @@
B<nnrpd> to listen to these connections to NNTPS port 563 and put something
like that in your init scripts:
- su news -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in
inn.conf>/readers-ssl.conf -p 563 -S'
+ su news -s /bin/sh -c '<pathbin in inn.conf>/nnrpd -D -c <pathetc in
inn.conf>/readers-ssl.conf -p 563 -S'
where F<readers-ssl.conf> is the file which indicates whether a given
connection is allowed to read and post news (you can also use the
@@ -1567,7 +1567,7 @@
or if you do not have a B<start-stop-daemon> utility:
- su news -c 'killall nnrpd'
+ su news -s /bin/sh -c 'killall nnrpd'
=head1 Processing Newsgroup Control Messages
Modified: doc/pod/nnrpd.pod
===================================================================
--- doc/pod/nnrpd.pod 2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/nnrpd.pod 2014-02-08 13:56:54 UTC (rev 9599)
@@ -213,7 +213,7 @@
B<nnrpd> to listen on that port through some other means. This can be
done with the B<-D> flag along with C<-p 563> and put into your init scripts:
- su news -c '<pathbin>/nnrpd -D -p 563 -S'
+ su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S'
but the easiest way is probably to add a line like:
Modified: doc/pod/rc.news.pod
===================================================================
--- doc/pod/rc.news.pod 2014-02-08 13:48:49 UTC (rev 9598)
+++ doc/pod/rc.news.pod 2014-02-08 13:56:54 UTC (rev 9599)
@@ -67,16 +67,16 @@
To start INN and leave certain error messages going to the terminal:
- su - news -c <pathbin in inn.conf>/rc.news
+ su - news -s /bin/sh -c <pathbin in inn.conf>/rc.news
To run INN at startup time from appropriate system boot scripts:
- su - news -c <pathbin>/rc.news >/dev/console
+ su - news -s /bin/sh -c <pathbin>/rc.news >/dev/console
To stop INN (throttling first):
<pathbin>/ctlinnd throttle reason
- su - news -c '<pathbin>/rc.news stop'
+ su - news -s /bin/sh -c '<pathbin>/rc.news stop'
=head1 BUGS
Modified: scripts/rc.news.in
===================================================================
--- scripts/rc.news.in 2014-02-08 13:48:49 UTC (rev 9598)
+++ scripts/rc.news.in 2014-02-08 13:56:54 UTC (rev 9599)
@@ -3,10 +3,10 @@
## $Revision$
## News boot script. Runs as "news" user. Run from rc.whatever as:
-## su news -c /path/to/rc.news >/dev/console
+## su news -s /bin/sh -c /path/to/rc.news >/dev/console
##
## Or to stop INN:
-## su news -c '/path/to/rc.news stop'
+## su news -s /bin/sh -c '/path/to/rc.news stop'
waitforpid()
{
------------------------------
_______________________________________________
inn-committers mailing list
inn-committers@lists.isc.org
https://lists.isc.org/mailman/listinfo/inn-committers
End of inn-committers Digest, Vol 60, Issue 1
*********************************************
