Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Re: rc.news: checking whether we run as the news user
(Noel Butler)
2. Re: rc.news: checking whether we run as the news user
(Russ Allbery)
3. Re: rc.news: checking whether we run as the news user
(Julien ?LIE)
----------------------------------------------------------------------
Message: 1
Date: Mon, 20 Oct 2014 10:29:59 +1000
From: Noel Butler <[email protected]>
To: [email protected]
Subject: Re: rc.news: checking whether we run as the news user
Message-ID: <[email protected]>
Content-Type: text/plain; charset="utf-8"
On 19/10/2014 13:39, Russ Allbery wrote:
> Julien ?LIE <[email protected]> writes:
>
>> In the rc.news man page, there is a BUGS section that mentions:
>
>> "Running rc.news start as root is never the right thing to do, so we should
>> at minimum check for this and error, or perhaps change effective user ID."
>
>> I suggest to check whether rc.news is run as another user ID than the "news"
>> user (in all cases, be it start or stop). If it is the case, we exit with
>> the error:
>
>> rc.news should be run as the "news" user
>
>> where "news" is in fact the value of the runasuser keyword in inn.conf (the
>> real news user). I don't think we should change effective user ID (if root).
>> It might hide another issue. I don't think I ever said explicitly here, but
>> I think it would be fine tochange users. However, that's rather hard to do
>> safely. I suppose we
How can that be hard to do safely? Other software, far far far more
popular and in much wider and heavier use has been doing it since adam
was a boy, like apache's httpd, sendmail, postfix, dovecot, pureftpd,
bind... the list goes on...
I think the issue here is rc.news is wrongly named, since most sys
admins would see that and say, oh ok, that goes in (or links to)
/etc/rc.d or /etc/<insert_your_os's_init_dir> and call it as rc.news
start|stop|restart etc, but clearly this is however not what rc.news is
for, requiring a wrapper to call it, change to user news before calling
that script. It's also a PITA if something goes wrong, leaving all these
sleeps and innwatches running since most sys admins would assume rc.news
stop would actually stop everything, programmers sometimes need to think
like sys admins, the ones who you rely on to install, configure, and
use, your software :)
Someone recently mentioned about time management in getting things
running, usually if something doesn't work after an hour or two of
effort from start to end-user usable, I piss it off and find something
else that does, and I know I'm not alone in that mindset, since I
consider anything that complex to get going would be a nightmare to
problem solve should the need arise. So something that requires minimal
fuss, would be used, recommended to others when asked for opinions, and
the software becomes more popular as word of mouth helps propagate it,
so basically making it as easy to use as possible will help the newbies,
not frustrate them into using software X instead of yours.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.isc.org/pipermail/inn-workers/attachments/20141020/e6f8eb14/attachment-0001.html>
------------------------------
Message: 2
Date: Sun, 19 Oct 2014 19:14:52 -0700
From: Russ Allbery <[email protected]>
To: [email protected]
Subject: Re: rc.news: checking whether we run as the news user
Message-ID: <[email protected]>
Content-Type: text/plain
Noel Butler <[email protected]> writes:
> On 19/10/2014 13:39, Russ Allbery wrote:
>> I don't think I ever said explicitly here, but I think it would be fine
>> tochange users. However, that's rather hard to do safely. I suppose we
> How can that be hard to do safely?
Because it's a shell script. Changing the user a running shell script is
running as requires doing things like re-execing itself under su, which is
tricky to get right.
> I think the issue here is rc.news is wrongly named, since most sys
> admins would see that and say, oh ok, that goes in (or links to)
> /etc/rc.d or /etc/<insert_your_os's_init_dir> and call it as rc.news
> start|stop|restart etc, but clearly this is however not what rc.news is
> for, requiring a wrapper to call it, change to user news before calling
> that script.
Yes, I agree with that. rc.news is actually start-inn, and this would all
be much less confusing if it had been named that originally. (It's not
start-innd -- doing that is easy. It's all the other machinery that it
takes care of, including things like recovering after various problems and
starting various optional supporting daemons, that make it complicated.)
> Someone recently mentioned about time management in getting things
> running, usually if something doesn't work after an hour or two of
> effort from start to end-user usable, I piss it off and find something
> else that does, and I know I'm not alone in that mindset, since I
> consider anything that complex to get going would be a nightmare to
> problem solve should the need arise.
It's okay if you find some other news server that you like better. No one
will mind! It's not a commercial product, you're not paying us, nothing
depends on you using INN, and it honestly doesn't make any difference to
me whether you use INN or not. :) If you're not having fun, don't use
it! The last thing anyone here wants to do is add more pain to your life.
One thing to realize with INN that this is a software package that's been
around for a really, really long time, and is now kept alive basically as
a hobby by a very small number of people, none of whom have a great deal
of time to spend on it. There's oodles and oodles of things that could be
done to improve INN; that's absolutely undisputed. I actually stopped
writing them down after I accumulated several vast lists. At this point,
we all just work on whatever looks fun in that moment, or whatever fixes
problems for us, and don't sweat it too much any more. One of the nice
things about being a fairly small corner of the Internet is that there
isn't a lot of drama, there rarely are any huge arguments, and there's no
real time pressure to make anything work.
I'd love, in the abstract, for INN to be the greatest news server ever and
totally simple for anyone to install and get running, but I came to terms,
a long time ago, with the fact that I have neither the time nor the
resources required to do all the things that I think would be needed for
that statement to be true. It is what it is. :)
> So something that requires minimal fuss, would be used, recommended to
> others when asked for opinions, and the software becomes more popular as
> word of mouth helps propagate it, so basically making it as easy to use
> as possible will help the newbies, not frustrate them into using
> software X instead of yours.
I'm perfectly okay with you using software X! Absolutely nothing wrong
with that.
--
Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/>
Please send questions to the list rather than mailing me directly.
<http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
------------------------------
Message: 3
Date: Mon, 20 Oct 2014 12:39:10 +0200
From: Julien ?LIE <[email protected]>
To: [email protected]
Subject: Re: rc.news: checking whether we run as the news user
Message-ID: <[email protected]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hi Noel,
> I think the issue here is rc.news is wrongly named, since most sys
> admins would see that and say, oh ok, that goes in (or links to)
> /etc/rc.d or /etc/<insert_your_os's_init_dir> and call it as rc.news
> start|stop|restart etc, but clearly this is however not what rc.news
> is for, requiring a wrapper to call it, change to user news before
> calling that script.
How sys admins install packages?
I would expect that they use the packages provided with the distribution
they are running. Then the init scripts are right and rc.news is
properly wrapped.
Otherwise, I guess the alternate method is that sys admins download the
package from upstream, configure it, build it and install it.
Then, how can they miss the fact that rc.news should be wrapped?
It means that they do not even have a look at the INSTALL file or the
CHECKLIST file that clearly explain how to start INN. For instance:
http://www.eyrie.org/~eagle/software/inn/docs/checklist.html
Besides, even the rc.news script itself says that in the comment at the
beginning of the file.
> It's also a PITA if something goes wrong,
> leaving all these sleeps and innwatches running since most sys admins
> would assume rc.news stop would actually stop everything, programmers
> sometimes need to think like sys admins, the ones who you rely on to
> install, configure, and use, your software :)
That's a genuine bug in rc.news; it had not caused much problem until
now, and I am happy to see that this issue is fixed in INN 2.5.5. At
least it will no longer bother sys admins of systems reporting that a
script is still running after having stopped INN.
> Someone recently mentioned about time management in getting things
> running, usually if something doesn't work after an hour or two of
> effort from start to end-user usable, I piss it off and find
> something else that does, and I know I'm not alone in that mindset
I am a bit curious about how "most sys admins" install software. As you
speak about Apache, sendmail, postfix, dovecot, pureftpd, bind, etc., do
"most sys admins" install these software from source?
It is not very efficient as far as time management is concerned...
> So something that
> requires minimal fuss, would be used, recommended to others when
> asked for opinions, and the software becomes more popular as word of
> mouth helps propagate it, so basically making it as easy to use as
> possible will help the newbies, not frustrate them into using
> software X instead of yours.
That's why there are several implementations of software. As Russ says
in a more elegant way, you have the freedom to choose the one that fits
your need best.
It is like news readers: there are huge differences between the
configuration and use of Thunderbird, Windows Mail, Apple Mail, Gnus,
slrn, tin, etc. It is up to you to make your choice and use the one you
prefer. Not all of these projects have the resources (or sometimes the
will) to perfect them to suit all various needs of flexibility and
configuration.
--
Julien ?LIE
? La science consiste ? passer d'un ?tonnement ? l'autre. ?
(Aristote)
------------------------------
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
End of inn-workers Digest, Vol 65, Issue 5
******************************************
