public inbox for nncp-devel@lists.stargrave.org
Atom feed
From: John Goerzen <jgoerzen@complete•org>
To: Hadmut Danisch <hadmut@danisch•de>
Cc: nncp-devel@lists.cypherpunks.su
Subject: Re: Permissions
Date: Wed, 11 Mar 2026 07:08:50 -0500 [thread overview]
Message-ID: <875x726019.fsf@complete.org> (raw)
In-Reply-To: <da30feec-8a91-4d2a-b71a-fd909f255535@danisch.de> (Hadmut Danisch's message of "Wed, 11 Mar 2026 12:51:32 +0100")
On Wed, Mar 11 2026, Hadmut Danisch wrote:
> The debian/ubuntu nncp package comes with a flaw: In contrast to e.g. uucp, the
> nncp package creates a nncp user and sets ownership of /var/spool/nncp to nncp,
> but does not set the binaries setuid nncp, as, e.g. uucp does.
That's not a flaw; that's a feature. setuid is a security risk, and
makes the assumption that every user on the system wants to run the
systemwide NNCP. That's not really necessary with NNCP; it is entirely
possible for every user to have their own NNCP instance that runs right
out of their home directory, for instance.
It also makes the assumption that you want every user on the system to
be able to run the NNCP commands, which isn't an assumption I'd make.
If you don't want that kind of access, then you'd have to additionally
layer some sort of access check mechanism in NNCP itself, which is
unnecessary complexity.
You can use sudo to run NNCP commands as other users. Note that if you
are using nncp-file to send a file that the nncp user can't access,
you'll need to pipe it to nncp-file instead.
In my .bash_aliases, I have:
for FILE in /usr/bin/nncp-*; do
BASENAME="`basename "$FILE"`"
alias "$BASENAME=sudo -Hu nncp $FILE"
done
https://www.complete.org/using-nncp-with-sudo/ has some more information
on this. It also describes how you can have a central nncp user on a
system, and then use sudo to let it communicate with user-specific NNCP
installations on it.
> To fix this, I have set _some_ of the binaries setuid nncp. Which, on the other
> hand, is a security flaw, because every user on the system can rm nncp messages.
> But it worked.
That will be blown away when the NNCP package is upgraded; see
dpkg-statoverride for a way to make it more permanent. Though note that
due to the change from multiple binaries to a single binary, even that
won't quite be enough for the next upgrade only.
> So this is somewhat error prone. And it lacks a description about how this –
> ownership and permissions – is supposed to work.
I wouldn't really recommend running NNCP commands as root (or PHP or
whatever else).
> nncp-daemon should issue an error message if it can't read the /hdr/ file
> instead of silently ignoring the message.
Probably a good idea for Sergey there. Or it can just ignore the hdr file.
> - otherwise, if run as a normal user, use ~/.config/nncp.yaml and
> ~/.local/spool/nncp instead of /etc/nncp.yaml and /var/spool/nncp
That's also a nice suggestion!
- John
next prev parent reply other threads:[~2026-03-11 12:09 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-10 23:28 What is /hdr/ subdirectory? Hadmut Danisch
2026-03-11 2:50 ` John Goerzen
2026-03-11 11:51 ` Permissions (Was: What is /hdr/ subdirectory?) Hadmut Danisch
2026-03-11 12:08 ` John Goerzen [this message]
2026-03-11 12:32 ` Permissions Hadmut Danisch
2026-03-11 16:27 ` Permissions John Goerzen
2026-03-11 16:35 ` Permissions Hadmut Danisch
2026-03-11 16:48 ` Permissions John Goerzen
2026-03-11 16:30 ` Permissions John Goerzen
2026-03-15 8:17 ` Permissions Sergey Matveev
2026-03-11 7:36 ` What is /hdr/ subdirectory? Sergey Matveev