Permissions (Was: What is /hdr/ subdirectory?)

public inbox for nncp-devel@lists.stargrave.org
Atom feed

From: Hadmut Danisch <hadmut@danisch•de>
To: John Goerzen <jgoerzen@complete•org>
Cc: nncp-devel@lists.cypherpunks.su
Subject: Permissions (Was: What is /hdr/ subdirectory?)
Date: Wed, 11 Mar 2026 12:51:32 +0100	[thread overview]
Message-ID: <da30feec-8a91-4d2a-b71a-fd909f255535@danisch.de> (raw)
In-Reply-To: <87sea75bb6.fsf@complete.org>

Hi,

I've found the problem.

The debian/ubuntu nncp package comes with a flaw: In contrast to e.g. 
uucp, the nncp package creates a nncp user and sets ownership of 
/var/spool/nncp to nncp, but does not set the binaries setuid nncp, as, 
e.g. uucp does.

The binaries are, therefore, always run as the user who calls them.

- it works, when run as nncp

- it partly works when run as root, because all files can be written and 
read as root, but  nncp-daemon and nncp-caller can't access them then.

- it does not work at all when called by someone else, because the 
program can't access /etc/nncp.yaml or /var/spool/nncp.

To fix this, I have set _some_ of the binaries  setuid nncp. Which, on 
the other hand, is a security flaw, because every user on the system can 
rm nncp messages. But it worked.

I hadn't set nncp-stat, because I thought, it only reads files.

Every now and then I call nncp-stat as root to check everything is 
working correct. This causes the /hdr/ files to be written, but with 
ownership root. Once the /hdr/ file is owned by root, nncp-daemon 
silently ignores them and the messages is never transmitted. Not even an 
error message.  A

chown -R nncp:nncp /var/spool/nncp

fixes things temporarily, and  nncp-daemon can transmit them with next 
run – until the admin calls nncp-stat again.

So this is somewhat error prone. And it lacks a description about how 
this – ownership and permissions – is supposed to work.

nncp-daemon should issue an error message if it can't read the /hdr/ 
file instead of silently ignoring the message.

Proposal:

- If the binaries are run as nncp or setuid nncp (i.e. same owner as 
/etc/nncp.yaml and/or /var/spool/nncp):  If it can access /etc/nncp.yaml 
and /var/spool/nncp  run as normal, otherwise abort with error message

- if run as root, write files and create directories with the same 
uid/gid as /var/spool/nncp , or at least with g+rw and /var/spool/nncp 
set to g+s, to force all created files and directory to have nncp as 
their group and group rw permissions.

- otherwise, if run as a normal user,  use  ~/.config/nncp.yaml and 
~/.local/spool/nncp  instead of /etc/nncp.yaml and /var/spool/nncp

regards

Hadmut

next prev parent reply	other threads:[~2026-03-11 12:16 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-03-10 23:28 What is /hdr/ subdirectory? Hadmut Danisch
2026-03-11  2:50 ` John Goerzen
2026-03-11 11:51   ` Hadmut Danisch [this message]
2026-03-11 12:08     ` Permissions John Goerzen
2026-03-11 12:32       ` Permissions Hadmut Danisch
2026-03-11 16:27         ` Permissions John Goerzen
2026-03-11 16:35           ` Permissions Hadmut Danisch
2026-03-11 16:48             ` Permissions John Goerzen
2026-03-11 16:30         ` Permissions John Goerzen
2026-03-15  8:17         ` Permissions Sergey Matveev
2026-03-11  7:36 ` What is /hdr/ subdirectory? Sergey Matveev