public inbox for
Atom feed
From: John Goerzen <jgoerzen@complete•org>
Subject: Setup on unprivileged accounts
Date: Tue, 03 Aug 2021 23:08:04 -0500	[thread overview]
Message-ID: <> (raw)


I'm hoping to offer NNCP for people on some public-access Unix 
systems (SDF and at least).  These systems generally:

- do not offer root access
- may not permit incoming ports or daemon processes
- don't give me control over sudo
- do give me cron access

My initial scheme, used elsewhere, of calling to "|sudo ... 
nncp-daemon -inetd" won't work here.  I'm thinking of 

The manual talks about a multiuser spool directory.  It seems to 
envision it for several users on the system sharing a single NNCP 
node (they would all send/receive from the same node).  Not quite 
what I'm after, but maybe close.

Some brainstorms I've had:

1) nncp-daemon could be setuid to me and people could just call to 
"|nncp-daemon -inetd".  However, I dislike this for security 
reasons; since it has a -cfg parameter, this could lead to some 
unpleasant effects in the hands of a malicious person and I don't 
think I want to go down this path.

2) Perhaps I could lock down the setuid nncp-daemon and have a 
wrapper that forces command-line options to a certain set.  It 
sure has some elegance to it, as it avoids cron entirely (at least 
for exchange; may still need it for tossing), but still makes me 

3) The spool directory for each local peer could be chowned to 
that account, with its sticky bit set.  That would at least let 
that person get and receive packets.  But that opens the question 
- how?  Maybe the local peers would need to cron a nncp-xfer 
command that has a different cfg set to pull the files out, and 
another one to pull them in?

4) Perhaps a variant on #3, I could have a regular-permissioned 
spool directory and then nncp-xfer into a separate tree with 
directories owned as appropriate with sticky bits set.  Peers 
would have a similar nncp-xfer to pull stuff out of there.


- John

             reply	other threads:[~2021-08-04  4:09 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-04  4:08 John Goerzen [this message]
2021-08-04 12:22 ` Setup on unprivileged accounts John Goerzen
2021-08-04 13:50 ` Sergey Matveev
2021-08-04 18:58   ` Jonathan Lane
2021-08-05  4:23   ` John Goerzen