Try putting the line:
   umask 066

in your go.user file.  All files created by LSV should have permissions
rwx------ (i.e., 600) after that.  (this was on a suggestion to me from LSOFT
tech support).

David Alix


On Mon, 3 Jul 2000 23:14:32 +0200 Peter 'Rattacresh' Backes
<[log in to unmask]> wrote:

> Hi,
>
> On UNIX platforms, when LISTSERV is started, the go script redirects
> it's output into a listserv.log file.  However because there is
> neither an umask 600 command nor a touch listserv.log; chmod 600
> sequence in it, the file is generally world readable.  This leads to
> local users being able to spy passwords when someone sends a password
> protected command.  signup.fileX is also created world readable so
> they can have all passwords at once.  In contrast, the memo files as
> shipped are only readable by listserv and it's group, and some of
> them further have the +x bit set.
>
> I'd recommend the developers to touch; chmod 600 the log file before
> it is being redirected to in the shipped script, further to create
> signup files with 0600 (man open on your unix box) and to ease memo
> permissions resp. remove those strange +x bits in the standard
> distribution. Or have I missed something in the documentation and all
> those permissions are required to be set the way they are by default?
>
> BTW, when I recently studied the LISTSERV classic trial version, I
> met the following line in service.names which looks like a Y2K
> problem to me: :service1.SN_NEXT 191000101
>
> -- Peter 'Rattacresh' Backes, [log in to unmask]
>    TURN OFF AUTO-QUOTING OF THE WHOLE TEXT IF YOU REPLY!!!

----------------------
David Alix
Information Systems & Computing
University of California, Santa Barbara
[log in to unmask]