LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Our LISTSERV conversion experience - VM to AIX

Eric Thomas <[log in to unmask]>

Mon, 30 Jun 1997 13:25:15 +0200

text/plain (60 lines)

On Mon, 30 Jun 1997 00:32:06 -0400 David R Nessl <[log in to unmask]> said:

>We  don't have  to  create  special accounting  schemes  for other  Unix
>data-storage servers  such as personal email  or ftp or web  servers, so
>why should we have to charge specially for LISTSERV?

Because there  are two fundamental  differences between LISTSERV  and the
other things you mention:

- If a user removes his mailbox, or  edits the contents with emacs and it
  no  longer  works, this  is  the  user's problem  and  no  one else  is
  impacted. Likewise if a user deletes his home page, who cares? LISTSERV
  on the other  hand was not designed to allow  random external processes
  to edit random  files at random times. LISTSERV was  simply never meant
  to interface to a collection of  list archive files managed manually by
  end users. It  is not a supported  use of the software.  All changes to
  the archives must  go through LISTSERV so that the  indexes can be kept
  in synch. You are free to try your approach anyway, but don't expect me
  to agree that it is a good one.

- The FTP  or web servers do  not write files (except  through the normal
  login process  in the case  of FTP). With  LISTSERV you have  a process
  that, by definition,  has authority to update all files  related to all
  lists on the system,  and you are proposing to allow  end users to have
  control over where on the file  system LISTSERV writes these files. You
  are proposing,  in other words, to  open a security hole  to facilitate
  accounting.  Well, this  is your  prerogative, but  don't expect  me to
  agree with you.

I will  repeat one last  time the approach  that I am  suggesting. Please
explain to me in "DOS for dummies"  terms what exactly does not work with
this approach, as I have yet to hear an explanation that makes sense thus
far:

1. Create a directory tree to which users have no access but LISTSERV has
   full access. The world access for  this directory is zip. The users do
   not have the same group as LISTSERV, consequently the users have zilch
   access to this directory.

2. Create subdirectories for the various  lists and tell LISTSERV to save
   the files there.  Only the administrator can tamper  with this because
   only the administrator  has write access to the  main directory, which
   is owned by LISTSERV.

3. Make  a little chown  script that changes  the ownership of  the files
   within these directories (but not  the directories themselves) so that
   they are accounted properly.

The users have no access to this  setup and cannot tamper with it. You do
not have  a security exposure. You  have the ownerships set  as your disk
accounting program  wants them to  be. What  exactly is not  working with
this setup?

>Also, the  Unix sysadmins we can  find nowadays don't have  a clue about
>how to interface to MVS where our central accounting system resides,

I am sorry to hear that, but this is not L-Soft's problem, is it?

  Eric

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM