Wed, 5 Jul 2000 09:25:57 -0700
|
Try putting the line:
umask 066
in your go.user file. All files created by LSV should have permissions
rwx------ (i.e., 600) after that. (this was on a suggestion to me from LSOFT
tech support).
David Alix
On Mon, 3 Jul 2000 23:14:32 +0200 Peter 'Rattacresh' Backes
<[log in to unmask]> wrote:
> Hi,
>
> On UNIX platforms, when LISTSERV is started, the go script redirects
> it's output into a listserv.log file. However because there is
> neither an umask 600 command nor a touch listserv.log; chmod 600
> sequence in it, the file is generally world readable. This leads to
> local users being able to spy passwords when someone sends a password
> protected command. signup.fileX is also created world readable so
> they can have all passwords at once. In contrast, the memo files as
> shipped are only readable by listserv and it's group, and some of
> them further have the +x bit set.
>
> I'd recommend the developers to touch; chmod 600 the log file before
> it is being redirected to in the shipped script, further to create
> signup files with 0600 (man open on your unix box) and to ease memo
> permissions resp. remove those strange +x bits in the standard
> distribution. Or have I missed something in the documentation and all
> those permissions are required to be set the way they are by default?
>
> BTW, when I recently studied the LISTSERV classic trial version, I
> met the following line in service.names which looks like a Y2K
> problem to me: :service1.SN_NEXT 191000101
>
> -- Peter 'Rattacresh' Backes, [log in to unmask]
> TURN OFF AUTO-QUOTING OF THE WHOLE TEXT IF YOU REPLY!!!
----------------------
David Alix
Information Systems & Computing
University of California, Santa Barbara
[log in to unmask]
|
|
|