LISTSERV - LSTSRV-L Archives - COMMUNITY.EMAILOGY.COM

LSTSRV-L Archives

LISTSERV Site Administrators' Forum

LSTSRV-L

	LISTSERV Archives
	LSTSRV-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]

Re: Our LISTSERV conversion experience - VM to AIX

Eric Thomas <[log in to unmask]>

Sun, 29 Jun 1997 16:51:53 +0200

text/plain (51 lines)

On Sun, 29 Jun 1997 10:53:09 -0400 David R Nessl <[log in to unmask]> said:

>No,  it could  be moved  to another  subdirectory under  their own  home
>directory, eg. /u/username/hidden-archives.  That's the same filesystem,
>and there's no need for it to be world-writable.

I was assuming that  you charge users for ALL their  disk space, not just
the space related to LISTSERV. Under that assumption it doesn't matter if
they move the files around within their directory tree.

>OK, so someone  moves their list-archive directory and  then symlinks to
>/etc/passwd

You would only change files originally owned by LISTSERV, not root files.

>or to LSVROOT;

You have  just uncovered a security  flaw in your proposed  design, which
exist with  or without the 'chown'  trick. By telling LISTSERV  to create
files in  a path under  user control, you  allow the controlling  user to
create files anywhere on the system that LISTSERV has write access.

>At this  point I  realize I'm not  going to convince  you to  create the
>exit, but I hope you at least recognize the reality of the problem, i.e.
>it can't reliably be fixed by later processing.

I am thoroughly unconvinced :-) I  just don't understand why you can't do
it like everyone else  and have a directory for each  user that the users
do not have the beginning of any access to. You then count the space used
within that directory tree and bill for  it. In my opinion the only VALID
reason to want the users to own the files is if you want to allow them to
edit them directly, which could make  sense for file server related files
where LISTSERV  is prepared for  this possibility  and there is  no index
that needs to be kept in synch, etc.

>How? If  end-users own the files  (in order to get  the charging right),
>then  because of  the single  directory tree  in Unix  those files  will
>always be a accessible by the owners.

Not if they lack execute permission to the parent directory.

>That's  a  valid   concern.  So  we  should  leave   those  small  files
>(LISTNAME.dbXXXX) owned  by listserv,  but change  the ownership  on the
>really big files, i.e. the LISTNAME.logXXXX files, for charging.

If the  user owns  the directory,  this will not  be sufficient.  And the
reverse index files  are by no means small, at  least not when multiplied
by 200 users...

  Eric

ATOM RSS1 RSS2

COMMUNITY.EMAILOGY.COM