👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

RedHat 9 (Linux i386) - man page for inndstart (redhat section 8)

inndstart(8)			    InterNetNews Documentation			     inndstart(8)

NAME
       inndstart - Start innd

SYNOPSIS
       inndstart [-P port] [-I address] [innd-options]

DESCRIPTION
       The purpose of inndstart is to raise system file descriptor limits, open the privileged
       news transfer port, and then start innd(8), passing it the open file descriptor for the
       news port.  inndstart is used since only privileged programs can perform those two opera-
       tions and since innd should not run privileged.	It is installed setuid root and drops
       privileges to the news user (set at configure time) before running innd.

       Normally there is no need to run inndstart directly.  Instead, run rc.news(8) as the news
       user, and it will handle running inndstart appropriately for you.

       Since inndstart is setuid root, it is extremely restrictive about who can run it and what
       it is willing to do.  See the section on "SECURITY" for the full details.

       inndstart can only be run by the news user; if run by any other user, it will abort.  It
       will also only bind to ports 119, 433, or a port number given at configure time with
       --with-innd-port among those ports below 1024, although it can bind to any port above
       1024.  This is to prevent various security exploits possible by binding to arbitrary priv-
       ileged ports.

       Before running innd, inndstart cleans out the environment and sets only those environment
       variables listed in the section on "ENVIRONMENT".

OPTIONS
       -P port
	   Bind to port instead of whatever is specified by port in inn.conf(5).  Note that this
	   is subject to the constraints mentioned above.

       -I address
	   Bind as address instead of whatever is specified by bindaddress in inn.conf(5).  The
	   default behavior is to bind to INADDR_ANY, and that's what's desired almost all the
	   time.  This option, and the inn.conf(5) parameter, may be useful if the machine has
	   multiple interface cards and innd should only be listening on a particular one.

       All other options given on the command line are passed verbatim to innd.  In addition,
       inndstart will give the -p option to innd, specifying the file descriptor of the open net-
       work socket.

SECURITY
       inndstart is setuid root, and therefore an expected point of attack.  It has therefore
       been carefully written with security in mind.  In a normal INN installation, it is
       installed setuid root and executable only by users in the news group.

       Ideally, everything about inndstart's operations would be hard-coded so that it could not
       be modified.  Fighting against this desire, however, is the ideal that as much of INN's
       operation as possible should be configurable at run-time using inn.conf(5), and the news
       system should be able to an alternate inn.conf by setting INNCONF to the path to that file
       before starting any programs.  The configuration data therefore can't be trusted.

       The security model used is:

       o inndstart can only be executed by the news user and news group, as determined at config-
	 ure time and compiled into inndstart as constants.  Similarly, inndstart will always
	 setuid() and setgid() to those users before running innd.  This is to prevent a user
	 other than news but in the news group from using inndstart to leverage that access into
	 access to the news account.

       o As mentioned above, inndstart will only bind to a very limited set of ports below 1024.
	 There are various attacks that can be performed using random low-numbered ports, includ-
	 ing exploits of the rsh family of commands on some systems.

       o inndstart does as little as possible as root, dropping privileges before performing any
	 operations that do not require elevated privileges.

       This program therefore gives the news user the ability to revoke system file descriptor
       limits and bind to the news port, and nothing else.

DIAGNOSTICS
       inndstart may log the following messages to syslog (like the rest of INN, syslog is the
       best place to find detailed debugging information):

       can't bind: %s
	   (Fatal) Unable to bind to the designated port.  This usually means that something else
	   is already running on the news port.  Check with netstat(8) and make sure that
	   inetd(8) doesn't think it's running a service on the same port you're trying to run
	   innd on.

       can't exec %s: %s
	   (Fatal) inndstart was unable to execute innd.  Make sure that pathbin is set correctly
	   in inn.conf and that innd is located in that directory and is executable by the news
	   user.

       can't getrlimit(NOFILE)
	   (Warning) Unable to obtain the current system resource limit on file descriptors.
	   Chances are something is wrong with the *rlimit() functions.  The file descriptor
	   limit was left unchanged from the system default.

       can't open socket: %s
	   (Fatal) Something went wrong in creating the network socket.  Chances are your system
	   is out of resources of some kind.

       can't setgid(%d): %s
	   (Fatal) Dropping privileges to the news group failed for some reason.

       can't setgroups: %s
	   (Warning) Dropping all supplemental groups except the news group failed for some rea-
	   son, and the process group membership was left unchanged.  This message may indicate a
	   minor security hole if the news user is in extra groups.

       can't setrlimit(NOFILE, %d)
	   (Warning) Unable to set the system file descriptor limit to the specified value.
	   Either that value is too high for your system or something else went wrong.	The file
	   descriptor limit was left unchanged.  Try changing rlimitnofile in inn.conf to a
	   smaller value.

       can't setsockopt: %s
	   (Warning) inndstart attempts to set SO_REUSEADDR so that if innd exits, it can be
	   restarted again immediately without waiting for the port to time out.  For some rea-
	   son, this failed, and that option was not set on the port.

       can't setuid(%d): %s
	   (Fatal) Dropping privileges to the news user failed for some reason.

       can't stat pathrun (%s): %s
	   (Fatal) pathrun as specified in inn.conf doesn't exist.

       getgrnam(%s) failed
	   (Fatal) Unable to determine the GID for the compiled-in news group.	Is the news group
	   listed in /etc/group?

       getpwnam(%s) failed
	   (Fatal) Unable to determine the UID for the compiled-in news user.  Is the news user
	   listed in /etc/passwd?

       invalid address %s
	   (Fatal) -I was specified on the command line, but the argument wasn't a valid address.
	   Addresses must be given as numeric IP addresses.

       invalid bindaddress in inn.conf (%s)
	   (Fatal) The bindaddress specified in inn.conf could not be converted to an IP address.
	   See inn.conf(5) for more information about valid values.

       invalid port %s
	   (Fatal) -P was specified on the command line, but the argument wasn't a valid port.
	   Ports must be port numbers; service names are not allowed.

       missing address after -I
	   (Fatal) -I was given on the command line, but no address was given after the option.

       missing port after -P
	   (Fatal) -P was given on the command line, but no port was given after the option.

       pathrun (%s) not a directory
	   (Fatal) pathrun as specified in inn.conf isn't a directory.	This is where innd will
	   create its local control socket; it should always be a directory.

       pathrun (%s) owned by group %d, not %s (%d)
	   (Fatal) pathrun specified in inn.conf must be owned by the news group.  This is
	   checked for security reasons.

       pathrun (%s) owned by user %d, not %s (%d)
	   (Fatal) pathrun specified in inn.conf must be owned by the news user.  This is checked
	   for security reasons.

       ran by GID %d, who isn't %s (%d)
	   (Fatal) Someone not in the news group attempted to run inndstart.  If you were running
	   inndstart as the news user, make sure that the news user's default group is the news
	   group you picked at compile time (`news' by default).

       ran by UID %d, who isn't %s (%d)
	   (Fatal) Someone other than the news user attempted to run inndstart.  inndstart may
	   only be run by the news user for security reasons.

       seteuid(%d) failed: %s
	   (Fatal) Unable to change the effective UID.	This usually means that inndstart was
	   installed with the wrong permissions.  If it does have the correct permissions (setuid
	   root) and seteuid() to root (UID 0) is failing, this may mean that your system has
	   seteuid() but doesn't have support for POSIX saved UIDs.  If this is the case, please
	   report this to the INN maintainers.

       setreuid(%d, %d) failed: %s
	   (Fatal) Unable to change the real and effective UIDs.  This message usually means that
	   inndstart was installed with the wrong permissions.

       tried to bind to port %d
	   (Fatal) inndstart was told to bind to a low numbered port (under 1024) other than 119,
	   433, or a port number given at configure time.  This is not allowed for security rea-
	   sons.

EXAMPLES
       Normally, inndstart is never run directly.  However, a simple way to just restart innd
       without running any other auxilliary programs or performing any of the other checks done
       by rc.news(8) is to just run:

	   inndstart

       as the news user.

       To start innd on port 433, passing it the `-c21' option, use:

	   inndstart -P433 -c21

ENVIRONMENT
       One environment variable affects the operation of inndstart itself:

       INNCONF The full path to the inn.conf(5) file to read, rather than the default.	This can
	       be used to run multiple copies of INN on the same machine with different settings.

       When executing innd, inndstart cleans out the entire environmnent and sets only the fol-
       lowing variables:

       BIND_INADDR
	       Passed verbatim from inndstart's environment.  This is apparently used on Linux.

       HOME    Set to pathnews from inn.conf.

       LOGNAME Set to the news master, as determined at configure time.

       PATH    Set to pathbin from inn.conf, pathetc from inn.conf, and then /bin, /usr/bin, and
	       /usr/ucb in that order.

       SHELL   Set to the path to the system Bourne shell as determined by configure (probably
	       /bin/sh).

       TMPDIR  Set to pathtmp from inn.conf.

       TZ      Passed verbatim from inndstart's environment.

       USER    Set to the news master, as determined at configure time.

FILES
       inn.conf
	   Read for pathnews, pathbin, pathrun, pathtmp, rlimitnofile, bindaddress, and port.

       pathbin/innd
	   The binary that is executed as innd and passed the open network socket.

       pathrun
	   Checked for existence and the right ownership.

HISTORY
       Written by Russ Allbery <rra@stanford.edu> for InterNetNews.

       $Id: inndstart.8,v 1.2 1999/10/23 16:25:47 rra Exp $

SEE ALSO
       inn.conf(5), innd(8)

3rd Berkeley Distribution		     INN 2.3				     inndstart(8)


All times are GMT -4. The time now is 06:46 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password