Greetings! *** John Goerzen [2021-08-19 22:42]: >I also have a more detailed exploration of how sudo and NNCP can work >together, both for exchanging data between two different NNCP installations >on a local machine, and for cases where NNCP runs as a different user than >your regular user. >https://github.com/jgoerzen/nncp-tools/blob/main/docs/nncp-sudo.org And yet again, possibly stupid question out of curiosity: isn't the ordinary Unix permissions are not enough? I assume that there is some host with two (or more) users, sharing the same spool. Honestly I do not remember if I tried the setup, but because http://www.nncpgo.org/Administration.html#Shared-spool page exists, seems that I tried it. The problem out-of-box is that newly created files are owned solely by the user who called nncp-commands. Let's try to "bias" the permissions to the group: * create "nncp"/whatever group with the users allowed to share NNCP installation (spool/logs) * chgrp -R nncp $NNCPCFG $NNCPLOG $NNCPSPOOL * allow group reading of the configuration file: chmod g+r $NNCPCFG * allow group reading/writing of the spool: chmod -R g+rwx $NNCPSPOOL * force group owning of the spool, so newly created packets won't be owned by user's group: chmod -R g+s $NNCPSPOOL * by default many users have umask 022. Personally I have umask 077. That will prohibit read/write of newly created packets in the spool, even taking the fact that they are owned (because of chmod-setgid) by "nncp" group. Let's force necessary umask usage: echo 'umask: "007"' >> $NNCPCFG That way all newly created/generated packets will be owned by different users, but with the same common "nncp" group, having RW-access. Personally I run nncp-daemon mainly on 540 TCP-port ("uucp" one) and that requires root privileges to listen on. That is why I use ucspi-tcp+daemontools to run tcpserver (utility from UCSPI-TCP) under root, that runs setuidgid-ed nncp-daemon when connection is established (with capturing log in separate file through the separate daemon running under different privileges): # cat /var/service/nncp-daemon/run #!/bin/sh -e NNCPLOG=FD:4 exec envuidgid uucp tcpserver -DHRU -l 0 ::0 uucp \ nncp-daemon -ucspi -quiet -autotoss 4>&1 # cat /var/service/nncp-daemon/log/run #!/bin/sh -e exec setuidgid stargrave multilog ./main -- Sergey Matveev (http://www.stargrave.org/) OpenPGP: CF60 E89A 5923 1E76 E263 6422 AE1A 8109 E498 57EF