![]() |
![]() |
|
![]() |
![]() |
|
![]() ![]() ![]() ![]() Next: Changing Database File Permissions Up: Security Considerations Previous: Changing the Admin Password   Contents Unix setuid Operation
Unix systems (Solaris and Linux) only allow the root user to bind to the standard NNTP port (119). CoffeeLink News Server automatically uses an alternate port, 1199, if it fails to bind to port 119. In many cases this is an acceptable alternative. But for many environments, operation on port 119 is required for compatibility with news clients or operation through firewalls. If you want the CLNews server to use port 119 you can either:
Running the server as root is the simplest option since it doesn't require any changes to the CLNews configuration. CLNews is written in Java, so the most common attacks designed by crackers to gain root access should have no effect on CLNews. But there is always a chance that any program running as root could be compromised by a sufficiently skilled cracker. For example, a particular version of the Java virtual machine might have an obscure bug that could be exploited. BCC makes no guarantee that CLNews is invulnerable to cracker attacks. To allow a higher degree of safety, CLNews is shipped with a small native library that allows a Java program to call the Unix system's setuid() function. Unlike a Java program, the native library is platform specific. CLNews includes precompiled versions of the library for the supported Unix platforms. Source code is also provided, but BCC does not provide support for individuals attempting to port the library to other platforms. To enable setuid operation, perform the following steps:
![]() ![]() ![]() ![]() Next: Changing Database File Permissions Up: Security Considerations Previous: Changing the Admin Password   Contents Copyright © 2000 by Burton Computer Corporation, All Rights Reserved |