Andrew Brown wrote about Re: misc/6882: /var/spool/news should be owned by news.news:
:On Wed, Jan 27, 1999 at 03:45:08AM +0000, Geoff Wing wrote:
:>Chris Jones <cjones@news.avicom.net> typed:
:>:>Description:
:>:/var/spool/news is listed in /etc/mtree/special as optional, and root.wheel.
:>:It seems to me that, if this directory ever exists, it's going to need to be
:>:owned by news.news.
:>Why?  Mine's owned by root.wheel .  What exactly does any set[ug]id news
:>program need to do in there?  AFAIK, nothing.  No program should need to
:>create/delete files/directories in there (except for installation).
:>Subdirectories in there need to be news.news for, say, INN but 
:>/var/spool/news itself doesn't need/want to be.
:well...if i was to install and start up a new news server, i certainly
:wouldn't want to have to go into /var/spool/news and create all the
:names of the hierarchy top levels by hand.  i'd expect innd (or some
:such) to do that.

You don't have to with INN because it will make them for you
in the "make install" process.  I suspect news servers others are similar.
They'd make the hierarchy required by their servers.  And since most
probably need a setuid root daemon to bind to the nntp port, you'd have
to install as root anyway so you'd have access to /var/spool/news

Once you've installed, you don't need or want any of the news daemons
running as, set[ug]id news to have write access to the top directory, only
the specific hierarchy it's set up for itself under it.  Of course, if
you're just running the one news package you may not care if the setuid news
programs can write to the top level directory.  Or maybe you do.

Either way, it's unnecessary and probably safer to stick to the root.wheel
ownership.

Regards,
-- 
Geoff Wing   <gcw@pobox.com>            Mobile : (Australia) 0412 162 441
Work URL: http://www.primenet.com.au/   Ego URL: http://pobox.com/~gcw/