NNTPCache: nntpcache.access not working as expected

To: debian-user List <debian-user@lists.debian.org>
Subject: NNTPCache: nntpcache.access not working as expected
From: Paul 'Baloo' Johnson <baloo@ursine.dyndns.org>
Date: Tue, 26 Mar 2002 04:06:06 -0800 (PST)
Message-id: <[🔎] Pine.LNX.4.44.0203260403381.941-100000@ursine.dyndns.org>

I'm having difficulty allowing a small collection of newsgroups to be
avaliable to the general public.  I want to allow the various furry
newsgroups, *fur* and yerf*.  However, if I specify anything other than
* for the group restriction, it disconnects users saying they don't have
access.  I'm wondering if anybody found a solution for this?

Here's my nntpcache.access file...

# $Id: nntpcache.access-dist,v 1.1.1.1 1998/07/29 15:14:28 proff Exp $
#
# this is an example nntpcache.access file.
# user names are pulled off the wire via RFC931 "ident". if the
# remote host isn't running identd, then the username "unknown" will be
# returned.
#
5~# matching is top down, from the general to the specific. the LAST
MATCH is
# dominant, except where the the "quick" keyword is used. If the last match
# is a negation then access is refused.
#
# this is a merged access schema. it controls both permission to talk
# as well as the finer grain per group permissions.
#
# a wild card for the hostname and the keyword "strip" in the permissions
# field will cause that group to be stripped out of the active, active.times,
# newsgroups, and xgtitle files
#
# if a group field contains the match-all "*" then the authorisation
# entry is used in both the initial connection authorisation and in
# per-group authorisation. if the group field contains the keyword
# "<nntp>" then the entry is ONLY used in connection authorisation.
# anything else is only used during group authorisation.
#
# warning:
# 	   if a client is given permission to connect,
# 	   but is denied read access to a particular group,
#	   then it can still read articles from that group
#	   IFF they are cross-posted to another group, which the
#	   client has permission to read.
#
# for these access controls to work at a group level and not just at
# connection time, you need to have "groupSecurity" turned on in
# the nntpcache.config file.
#
# for these permissions (other than strip) to be applied to
# LISTs of groups (i.e "directories" of groups, such as the
# active/active.times/newsgroups/newgroups lists) you need to
# have listSecurity turned on in the nntpcache config file.
#
# if "censor" or "filter" are in the permissions then the fourth
# field contains a list of filter files which are used for pattern
# matching on content/headers. The difference between "censor"
# and "filter" is that when an nntpcache client asks for a censor'ed
# piece of information nntpcache returns information of the type
# requested, but with the content replaced with a message stating
# that the message was censored. the "filter" permission on the other
# attemps to remove information matching the filter transparently.
#
# nb. as of this writing censoring has not been fully implimented.
#     filtering works fine though.
#
# nb. for various reasons, filters may not work 100% effectively without
#     groupSecurity being on.
#
# "auth" in the permissions field dictates that AUTHINFO authorisation
# is required for the line to have any effect. (username/password, as
# per /etc/passwd or NIS)
#
# if the client is authorised, then the fith field comes into play.
# this last field is a comma seperated list of filenames which
# contain usernames to be matched against the user name used in the
# authorisation.
#
# nb. the AUTHINFO code has been disabled for lack of interest.
#     please bug nntpcache@nntpcache.org if you want it re-enabled
#
# nb. lines can not be longer that 1023 bytes each
#
# the default policy is no access.
# the following line reverses this
#
# host patern		group		permissions	filters userfiles

#*			*		read,post

# whatever is not denied is permitted; we are now a woodstock access file.
# cooling!

*			*		deny

# but hendrix is dead, and the world has moved into a new reign
# of conservatism. not so cool.
# we are now a french legal system access file. users are guilty until
# proven innocent (mmmmmmmmmmmmmm. guilty users).
#
# credentials for internal nocem daemon
<nocem@nntpcache>	*		read,quick

# developer's gets full access to everything, regardless
# of what subsequent rules say
#
#192.168.*.*		*		read,post,quick
# allow anyone from localhost to conncet to the web statistics port
localhost		<http>		read,quick
# full access for our local network
localhost		*		read,post
*ursine.dyndns.org	*		read,post
*			*fur*		read,post
*			yerf*		read,post



# smut is low on our bandwidth priorities
*			*pictures*	deny,strip
*			*binaries*	deny,strip
*			*sex*		deny,strip
# strip some bogus groups that waste resources
*			*.-.*,		deny,strip
*			*._.*		deny,strip

-- 
Baloo


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: Exim - remove many messages
Next by Date: RE: chatscript trick to wait for dial tone after 9 is dialed?
Previous by thread: RE: chatscript trick to wait for dial tone after 9 is dialed?
Next by thread: Thanks again!! Now another prob..
Index(es):
- Date
- Thread