NNRP.ACCESS(5)
NAME
nnrp.access - access file for on-campus NNTP sites
DESCRIPTION
The file /etc/news/nnrp.access specifies the access con-
trol for those NNTP sites that are not handled by the main
InterNetNews daemon innd(8). The nnrpd(8) server reads it
when first spawned by innd.
Comments begin with a number sign (``#'') and continue
through the end of the line. Blank lines and comments are
ignored. All other lines should consist of five fields
separated by colons:
hosts:perms:username:password:patterns
The first field is a wildmat(3)-style pattern specifying
the names or Internet address of a set of hosts. Before a
match is checked, the client's hostname (or its Internet
address if gethostbyaddr(3) fails) is converted to lower-
case. Each line is matched in turn, and the last success-
ful match is taken as the correct one.
The second field is a set of letters specifying the per-
missions granted to the client. The perms should be cho-
sen from the following set:
R The client can retrieve articles
P The client can post articles
The third and fourth fields specify the username and pass-
word that the client must use to authenticate themselves
before the server will accept any articles. Note that no
authentication (other then a matching entry in this file)
is required for newsreading. If they are empty, then no
password is required. Whitespace in these fields will
result in the client being unable to properly authenticate
themselves and may be used to disable access.
The fifth field is a set of patterns identifying the news-
groups that the client is allowed to access. The patterns
are interpreted in the same manner as the newsfeeds(5)
file. The default, however, denies access to all groups.
The access file is normally used to provide host-level
access control for reading and posting articles. There
are times, however, when this is not sufficient and user-
level access control is needed. Whenever an NNTP
``authinfo'' command is used, the nnrpd server re-reads
this file and looks for a matching username and password.
If the local newsreaders are modified to send the
``authinfo'' command, then all host entries can have no
access and specific users can be granted the appropriate
read and post access.
For example:
## host:perm:user:pass:groups
## Default is no access.
*:: -no- : -no- :!*
## FOO hosts have no password, can read anything.
*.foo.com:Read Post:::*
## A related workstation can't access FOO newsgroups.
lenox.foo.net:RP:martha:hiatt:*,!foo.*
If the file contains passwords, it should not be world-
readable.
HISTORY
Written by Rich $alz lt;rsalz@uunet.uu.net for InterNet-
News. This is revision 1.11, dated 1996/09/06.
SEE ALSO
innd(8) newsfeeds(5) nnrpd(8) wildmat(3).