nnrp.access(5) [debian man page]
NNRP.ACCESS(5) File Formats Manual NNRP.ACCESS(5) NAME
nnrp.access - access file for on-campus NNTP sites DESCRIPTION
The file /etc/news/nnrp.access specifies the access control for those NNTP sites that are not handled by the main InterNetNews daemon innd(8). The nnrpd(8) server reads it when first spawned by innd. Comments begin with a number sign (``#'') and continue through the end of the line. Blank lines and comments are ignored. All other lines should consist of five fields separated by colons: hosts:perms:username:password:patterns The first field is a wildmat(3)-style pattern specifying the names or Internet address of a set of hosts. Before a match is checked, the client's hostname (or its Internet address if gethostbyaddr(3) fails) is converted to lowercase. Each line is matched in turn, and the last successful match is taken as the correct one. The second field is a set of letters specifying the permissions granted to the client. The perms should be chosen from the following set: R The client can retrieve articles P The client can post articles The third and fourth fields specify the username and password that the client must use to authenticate themselves before the server will accept any articles. Note that no authentication (other then a matching entry in this file) is required for newsreading. If they are empty, then no password is required. Whitespace in these fields will result in the client being unable to properly authenticate themselves and may be used to disable access. The fifth field is a set of patterns identifying the newsgroups that the client is allowed to access. The patterns are interpreted in the same manner as the newsfeeds(5) file. The default, however, denies access to all groups. The access file is normally used to provide host-level access control for reading and posting articles. There are times, however, when this is not sufficient and user-level access control is needed. Whenever an NNTP ``authinfo'' command is used, the nnrpd server re-reads this file and looks for a matching username and password. If the local newsreaders are modified to send the ``authinfo'' command, then all host entries can have no access and specific users can be granted the appropriate read and post access. For example: ## host:perm:user:pass:groups ## Default is no access. *:: -no- : -no- :!* ## FOO hosts have no password, can read anything. *.foo.com:Read Post:::* ## A related workstation can't access FOO newsgroups. lenox.foo.net:RP:martha:hiatt:*,!foo.* If the file contains passwords, it should not be world-readable. HISTORY
Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. This is revision 1.11, dated 1996/09/06. SEE ALSO
innd(8), newsfeeds(5), nnrpd(8), wildmat(3). NNRP.ACCESS(5)
Check Out this Related Man Page
HOSTS.NNTP(5) File Formats Manual HOSTS.NNTP(5) NAME
hosts.nntp, hosts.nntp.nolimit - list of hosts that feed NNTP news DESCRIPTION
The file /etc/news/hosts.nntp is read by innd(8) to get the list of hosts that feed the local site Usenet news using the NNTP protocol. The server reads this file at start-up or when directed to by ctlinnd(8). When a host connects to the NNTP port of the system on which innd is running, the server will do a check to see if their Internet address is the same as one of the hosts named in this file. If the host is not mentioned, then innd will spawn an nnrpd(8) to process the connection, with the accepted connection on standard input and stan- dard output. Comments begin with a number sign (``#'') and continue through the end of the line. Blank lines and comments also ignored. All other lines should consist of two or three fields separated by a colon. The first field should be either an Internet address in dotted-quad format or an address that can be parsed by gethostbyname(3). If a host's entry has multiple addresses, all of them will be added to the access list. The second field, which may be blank, is the password the foreign host is required to use when first connecting. The third field, which may be omitted, is a list of newsgroups to which the host may send articles. This list is parsed as a newsfeeds(5) subscription list; groups not in the list are ignored. Posts crossposted in groups matched by a @group.* entry are dropped. For example: ## FOO has a password, UUNET and VIX dont. ## UUNET cannot post to local groups. ## Example is not part of Usenet II. ## These are comment lines. news.foo.com:magic uunet.uu.net::!foo.* data.ramona.vix.com: newspeer.example.com::*,@net.* The first field may be suffixed by ``/s'' to indicate that streaming commands are specifically permitted to be used by this host. By default streaming commands are available to all hosts. If any entry in hosts.nntp has a ``/s'' suffix, then only those hosts with the ``/s'' suffix will be permitted to use streaming commands. For example, with the following hosts.nntp file, only the host data.ramona.vix.com is allowed to use the streaming commands. ## As above, but news.foo.com:magic uunet.uu.net::!foo.* data.ramona.vix.com/s: The first field may be suffixed by ``/a'' to indicate that the IP address of the feeding hosts allowed by this entry should always be included in the Path line of articles, or by ``/t'' to indicate that the address should not be included, or ``/a'' followed by a pathhost value to indicate that the IP address should be included if the most recent Path entry does not match the pathhost specified after ``/a''. The default is to log the address in articles whose most recent Path entry is not the same as the hostname in the hosts.nntp entry. Since innd is usually started at system boot time, the local nameserver may not be fully operational when innd parses this file. As a work-around, a ctlinnd ``reload'' command can be performed after a delay of an hour or so. It is also possible to provide both a host's name and its dotted-quad address in the file. If the file contains passwords, it should not be world-readable. The file /etc/news/hosts.nntp.nolimit, if it exists is read whenever the ``hosts.nntp'' file is read. It has the same format, although only the first field is used. Any host mentioned in this file is not sub- ject to the incoming connections limit specified by innd's ``-i'' flag. This can be used to allow local hosts or time-sensitive peers, to connect regardless of the local conditions. HISTORY
Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. This is revision 1.22, dated 1996/11/27. SEE ALSO
ctlinnd(8), innd(8), nnrpd(8). HOSTS.NNTP(5)