315 lines
5.4 KiB
HTML
315 lines
5.4 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Restricting NNTP Access</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
|
|
REL="HOME"
|
|
TITLE="Linux Network Administrators Guide"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="NNTP and thenntpd Daemon"
|
|
HREF="x-087-2-nntp.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Installing the NNTP Server"
|
|
HREF="x-087-2-nntp.nntpd.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="NNTP Authorization"
|
|
HREF="x-087-2-nntp.authorize.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Linux Network Administrators Guide</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-nntp.nntpd.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 22. NNTP and thenntpd Daemon</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x-087-2-nntp.authorize.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="X-087-2-NNTP.ACCESS"
|
|
>22.3. Restricting NNTP Access</A
|
|
></H1
|
|
><P
|
|
>
|
|
|
|
Access to NNTP resources is governed by the file
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>nntp_access</TT
|
|
> in <TT
|
|
CLASS="FILENAME"
|
|
>/etc/news</TT
|
|
>. Lines
|
|
in this file describe the access rights granted to foreign hosts. Each line
|
|
has the following format:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
><TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>site</I
|
|
></TT
|
|
> read|xfer|both|no post|no [!<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>exceptgroups</I
|
|
></TT
|
|
>]</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
><P
|
|
>If a client connects to the NNTP port, <I
|
|
CLASS="EMPHASIS"
|
|
>nntpd</I
|
|
> attempts to
|
|
obtain the host's fully qualified domain name from its IP address using reverse
|
|
lookup. The client's hostname and IP address are checked against the
|
|
<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>site</I
|
|
></TT
|
|
> field of each entry in the order in which they
|
|
appear in the file. Matches may be either partial or exact. If an entry
|
|
matches exactly, it applies; if the match is partial, it applies only if there
|
|
is no other match following it that is at least as good.
|
|
<TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>site</I
|
|
></TT
|
|
> may be specified in one of the following ways:
|
|
|
|
<P
|
|
></P
|
|
><DIV
|
|
CLASS="VARIABLELIST"
|
|
><DL
|
|
><DT
|
|
>Hostname</DT
|
|
><DD
|
|
><P
|
|
>This is a fully qualified domain name of a host. If this matches the client's
|
|
canonical hostname literally, the entry applies, and all following entries are
|
|
ignored.</P
|
|
></DD
|
|
><DT
|
|
>IP address</DT
|
|
><DD
|
|
><P
|
|
>This is an IP address in dotted quad notation. If the client's IP address
|
|
matches this, the entry applies, and all following entries are ignored.</P
|
|
></DD
|
|
><DT
|
|
>Domain name</DT
|
|
><DD
|
|
><P
|
|
>This is a domain name, specified as
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>*.</SPAN
|
|
><TT
|
|
CLASS="REPLACEABLE"
|
|
><I
|
|
>domain</I
|
|
></TT
|
|
>.
|
|
If the client's hostname matches the domain name, the entry matches.</P
|
|
></DD
|
|
><DT
|
|
>Network name</DT
|
|
><DD
|
|
><P
|
|
>This is the name of a network as specified in
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/networks</TT
|
|
>. If the network number of the client's
|
|
IP address matches the network number associated with the network name, the
|
|
entry matches.</P
|
|
></DD
|
|
><DT
|
|
>Default</DT
|
|
><DD
|
|
><P
|
|
>The string <TT
|
|
CLASS="LITERAL"
|
|
>default</TT
|
|
> matches any client.</P
|
|
></DD
|
|
></DL
|
|
></DIV
|
|
></P
|
|
><P
|
|
>Entries with a more general site specification should be specified earlier,
|
|
because any matches will be overridden by later, more exact matches.</P
|
|
><P
|
|
>The second and third fields describe the access rights granted to the
|
|
client. The second field details the permissions to retrieve news by pulling
|
|
(<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>read</SPAN
|
|
>), and transmit news by pushing
|
|
(<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>xfer</SPAN
|
|
>). A value of
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>both</SPAN
|
|
> enables both;
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>no</SPAN
|
|
> denies access
|
|
altogether. The third field grants the client the right to post
|
|
articles, i.e., deliver articles with incomplete header information,
|
|
which is completed by the news software. If the second field contains
|
|
<SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>no</SPAN
|
|
>, the third field is ignored.</P
|
|
><P
|
|
>The fourth field is optional and contains a comma-separated list of groups to
|
|
which the client is denied access.</P
|
|
><P
|
|
>This is a sample <TT
|
|
CLASS="FILENAME"
|
|
>nntp_access</TT
|
|
> file:
|
|
|
|
<TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><PRE
|
|
CLASS="SCREEN"
|
|
>#
|
|
# by default, anyone may transfer news, but not read or post
|
|
default xfer no
|
|
#
|
|
# public.vbrew.com offers public access via modem. We allow
|
|
# them to read and post to any but the local.* groups
|
|
public.vbrew.com read post !local
|
|
#
|
|
# all other hosts at the brewery may read and post
|
|
*.vbrew.com read post</PRE
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nntp.nntpd.html"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nntp.authorize.html"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Installing the NNTP Server</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x-087-2-nntp.html"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>NNTP Authorization</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |