LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/nag2/x-087-2-nntp.access.html

315 lines
5.4 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Restricting NNTP Access</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.57"><LINK
REL="HOME"
TITLE="Linux Network Administrators Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="NNTP and thenntpd Daemon"
HREF="x-087-2-nntp.html"><LINK
REL="PREVIOUS"
TITLE="Installing the NNTP Server"
HREF="x-087-2-nntp.nntpd.html"><LINK
REL="NEXT"
TITLE="NNTP Authorization"
HREF="x-087-2-nntp.authorize.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Linux Network Administrators Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x-087-2-nntp.nntpd.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 22. NNTP and thenntpd Daemon</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x-087-2-nntp.authorize.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="X-087-2-NNTP.ACCESS"
>22.3. Restricting NNTP Access</A
></H1
><P
>&#13;
Access to NNTP resources is governed by the file
<TT
CLASS="FILENAME"
>nntp_access</TT
> in <TT
CLASS="FILENAME"
>/etc/news</TT
>. Lines
in this file describe the access rights granted to foreign hosts. Each line
has the following format:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
><TT
CLASS="REPLACEABLE"
><I
>site</I
></TT
> read|xfer|both|no post|no [!<TT
CLASS="REPLACEABLE"
><I
>exceptgroups</I
></TT
>]</PRE
></TD
></TR
></TABLE
></P
><P
>If a client connects to the NNTP port, <I
CLASS="EMPHASIS"
>nntpd</I
> attempts to
obtain the host's fully qualified domain name from its IP address using reverse
lookup. The client's hostname and IP address are checked against the
<TT
CLASS="REPLACEABLE"
><I
>site</I
></TT
> field of each entry in the order in which they
appear in the file. Matches may be either partial or exact. If an entry
matches exactly, it applies; if the match is partial, it applies only if there
is no other match following it that is at least as good.
<TT
CLASS="REPLACEABLE"
><I
>site</I
></TT
> may be specified in one of the following ways:
<P
></P
><DIV
CLASS="VARIABLELIST"
><DL
><DT
>Hostname</DT
><DD
><P
>This is a fully qualified domain name of a host. If this matches the client's
canonical hostname literally, the entry applies, and all following entries are
ignored.</P
></DD
><DT
>IP address</DT
><DD
><P
>This is an IP address in dotted quad notation. If the client's IP address
matches this, the entry applies, and all following entries are ignored.</P
></DD
><DT
>Domain name</DT
><DD
><P
>This is a domain name, specified as
<SPAN
CLASS="SYSTEMITEM"
>*.</SPAN
><TT
CLASS="REPLACEABLE"
><I
>domain</I
></TT
>.
If the client's hostname matches the domain name, the entry matches.</P
></DD
><DT
>Network name</DT
><DD
><P
>This is the name of a network as specified in
<TT
CLASS="FILENAME"
>/etc/networks</TT
>. If the network number of the client's
IP address matches the network number associated with the network name, the
entry matches.</P
></DD
><DT
>Default</DT
><DD
><P
>The string <TT
CLASS="LITERAL"
>default</TT
> matches any client.</P
></DD
></DL
></DIV
></P
><P
>Entries with a more general site specification should be specified earlier,
because any matches will be overridden by later, more exact matches.</P
><P
>The second and third fields describe the access rights granted to the
client. The second field details the permissions to retrieve news by pulling
(<SPAN
CLASS="SYSTEMITEM"
>read</SPAN
>), and transmit news by pushing
(<SPAN
CLASS="SYSTEMITEM"
>xfer</SPAN
>). A value of
<SPAN
CLASS="SYSTEMITEM"
>both</SPAN
> enables both;
<SPAN
CLASS="SYSTEMITEM"
>no</SPAN
> denies access
altogether. The third field grants the client the right to post
articles, i.e., deliver articles with incomplete header information,
which is completed by the news software. If the second field contains
<SPAN
CLASS="SYSTEMITEM"
>no</SPAN
>, the third field is ignored.</P
><P
>The fourth field is optional and contains a comma-separated list of groups to
which the client is denied access.</P
><P
>This is a sample <TT
CLASS="FILENAME"
>nntp_access</TT
> file:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="SCREEN"
>#
# by default, anyone may transfer news, but not read or post
default xfer no
#
# public.vbrew.com offers public access via modem. We allow
# them to read and post to any but the local.* groups
public.vbrew.com read post !local
#
# all other hosts at the brewery may read and post
*.vbrew.com read post</PRE
></TD
></TR
></TABLE
></P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x-087-2-nntp.nntpd.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x-087-2-nntp.authorize.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Installing the NNTP Server</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="x-087-2-nntp.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>NNTP Authorization</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink