perl_access, 502 errors, and gracefully removing permissions

Mussulman, David E mussulma at illinois.edu
Wed Sep 22 18:47:25 UTC 2010 

Hi Julien, thanks for the quick response.

On Wed, Sep 22, 2010 at 01:24:02PM -0500, Julien ÉLIE wrote:
> Hi David,
> 
> > However, now, when newsgroups readers who were previously subscribed to
> > that newsgroup try to connect, they're having problems with the GROUP
> > (or some other newsgroup access command) returns a "502 Read access
> > denied" error.
> 
> That's a compliant generic answer.
> 
>    502:  It is necessary to terminate the connection and to start a new
>          one with the appropriate authority before the command can be used.
> 
> 
> We do not know whether a command is a given command (like "GROUP") or
> a whole command with its possible arguments (like "GROUP news.group").
> I assume it is a whole command line.

Right, it's the whole command line.  "GROUP class.fa09.foobar" returns
the 502 Read access denied


> > I tested telnetting into the news server on port 119.  A 502 error on
> > the GROUP command does not terminate the connection (which seems to
> > follow the RFC), but it looks like some readers just can't handle that
> > code in that place.
> 
> Just to be sure:  is the newsgroup listed in response to "LIST ACTIVE"?
> (or "LIST ACTIVE newsgroup")

No, I can confirm that the restricted newsgroup is not listed in the
LIST ACTIVE command.

list active class.fa09.foobar
215 Newsgroups in form "group high low status"
.

> 
> My guess is that they are not listed.  Do you confirm?
> It would then be strange that tin or Thunderbird do not remove the
> newsgroup from the available list of newsgroups.  There is something
> I do not understand.  Do they probe them and expect a 411 answer?!?
> 
> Well, we could answer 411 for them instead of 502.
> It depends on the amount of information we want to give.  I still believe
> that 502 is better because 502 contains a useful information (the group
> does exist and one has to authenticate in some way).
> 
> In our wishlist, there is for instance:
>     http://inn.eyrie.org/trac/ticket/46

I don't understand the client behavior either.  The wishlist enhancement
you mentioned would be nice.  I could even see that simplified to just a
global toggle between 411 and 480/502.  I don't believe putting a group
wildmat restriction on that hiding is important for my needs (I'd
probably just leave it at *)

I don't have a good way to test, but at least with tin when I edited the
newsrc line for the restricted newsgroup and changed it to a newsgroup
that didn't exist, tin loaded the rest of the way.  That's the operation
I expected (and it showed the newsgroup as deleted in the index).

Dave

More information about the inn-workers mailing list