nnrp conf

Edwardo Garcia wdgarc88 at gmail.com
Thu Dec 4 03:48:13 UTC 2014


Great thank you for that!

I have one more question, limit user conncurant?
Is   innflag -H 6 -X 3600     the only way? Because I concern at 128
limit I read?

I read in archive from Julien some script but not work here evne when
change path, I must called it wrong, but if innflag can do job that
better


On 12/3/14, Russ Allbery <eagle at eyrie.org> wrote:
> Edwardo Garcia <wdgarc88 at gmail.com> writes:
>
>> before I put back server on, is possible to have multi auth refer to one
>> access?  or require matching pair?
>
> Yes.
>
> The idea behind readers.conf is that the auth blocks assign an identity to
> the user, and then the access blocks map identities to permissions.  So,
> if you have multiple auth blocks that map different incoming connections
> to the same identity, they'll all have exactly the the same access.
>
> If you want to have all rules come in pairs, so that one auth block always
> maps uniquely to one access block, there are two ways to do it.  The
> easiest is to always use the default: key in the auth block to assign a
> unique identity that shows up only in that auth block, and then have all
> your access blocks assign permissions based on those unique identities,
> matching only one such identity in each block.
>
> (You can also use key:, but that's a bit more complicated.)
>
>> example:
>
>> auth "localhost" {
>>     hosts: "localhost, 127.0.0.1, ::1, stdin, 200.x.x.x.x/24"
>>     default: "<localhost>"
>> }
>
>> access "localhost" {
>>     users: "<localhost>"
>>     newsgroups: "*"
>>     access: RPA
>> }
>
> This access block matches only that auth block.
>
>> auth  name1 {
>>     hosts: " foo/16, bah/19, somefoo/19"
>>     default: "<parent>"     <--------------------------------
>> }
>
>> auth name2 {
>>     hosts: "x.x.x/17, x.x.x.x/16, ..."
>>     default: "<parent>"     <--------------------------------
>> }
>
>> access subsids {
>>     users: "<parent>"   <-----------------
>>     newsgroups: "*"
>> }
>
> This access block goes with any auth block that assigns an identity of
> <parent>.  So it gives the same access to connections that match either of
> those auth blocks.
>
>> is this right?  each subsiduary busines we let access to, has many many
>> IP range, I see 8k limit per host line still, and we keep this clean in
>> case company sell off one company we just delete block, hope have syntax
>> right and wont be open server again?
>
> That should not open the news server to the world.  I think you've got the
> right configuration for what you're trying to do.
>
> --
> Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>
>
>     Please send questions to the list rather than mailing me directly.
>      <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
> _______________________________________________
> inn-workers mailing list
> inn-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/inn-workers
>


More information about the inn-workers mailing list