nnrp conf
Edwardo Garcia
wdgarc88 at gmail.com
Thu Dec 4 03:48:13 UTC 2014
Great thank you for that!
I have one more question, limit user conncurant?
Is innflag -H 6 -X 3600 the only way? Because I concern at 128
limit I read?
I read in archive from Julien some script but not work here evne when
change path, I must called it wrong, but if innflag can do job that
better
On 12/3/14, Russ Allbery <eagle at eyrie.org> wrote:
> Edwardo Garcia <wdgarc88 at gmail.com> writes:
>
>> before I put back server on, is possible to have multi auth refer to one
>> access? or require matching pair?
>
> Yes.
>
> The idea behind readers.conf is that the auth blocks assign an identity to
> the user, and then the access blocks map identities to permissions. So,
> if you have multiple auth blocks that map different incoming connections
> to the same identity, they'll all have exactly the the same access.
>
> If you want to have all rules come in pairs, so that one auth block always
> maps uniquely to one access block, there are two ways to do it. The
> easiest is to always use the default: key in the auth block to assign a
> unique identity that shows up only in that auth block, and then have all
> your access blocks assign permissions based on those unique identities,
> matching only one such identity in each block.
>
> (You can also use key:, but that's a bit more complicated.)
>
>> example:
>
>> auth "localhost" {
>> hosts: "localhost, 127.0.0.1, ::1, stdin, 200.x.x.x.x/24"
>> default: "<localhost>"
>> }
>
>> access "localhost" {
>> users: "<localhost>"
>> newsgroups: "*"
>> access: RPA
>> }
>
> This access block matches only that auth block.
>
>> auth name1 {
>> hosts: " foo/16, bah/19, somefoo/19"
>> default: "<parent>" <--------------------------------
>> }
>
>> auth name2 {
>> hosts: "x.x.x/17, x.x.x.x/16, ..."
>> default: "<parent>" <--------------------------------
>> }
>
>> access subsids {
>> users: "<parent>" <-----------------
>> newsgroups: "*"
>> }
>
> This access block goes with any auth block that assigns an identity of
> <parent>. So it gives the same access to connections that match either of
> those auth blocks.
>
>> is this right? each subsiduary busines we let access to, has many many
>> IP range, I see 8k limit per host line still, and we keep this clean in
>> case company sell off one company we just delete block, hope have syntax
>> right and wont be open server again?
>
> That should not open the news server to the world. I think you've got the
> right configuration for what you're trying to do.
>
> --
> Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
>
> Please send questions to the list rather than mailing me directly.
> <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.
> _______________________________________________
> inn-workers mailing list
> inn-workers at lists.isc.org
> https://lists.isc.org/mailman/listinfo/inn-workers
>
More information about the inn-workers
mailing list