access question
Nick Edwards
nick.z.edwards at gmail.com
Tue Sep 9 22:50:07 UTC 2014
On 9/10/14, Julien ÉLIE <julien at trigofacile.com> wrote:
> Hi Nick,
>
>> I think I have the access file sorted but to make sure, our readers.conf
>> is
>>
>> auth "localhost" {
>> hosts: "localhost, 127.0.0.1, ::1, stdin"
>> default: "<localhost>"
>> }
>>
>> access "localhost" {
>> users: "<localhost>"
>> newsgroups: "*"
>> access: RPA
>> }
>>
>>
>> auth custs {
>> hosts: "IP.RA.NG.E/CIDR, *.anotherdomain, *.yetanotherdomain"
>> default: <custs>
>> }
>>
>> access custs {
>> newsgroups: *
>> }
>>
>>
>> If my reading on man is right, this appear secure, but is it
>> appropriate? Do we need a users: line or is it implied ?
>
> Hmm... Though I have not tested your example, I believe it does not
> work the way you would like.
> Keep in mind that the last matching auth group is used. Similarly, the
> last matching access group is also used. So I believe "access custs"
> will always be used.
> I for one add the key: parameter to make sure my groups are correctly
> configured (use the same key: parameter for localhost, and the same for
> custs).
>
> Documentation is here:
> http://www.eyrie.org/~eagle/software/inn/docs/readers.conf.html
>
> The users: parameter is not necessary (it defaults to "*").
>
>
Ahh OK, I was close, I think, so, default: <custs> should in fact be <LOCAL>
Just trying to get my head around the linking of the two, rather steep
learning curve compared to what I'm used to ( a singe line:
*.example.com:read,post:::* ) need to allocate bit more time to
understand access I think :-)
Nik
More information about the inn-workers
mailing list