Excluding Cancel-Lock for certain users
Julien ÉLIE
julien at trigofacile.com
Fri Feb 25 20:45:09 UTC 2022
Hi all,
As an identity is always assigned by readers.conf, all posts are
considered to be sent by a known posting-account (the one appearing in
Injection-Info).
Yet, it causes a problem with Cancel-Lock because some identities may be
shared between several persons. Which means that any user with that
identity can cancel any other post from another user with the same identity.
I'm wondering whether a parameter should not be added for access blocks
in readers.conf so as to prevent the generation of user Cancel-Lock and
Cancel-Key for them (of course, the admin Cancel-Lock is always generated).
Example of use:
access "all" {
users: "<all>"
newsgroups: "*"
canlock: false
}
# Same thing for "<localhost>" or similar common access blocks.
If not set, "canlock" defaults to true (meaning user Cancel-Lock and
Cancel-Key are generated).
This proposal follows a discussion I've just had in a French newsgroup,
where someone (Stéphane) pointed out a problem with the usual Perl code
used to generate Cancel-Lock and Cancel-Key in filter_nnrpd.pl on
servers without any authentication needed.
I believe this should be taken into account in the native Cancel-Lock
implementation in nnrpd, and I would suggest that "canlock" parameter.
If you have any better idea, do not hesitate to tell.
--
Julien ÉLIE
« La grippe, ça dure huit jours si on la soigne et une semaine si on ne
fait rien. » (Raymond Devos)
More information about the inn-workers
mailing list