I'm having difficulty allowing a small collection of newsgroups to be avaliable to the general public. I want to allow the various furry newsgroups, *fur* and yerf*. However, if I specify anything other than * for the group restriction, it disconnects users saying they don't have access. I'm wondering if anybody found a solution for this?
Here's my nntpcache.access file... # $Id: nntpcache.access-dist,v 1.1.1.1 1998/07/29 15:14:28 proff Exp $ # # this is an example nntpcache.access file. # user names are pulled off the wire via RFC931 "ident". if the # remote host isn't running identd, then the username "unknown" will be # returned. # 5~# matching is top down, from the general to the specific. the LAST MATCH is # dominant, except where the the "quick" keyword is used. If the last match # is a negation then access is refused. # # this is a merged access schema. it controls both permission to talk # as well as the finer grain per group permissions. # # a wild card for the hostname and the keyword "strip" in the permissions # field will cause that group to be stripped out of the active, active.times, # newsgroups, and xgtitle files # # if a group field contains the match-all "*" then the authorisation # entry is used in both the initial connection authorisation and in # per-group authorisation. if the group field contains the keyword # "<nntp>" then the entry is ONLY used in connection authorisation. # anything else is only used during group authorisation. # # warning: # if a client is given permission to connect, # but is denied read access to a particular group, # then it can still read articles from that group # IFF they are cross-posted to another group, which the # client has permission to read. # # for these access controls to work at a group level and not just at # connection time, you need to have "groupSecurity" turned on in # the nntpcache.config file. # # for these permissions (other than strip) to be applied to # LISTs of groups (i.e "directories" of groups, such as the # active/active.times/newsgroups/newgroups lists) you need to # have listSecurity turned on in the nntpcache config file. # # if "censor" or "filter" are in the permissions then the fourth # field contains a list of filter files which are used for pattern # matching on content/headers. The difference between "censor" # and "filter" is that when an nntpcache client asks for a censor'ed # piece of information nntpcache returns information of the type # requested, but with the content replaced with a message stating # that the message was censored. the "filter" permission on the other # attemps to remove information matching the filter transparently. # # nb. as of this writing censoring has not been fully implimented. # filtering works fine though. # # nb. for various reasons, filters may not work 100% effectively without # groupSecurity being on. # # "auth" in the permissions field dictates that AUTHINFO authorisation # is required for the line to have any effect. (username/password, as # per /etc/passwd or NIS) # # if the client is authorised, then the fith field comes into play. # this last field is a comma seperated list of filenames which # contain usernames to be matched against the user name used in the # authorisation. # # nb. the AUTHINFO code has been disabled for lack of interest. # please bug [EMAIL PROTECTED] if you want it re-enabled # # nb. lines can not be longer that 1023 bytes each # # the default policy is no access. # the following line reverses this # # host patern group permissions filters userfiles #* * read,post # whatever is not denied is permitted; we are now a woodstock access file. # cooling! * * deny # but hendrix is dead, and the world has moved into a new reign # of conservatism. not so cool. # we are now a french legal system access file. users are guilty until # proven innocent (mmmmmmmmmmmmmm. guilty users). # # credentials for internal nocem daemon <[EMAIL PROTECTED]> * read,quick # developer's gets full access to everything, regardless # of what subsequent rules say # #192.168.*.* * read,post,quick # allow anyone from localhost to conncet to the web statistics port localhost <http> read,quick # full access for our local network localhost * read,post *ursine.dyndns.org * read,post * *fur* read,post * yerf* read,post # smut is low on our bandwidth priorities * *pictures* deny,strip * *binaries* deny,strip * *sex* deny,strip # strip some bogus groups that waste resources * *.-.*, deny,strip * *._.* deny,strip -- Baloo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
