roger@binky.Binky.COM (Roger Taranto) (10/17/90)
We have an internal group that may potentially contain sensitive articles, and, therefore, would like to limit access to the newsgroup to only certain individuals. We set the permissions on the directory to be 640 so that only people in a specific group can access the articles (the directory is owned by news). That works if people read news on that machine. However, if they read news via nntp, the nntpd is owned by news, making the newsgroup readable by anyone. Is it possible to limit access to a certain newsgroup via nntp? Thanks, -Roger roger@binky.Binky.COM ...!{pacbell,ucbcad,rtech}!binky!roger
jxxl@huxley.cs.nps.navy.mil (John Locke) (10/17/90)
In article <> roger@binky.Binky.COM (Roger Taranto) writes: > We have an internal group that may potentially contain sensitive > articles, and, therefore, would like to limit access to the newsgroup > to only certain individuals. We set the permissions on the directory > to be 640 so that only people in a specific group can access the articles > (the directory is owned by news). That works if people read news > on that machine. However, if they read news via nntp, the nntpd is > owned by news, making the newsgroup readable by anyone. > Is it possible to limit access to a certain newsgroup via nntp? I posed this same question a year ago here and the responses were very helpful. To sum up the situation: nntp does not include read/write permissions but may be expanded to do so in the future. However, using the nntp_access file, you can block the group from being read remotely. The privileged users must log in to the server to read the protected group. Since they don't like logging into another machine just to perform one function (if that is the situation), this solution doesn't work well. If you have NFS on your machines, you can solve the problem in a better, more distributed, fashion by getting rid of nntp except for news transfer between your news server and remote sites. Then you cross-mount the news spool and lib directory to your local machines that make news available. On those machines, replace rrn with rn. User and group ids will have to be consistent across all machines for the protected group to be available to the right accounts. A good minimal configuration is for each client to have rn, inews, Pnews, and Rnmail.