rang@cpsin3.cps.msu.edu (Anton Rang) (11/04/88)
I believe that a security group would probably do more good than harm, as long as most system administrators READ IT! For that matter, a question somebody might know the answer to: Is it possible to restrict access to a newsgroup (on a particular machine)? For instance, by changing the mode of its spool dir? If so, this would solve 99% of the problems with a security group, at least here--just don't give ordinary users privs to see it! Is there currently an active mailing list on this? I've read some postings which suggested it (actually, that there are 2 or 3). Could somebody E-mail me information on subscribing? (I've been trying to improve security out here for...oh, since I got here.) Thanks, Anton Rang (rang@cpswh.cps.msu.edu) +---------------------------+------------------------+----------------------+ | Anton Rang (grad student) | "UNIX: Just Say No!" | "Do worry...be SAD!" | | Michigan State University | rang@cpswh.cps.msu.edu | | +---------------------------+------------------------+----------------------+
nagel@paris.ics.uci.edu (Mark Nagel) (11/05/88)
In article <1005@cps3xx.UUCP>, rang@cpsin3 (Anton Rang) writes: |I believe that a security group would probably do more good than harm, |as long as most system administrators READ IT! For that matter, a |question somebody might know the answer to: | | Is it possible to restrict access to a newsgroup (on a particular | machine)? For instance, by changing the mode of its spool dir? | If so, this would solve 99% of the problems with a security group, | at least here--just don't give ordinary users privs to see it! Well, yes, you could do that for a local spool directory. But what about those sites (like ours) that have a central news database with the rest of the hosts reading via NNTP? Even if you added some kind of security check into the nntp daemon, there is *no* way (that I know of) to authenticate the posting or reading of an article based on user or group privileges. The best you can do is to deny posting access to a particular host. I wish there was a way to do this... Mark D. Nagel UC Irvine - Dept of Info and Comp Sci | The probability of someone nagel@ics.uci.edu (ARPA) | watching you is proportional to {sdcsvax|ucbvax}!ucivax!nagel (UUCP) | the stupidity of your action.
newsadm@mcgp1.UUCP (Netnews Administrator) (11/06/88)
In article <1005@cps3xx.UUCP>, rang@cpsin3.cps.msu.edu (Anton Rang) writes: > Is it possible to restrict access to a newsgroup (on a particular > machine)? For instance, by changing the mode of its spool dir? > If so, this would solve 99% of the problems with a security group, > at least here--just don't give ordinary users privs to see it! As luck would have it, yesterday I had to do just that. I took Spaf's FASCIST code and modified it, calling it PRUDE. Basically, it makes groups that certain users are not allowed to see seem to not even exist. I will soak it here for another week and then post the diffs. PLEASE, no flames about censorship. I didn't like doing it, but a rather sticky situation here demanded it. (Actually, the PRUDE default is "all". The one and only person I'm restricting is a certain member of upper management. I'm operating under the theory that what he doesn't know can't hurt me. :-) ) John Opalko newsadm@mcgp1.UUCP (on duty) jgo@mcgp1.UUCP (off duty)