NNRP.ACCESS (5)

NAME
     nnrp.access - access file for on-campus NNTP sites

DESCRIPTION
     The file <config$_PATH_NNRPACCESS> (typically  /var/news/etc/nnrp.access)
     specifies the access control for those NNTP sites that are not handled by
     the main InterNetNews daemon innd(8) .  The nnrpd(8)  server reads it  when
     first spawned by innd.

     Comments begin with a number sign (``#'') and continue through the end of
     the  line.  Blank lines and comments are ignored.  All other lines should
     consist of five fields separated by colons:
          hosts:perms:username:password:patterns

     The first field is a wildmat(3) -style pattern  specifying  the  names  or
     Internet  address  of  a  set  of  hosts.  Before a match is checked, the
     client's hostname (or its Internet address if gethostbyaddr(3) fails)  is
     converted  to  lowercase.   Each  line  is  matched in turn, and the last
     successful match is taken as the correct one.

     The second field is a set of letters specifying the  permissions  granted
     to the client.  The perms should be chosen from the following set:
          R    The client can retrieve articles
          P    The client can post articles

     The third and fourth fields specify the username and  password  that  the
     client  must use to authenticate themselves before the server will accept
     any articles.  Note that no authentication (other then a  matching  entry
     in  this  file)  is required for newsreading.  If they are empty, then no
     password is required.  Whitespace in these  fields  will  result  in  the
     client  being  unable to properly authenticate themselves and may be used
     to disable access.

     The fifth field is a set of patterns identifying the newsgroups that  the
     client  is  allowed  to access.  The patterns are interpreted in the same
     manner as the newsfeeds(5)  file.  The default, however, denies access  to
     all groups.

     The access file is normally used to provide host-level access control for
     reading and posting articles.  There are times, however, when this is not
     sufficient and user-level access control is  needed.   Whenever  an  NNTP
     ``authinfo''  command  is  used,  the nnrpd server re-reads this file and
     looks for a matching username and password.  If the local newsreaders are
     modified to send the ``authinfo'' command, then all host entries can have
     no access and specific users can be granted the appropriate read and post
     access.

     For example:
          ##  host:perm:user:pass:groups
          ## Default is no access.
          *::  -no-  :  -no-  :!*
          ##  FOO hosts have no password, can read anything.
          *.foo.com:Read Post:::*
          ##  A related workstation can't access FOO newsgroups.
          lenox.foo.net:RP:martha:hiatt:*,!foo.*


     If the file contains passwords, it should not be world-readable.
HISTORY
     Written by Rich $alz  <rsalz@uunet.uu.net>  for  InterNetNews.   This  is
     revision 1.11, dated 1996/09/06.

SEE ALSO
     innd(8) , newsfeeds(5) , nnrpd(8) , wildmat(3) .