Changi NNTP Server 1.0
[
Bottom of Page |
Previous Page |
Next Page |
Table of Contents ]
ctrl_access
This file is used to determine which hosts and users
are granted permissions to control the server. By default,
Changi tries to read this file from
CHANGIWORKDIR, unless
otherwise specified by
option -c
or CHANGICTRLACCESSFILE.
If the server couldn't locate the
file, any access is granted to the local host only, either
through ip 127.0.0.1
, the name specified by
CHANGIHOSTNAME
or the explicit name localhost
.
Granting control access for other hosts than your local
is potentially dangerous and should never be given to unprotected
machines. Note, that intruders may be able to fake ip addresses
and hostnames.
The file consists of one or more lines with three space
separated fields each. Any line with character # in the
first column is interpreted as a comment line and ignored.
All other lines must follow this general format:
hostname|ip user permissions
hostname|ip
This may be any valid host name or host address in the dotted decimal
form. Changi will perform case insensitive pattern matching of
this entry against the name and ip-address of the originator of
an incoming control datagram.
user
User-id to be checked against the one included in the incoming
control datagram.
permissions
This list of characters specifies the type of control datagrams,
that will be accepted from the specified host and user.
The following list shows all possible characters and their
related control commands.
a :
addhist
History records are accepted
D :
allow
Permission to allow client connections after a previously
received reject command.
c :
cancel
Local cancels of articles are accepted.
u :
changegroup
Changing group modes is allowed.
e :
drop
Permission to drop sites from feeding.
f :
flush
Permission to flush sites being fed.
g :
flushlogs
Allowed to flush server internal buffers.
F :
flushserver
Permission to put server in flushed mode.
h :
go
Permission to put server back to normal mode after previously
having been flushed, paused or throttled.
s :
mode
Permission to query current server mode.
k :
newgroup
Adding new groups is allowed.
l :
param
Changing server configuration is allowed. Note that giving
this permission to hosts out of sight may be extremely
dangerous, because the remote would be able to change security
related items.
m :
pause
Permission to put the server in paused mode.
C :
reject
Permission to disallow new client connections.
p :
rmgroup
Removing active groups is allowed.
q :
shutdown
Permission to shutdown the server.
r :
throttle
Permission to put the server in throttled mode.
x :
xabort
Permission to immediately abort the server.
Y :
oversync
Permission to control a background task for overview updating.
H :
hostentry
Permission to query a list of connected hosts.
U :
userentry
Permission to query a list of logged in users.
R :
resource
Permission to query system resources.
E :
disconnect
Permission to kick out a specified user or host.
G :
groupentry
Permission to query a list of active newsgroups.
S :
rejecting
Permission to query the current reject reason.
Example:
#
# Comments are preceded by '#'
#
*.ping.de * cs
*.ping.de harald cCDFghmqrsY
localhost harald *
localhost oliver *
All users in domain ping.de
are allowed to cancel
articles in the local newsbase or query the current server mode.
Only user harald
is also allowed to put the server
in flushed, paused, throttled and back into normal mode from any
host within domain ping.de
. He may also force the
server to reject or allow new client connections, shutdown the
server or control the overview update task remotely.
No restrictions apply to users harald
and
oliver
for controlling the server locally.
[
Top of Page |
Previous Page |
Next Page |
Table of Contents ]