e45365c8a375f460bacaf8e65f18c699 inn-etc-readers.conf

Changed files:
    inn-etc-readers.conf -> 1.1

diff --git a/inn-etc-readers.conf b/inn-etc-readers.conf
new file mode 100644 (file)
index 0000000..8669f29
--- /dev/null
+++ b/inn-etc-readers.conf
@@ -0,0 +1,125 @@
+##  $Id$
+##
+##  readers.conf - Access control and configuration for nnrpd
+##
+##  Format:
+##     auth "<name>" {
+##             hosts: "<hostlist>"
+##             auth: "<authprog>"
+##             res: "<resprog>"
+##             default: "<identity>"
+##             default-domain: "<email-domain>"
+##     }
+##     access "<name>" {
+##             users: "<userlist>"
+##             newsgroups: "<newsgroups>"
+##             read: "<read>"
+##             post: "<post>"
+##             access: "<perm>"
+##     }
+##
+##  Other parameters are possible.  See readers.conf(5) for all the
+##  details.  Only one of newsgroups or read/post may be used in a single
+##  access group.
+##
+##  If the connecting host is not matched by any hosts: parameter of any
+##  auth group, it will be denied access.  auth groups assign an identity
+##  string to connections, access groups grant privileges to identity
+##  strings matched by their users: parameters.
+##
+##  In all cases, the last match found is used, so put defaults first.
+##
+##  For a news server that allows connections from anyone within a
+##  particular domain or IP address range, just uncomment the "local" auth
+##  group and the "local" access group below and adjust the hosts: and
+##  default: parameters of the auth group and the users: parameter of the
+##  access group for your local network and domain name.  That's all there
+##  is to it.
+##
+##  For more complicated configurations, read the comments on the examples
+##  and also see the examples and explanations in readers.conf(5).  The
+##  examples in readers.conf(5) include setups that require the user to
+##  log in with a username and password (the example in this file only
+##  uses simple host-based authentication).
+
+# The only groups enabled by default (the rest of this file is
+# commented-out examples).  This assigns the identity of <localhost> to
+# the local machine
+
+auth "localhost" {
+    hosts: "localhost, 127.0.0.1, ipv6-localhost, ::1, stdin"
+    default: "<localhost>"
+}
+
+# Grant that specific identity access to read and post to any newsgroup.
+
+access "localhost" {
+    users: "<localhost>"
+    newsgroups: "*"
+}
+
+
+# This auth group matches all connections from example.com or machines in
+# the example.com domain and gives them the identity <local>@example.com.
+# Instead of using wildmat patterns to match machine names, you could also
+# put a wildmat pattern matching IP addresses or an IP range specified
+# using CIDR notation (like 10.10.10.0/24) here.
+
+#auth "local" {
+#    hosts: "*.example.com, example.com"
+#    default: "<local>@example.com"
+#}
+
+# This auth group matches a subset of machines and assigns connections
+# from there an identity of "<read>@example.com"; these systems should
+# only have read access, no posting privileges.
+
+#auth "read-only" {
+#    hosts: "*.newuser.example.com"
+#    default: "<read>@example.com"
+#}
+
+# This auth group matches the systems at a guest institution that should
+# be allowed to read the example.events.* hierarchy but nothing else.
+
+#auth "events-only" {
+#    hosts: "*.example.org"
+#    default: "<events-only>@example.org"
+#}
+
+# Finally, this auth group matches some particular systems which have been
+# abusing the server.  Note that it doesn't assign them an identity at
+# all; the "empty" identity created in this fashion won't match any users:
+# parameters.  Note also that it's last, so anything matching this entry
+# will take precedent over everything above it.
+
+#auth "abusers" {
+#    hosts: "badguy-dsl.example.com, kiosk.public-access.example.com"
+#}
+
+
+# Now for the access groups.  All of our access groups should have users:
+# parameters so there are no access groups that match connections without
+# an identity (such as are generated by the "abusers" entry above).
+# First, the default case of local users, who get to read and post to
+# everything.
+
+#access "local" {
+#    users: "<local>@example.com"
+#    newsgroups: "*"
+#}
+
+# Now, the read-only folks, who only get to read everything.
+
+#access "read-only" {
+#    users: "<read>@example.com"
+#    read: "*"
+#}
+
+# Finally, the events-only people who get to read and post but only to a
+# specific hierarchy.
+
+#access "events-only" {
+#    users: "<events-only>@example.org"
+#    newsgroups: "example.events.*"
+#}