Path: utzoo!attcan!uunet!cbmvax!snark!eric
From: eric@snark.UUCP (Eric S. Raymond)
Newsgroups: news.software.b
Subject: Re: private newsgroups
Summary: This is now a supported 3.0 feature
Message-ID: 
Date: 15 Jul 88 22:12:56 GMT
References: <657@cbnews.att.com>
Organization: Cosmic Karmic Recycling Central
Lines: 49

In article <657@cbnews.att.com>, tgt@cbnews.ATT.COM (Tim Thompson) writes:
> My question, then, is as follows: Is there a more elegant way to implement
> private newsgroups under 2.11 B news? These private newsgroups won't 
> be transmitted anywhere else -they'll only live on this one machine.
> The problem lies in that only a certain class of users should be allowed
> to read and/or post to them.

As of this morning, the `elegant way' is to bring up 3.0 on your machine.
Private groups with posting *and reading* authorization check are now a fully
supported feature of the 3.0 beta; the code and documentation changes will go
to the beta sites this afternoon as part of patch #2.

If you run with FASCIST on, you can control posting and reading access to
groups on a per-user basis. Netnews uses group permissions to achieve this.
All news database files (including article text) are created and maintained
owned by NEWSUSR and NEWSGROUP, with permissions u=rwx,g=rx,o-rwx (750). Thus
only programs that are suid or sgid NEWSUSR can read news database files. Only
programs that are suid NEWSUSR can write them. Readers are sgid NEWSUSR;
rnews, expire and sendbatch are suid NEWSUSR.

Within the interfaces, security checks are done in the standard service layers
that news readers and posters use to get at the news database. Essentially, if
you're locked out of a group, the service layer forces your subscription bit
for it off at startup time, so you never see it. The few reader commands that
permit you to go to a not-previously-subscribed group have their own checks. It
will be the site administrator's responsibility to ensure that homebrew readers
use the standard service libraries (and thus incorporate the security checks).

Security restrictions are expressed in the ADM/authorized file. The ADM/fascist
file of older versions had two colon-separated fields per line, the first a
user or group name and the second a subscription specifying those groups for
which said user or group has posting privileges. The ADM/authorized format adds
an optional third colon-separated field to specify *reading* privileges.

FASCIST mode has two minor disadvantages. One is that you have to newgroup news
or su news or root to snoop the machine history and active files to track
problems. The other is that users who want to roll their own readers (and
aren't just front-ending the ednews tool) will need to get someone with root
privileges to set their programs sgid NEWSUSR on each runtime generation.

So there you have it. Folks, get in your feature-wish-lists now, because I'm
*not* going to want to do a lot of iffy hacking on the code once the beta is
complete (I'd just have to beta again, and despite a low level of problems
this test has *not* been easy on me -- nothing involving within-hours
responses to reports from 50 different sites ever is).
-- 
      Eric S. Raymond                     (the mad mastermind of TMN-Netnews)
      UUCP: ..!{uunet,att,rutgers!vu-vlsi}!snark!eric   Smail: eric@snark.UUCP
      Post: 22 South Warren Avenue, Malvern, PA 19355   Phone: (215)-296-5718