Path: utzoo!attcan!uunet!cbmvax!snark!eric From: eric@snark.UUCP (Eric S. Raymond) Newsgroups: news.software.b Subject: Re: private newsgroups Summary: This is now a supported 3.0 feature Message-ID:Date: 15 Jul 88 22:12:56 GMT References: <657@cbnews.att.com> Organization: Cosmic Karmic Recycling Central Lines: 49 In article <657@cbnews.att.com>, tgt@cbnews.ATT.COM (Tim Thompson) writes: > My question, then, is as follows: Is there a more elegant way to implement > private newsgroups under 2.11 B news? These private newsgroups won't > be transmitted anywhere else -they'll only live on this one machine. > The problem lies in that only a certain class of users should be allowed > to read and/or post to them. As of this morning, the `elegant way' is to bring up 3.0 on your machine. Private groups with posting *and reading* authorization check are now a fully supported feature of the 3.0 beta; the code and documentation changes will go to the beta sites this afternoon as part of patch #2. If you run with FASCIST on, you can control posting and reading access to groups on a per-user basis. Netnews uses group permissions to achieve this. All news database files (including article text) are created and maintained owned by NEWSUSR and NEWSGROUP, with permissions u=rwx,g=rx,o-rwx (750). Thus only programs that are suid or sgid NEWSUSR can read news database files. Only programs that are suid NEWSUSR can write them. Readers are sgid NEWSUSR; rnews, expire and sendbatch are suid NEWSUSR. Within the interfaces, security checks are done in the standard service layers that news readers and posters use to get at the news database. Essentially, if you're locked out of a group, the service layer forces your subscription bit for it off at startup time, so you never see it. The few reader commands that permit you to go to a not-previously-subscribed group have their own checks. It will be the site administrator's responsibility to ensure that homebrew readers use the standard service libraries (and thus incorporate the security checks). Security restrictions are expressed in the ADM/authorized file. The ADM/fascist file of older versions had two colon-separated fields per line, the first a user or group name and the second a subscription specifying those groups for which said user or group has posting privileges. The ADM/authorized format adds an optional third colon-separated field to specify *reading* privileges. FASCIST mode has two minor disadvantages. One is that you have to newgroup news or su news or root to snoop the machine history and active files to track problems. The other is that users who want to roll their own readers (and aren't just front-ending the ednews tool) will need to get someone with root privileges to set their programs sgid NEWSUSR on each runtime generation. So there you have it. Folks, get in your feature-wish-lists now, because I'm *not* going to want to do a lot of iffy hacking on the code once the beta is complete (I'd just have to beta again, and despite a low level of problems this test has *not* been easy on me -- nothing involving within-hours responses to reports from 50 different sites ever is). -- Eric S. Raymond (the mad mastermind of TMN-Netnews) UUCP: ..!{uunet,att,rutgers!vu-vlsi}!snark!eric Smail: eric@snark.UUCP Post: 22 South Warren Avenue, Malvern, PA 19355 Phone: (215)-296-5718