Mercurial > noffle
diff docs/noffle.conf.5 @ 288:c02c4eb95f95 noffle
[svn] * src/configfile.h,src/configfile.c,docs/noffle.conf.5: Add noffle-user
and noffle-group configs.
* src/configfile.c,src/fetch.c,src/fetchlist.c,src/protocol.c,
src/server.c: Replace strcpy() with Utl_cpyStr() where appropriate.
See Debian bug 168128.
* src/control.c,src/configfile.c,src/noffle.c: Replace [s]scanf("%s")
with [s]scanf(MAXCHAR_FMT).
* src/noffle.c: Log warning if noffle.conf is world readable.
* src/noffle.c: Restrict most options to news admins; i.e. those who
are root or news on running Noffle.
* Makefile.in,acconfig.h,aclocal.m4,config.h.in,configure,configure.in,
docs/Makefile.in,docs/noffle.conf.5,packages/Makefile.in,
packages/redhat/Makefile.in,src/Makefile.am,src/Makefile.in,
src/authenticate.c,src/authenticate.h,src/noffle.c,src/server.c:
Add basic authentication using either Noffle-specific user file
or authenticating via PAM (service 'noffle'). PAM authentication
needs to run as root, so a Noffle server that needs PAM
must be started by root. Helpful (?) error messages will be logged
if not. Noffle will switch ruid and euid to 'news' (or whatever
is configured) ASAP.
* src/noffle.c: Add uid checking.
| author | bears |
|---|---|
| date | Fri, 10 Jan 2003 23:25:45 +0000 |
| parents | 0340b9c17edc |
| children | f35a7d45efd5 |
line wrap: on
line diff
--- a/docs/noffle.conf.5 Fri Jan 10 23:11:43 2003 +0000 +++ b/docs/noffle.conf.5 Fri Jan 10 23:25:45 2003 +0000 @@ -1,5 +1,5 @@ .TH noffle.conf 5 -.\" $Id: noffle.conf.5 381 2002-05-14 14:25:45Z mirkol $ +.\" $Id: noffle.conf.5 420 2003-01-10 23:25:45Z bears $ .SH NAME noffle.conf \- Configuration file for NOFFLE news server @@ -98,6 +98,7 @@ .BR all , .BR none , .BR config , +.BR auth , .BR control , .BR expire , .BR fetch , @@ -204,6 +205,22 @@ Default: yes .TP +.B authenticate-client yes|no +Insist that clients authenticate themselves using the NNTP +AUTHINFO USER/AUTHINFO PASS transaction before any news is served. +The form of the authentication is determined at compile time; either +PAM is used (with a service name "noffle"), or the userlist +file is scanned. This file, by default \fI/etc/noffle.users\fP, +is a text file. Spaces, comments starting with '#' and blank lines are +ignored. Other lines must contain space-separated 'username password' +pairs. For security reasons the userlist file must be a regular file, +not a link, and must be owner readable only. Finally, note that the +NNTP AUTHINFO USER/AUTHINFO PASS transaction is not encrypted in any +way, and so must itself be considered insecure. +.br +Default: no + +.TP .B post-locally yes|no Place articles posted to external servers in the local aticle database immediately. Some servers may rewrite Message-IDs, which will cause @@ -257,6 +274,21 @@ Default: 14 .TP +.B noffle-user <n> +The username under which NOFFLE normally runs. If NOFFLE is invoked by +root, it will drop its real and effective UID to this user as soon as +possible. +.br +Default: news + +.TP +.B noffle-group <n> +The group under which NOFFLE normally runs. NOFFLE will change to this +real and effective GID as soon as possible. +.br +Default: news + +.TP .B expire <group pattern> <n> The expiry period for a newsgroup or set of newsgroups, in days. The expiry pattern can contain \fIwildcards\fP, and there can be multiple @@ -287,7 +319,7 @@ uses a wildcard format that closely matches filename-style wildcards. \fIalt.binaries.*\fP, for example, matches all newsgroups under the .I alt.binaries -hierarchy. A full description of the fomat (known as +hierarchy. A full description of the format (known as .B wildmat patterns) is as follows.