[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [leafnode-list] Re: Permissions

On Wednesday 23 May 2001 11:45 pm, you wrote:
> krasel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx (Cornelius Krasel) writes:
> > Andrea Furin <andrea_furin@xxxxxxxxxxx> wrote (not on leafnode-list):
> > > When an user posts an article all user can read it in
> > > /var/spool/news/out.going/<message> ;-(
> >
> > Why is that bad? They will be able to read it anyway as soon as it is on
> > the server.
> >
> > Cc-ed to the leafnode mailing list, because I am interested in feedback
> > by others.
> Protecting the spool from direct read access (thus, forcing the user to
> go through nntpd) will have different advantages, however.
> #1 We can play whatever games we like on the data base format. We could,
>    e. g., store the articles readily escaped (dots at line start) for
>    NNTP, and send them out using sendfile on Linux and FreeBSD. We would
>    save all the gory line-oriented reading and writing.

I hope not; this would break Leafwa.

> #2 When leafnode gets local groups that are restricted by user id (not
>    currently implemented), protecting the spool from the public may
>    become a necessity.

That's a good point. But are you sure you want to implement that in 
Leafnode? If you use the philosophy of "do one thing and do it well",
then it seems to me that nntp servers aren't really about sending messages 
to select groups of people only. If you want to do that, a closed mailing
list approach might be better.

(Of course a groupware package that allows local groups that can then be
accessed by email, nntp or http might be the best solution for that sort
of problem. And I suppose Leafnode could be changed to fit in that rol.
But IMO, Leafnode's main purpose should continue to be a leaf node 
for small sites.)

leafnode-list@xxxxxxxxxxxxxxxxxxxxxxxxxxxx -- mailing list for leafnode
To unsubscribe, send mail with "unsubscribe" in the subject to the list