Xref: utzoo news.groups:6061 news.sysadmin:1143
Path: utzoo!attcan!uunet!ncrlnk!ncrcae!ncr-sd!hp-sdd!ucsdhub!ucsd!orion.cf.uci.edu!paris.ics.uci.edu!nagel
From: nagel@paris.ics.uci.edu (Mark Nagel)
Newsgroups: news.groups,news.sysadmin
Subject: Re: Proposal for comp.security
Message-ID: <891@paris.ics.uci.edu>
Date: 4 Nov 88 22:41:15 GMT
References: <1005@cps3xx.UUCP>
Sender: news@paris.ics.uci.edu
Reply-To: nagel@paris.ics.uci.edu (Mark Nagel)
Followup-To: news.groups
Organization: University of California, Irvine - Dept of ICS
Lines: 22
In-reply-to: rang@cpsin3.cps.msu.edu (Anton Rang)

In article <1005@cps3xx.UUCP>, rang@cpsin3 (Anton Rang) writes:
|I believe that a security group would probably do more good than harm,
|as long as most system administrators READ IT!  For that matter, a
|question somebody might know the answer to:
|
|  Is it possible to restrict access to a newsgroup (on a particular
|  machine)?  For instance, by changing the mode of its spool dir?
|  If so, this would solve 99% of the problems with a security group,
|  at least here--just don't give ordinary users privs to see it!

Well, yes, you could do that for a local spool directory.  But what about
those sites (like ours) that have a central news database with the rest
of the hosts reading via NNTP?  Even if you added some kind of security
check into the nntp daemon, there is *no* way (that I know of) to
authenticate the posting or reading of an article based on user or group
privileges.  The best you can do is to deny posting access to a 
particular host.  I wish there was a way to do this...

Mark D. Nagel
  UC Irvine - Dept of Info and Comp Sci | The probability of someone
  nagel@ics.uci.edu             (ARPA)  | watching you is proportional to
  {sdcsvax|ucbvax}!ucivax!nagel (UUCP)  | the stupidity of your action.