Hi, I think we can simplify this a little. The use of :add rules should be avoided unless absolutely necessary as they make changing the configuration later much more difficult.
*:logoff:::* *:read:::open.*,!control.* *:read,post:$lookup$:$lookup$:open.*,!control.*:users=50,con=10 *:read,post:groups=alt::alt.* *:read,post:groups=bin::bin.* *:read,post:groups=com::com.* This gives read access to open.* to all non-authenticated users. It then gives read/post access to all authenticated users to open.*. Finally it gives each specific user group read/post access to their own groups. - Roydon L. <[EMAIL PROTECTED]> wrote in message news:<3e1a52a7$1@netwin1>... > > Groups on my server: > alt.1234 > alt.123 > alt.12 > alt.1 > bin.1234 > bin.123 > bin.12 > bin.1 > com.1234 > com.123 > com.12 > com.1 > open.1234 > open.123 > open.12 > open.1 > > USERGROUPS: alt, bin, com each to have access to their groups AND the open.* groups if they login with a U/P. > > Access to the server to be available to public, but only to access open.* groups, and then, olny to be able to READ. > > I have gotten dnews to do the first part, logging in with bin priviledges gives read/post access to bin.*, open.* ... same with the others. > > The problem, is the second part, accessing the server WITHOUT a USERNAME/PASSWORD lists only the open.* groups, BUT one can read AND post, instead of the desired READ ONLY. > > ACCESS.CONF > *:logoff:::* > *:read,post:$lookup$:$lookup$:*:users=50,con=10 > *:read:::* > *:read,post:groups=alt::alt.*:add > *:read,post:groups=bin::bin.*:add > *:read,post:groups=com::com.*:add > *:read,post:groups=control::*control*:add > > P.S. Last line was to prevent the control groups from showing up under every situation, is this a proper way to resolve that problem? >
