Send inn-workers mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.isc.org/mailman/listinfo/inn-workers
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of inn-workers digest..."
Today's Topics:
1. Counting the number of connections per user (Julien ?LIE)
----------------------------------------------------------------------
Message: 1
Date: Fri, 7 Apr 2023 17:23:51 +0200
From: Julien ?LIE <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Counting the number of connections per user
Message-ID: <[email protected]>
Content-Type: text/plain; charset=UTF-8; format=flowed
Hi all,
There's a suggestion in the news.admin.peering newsgroup to facilitate
the count of the number of active nnrpd connections a given
authenticated user has.
Message-ID: <[email protected]>
%%%
>> Another question, is it possible to limit the maximum number of
>> connections per authenticated user? I know this is possible for
>> peers, but can this also be set up for authenticated users? Maybe a
>> setting in readers.conf or nnrpd that I'm overlooking?
>
> Unfortunately, the response is no. There's no native way of
> limiting users' connections.
> You may want to write a custom authentication hook (perl_auth or
> python_auth in readers.conf) that would do the job by accounting how
> many connections are open by a given user, and deny access if it
> exceeds the limit. I am not aware of existing scripts to do that :-(
>
> It could be worthwhile having though, as you're not the first one to
> ask (but nobody wrote or shared what he came up with).
The nnrpd manual states:
"As each command is received, nnrpd tries to change its "argv" array so
that ps(1) will print out the command being executed."
This will then look like this:
nnrpd: <xxx.xxx.xxx.xxx> GROUP
nnrpd: <xxx.xxx.xxx.xxx> XOVER
Is it perhaps also possible to add the authenticated user to this?
Something like:
nnrpd: <xxx.xxx.xxx.xxx> Eli GROUP
nnrpd: <xxx.xxx.xxx.xxx> Eli XOVER
This would make it possible to limit the number of connections per user
via a perl script.
%%%
That sounds interesting, and easy to do.
As we have addcanlockuser, addinjectionpostingaccount, and a few other
add* parameters in access groups of readers.conf, would you be OK for a
new addargvuser boolean parameter? (or any other better name?)
It would naturally be off by default owing to privacy concerns.
--
Julien ?LIE
? Quand on demande aux gens d'observer le silence, au lieu de l'observer
comme on observe une ?clipse de lune, ils l'?coutent ! ? (Raymond
Devos)
------------------------------
Subject: Digest Footer
_______________________________________________
inn-workers mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/inn-workers
------------------------------
End of inn-workers Digest, Vol 149, Issue 1
*******************************************
