1NNRPD(8) InterNetNews Documentation NNRPD(8)
2
6 nnrpd - NNTP server for reader clients
7
9 nnrpd [-DfnoSt] [-b address] [-c configfile] [-g shadowgroup>] [-i ini‐
10 tial] [-I instance] [-p port] [-P prefork] [-r reason] [-s padding]
11
13 nnrpd is an NNTP server for newsreaders. It accepts commands on its
14 standard input and responds on its standard output. It is normally
15 invoked by innd(8) with those descriptors attached to a remote client
16 connection. nnrpd also supports running as a standalone daemon.
17 Unlike innd(8) nnrpd supports all NNTP commands for user-oriented read‐
19 ing and posting. nnrpd uses the readers.conf file to control who is
20 authorized to access the Usenet database.
21 On exit, nnrpd will report usage statistics through syslog(3).
23 nnrpd only reads config files (both readers.conf and inn.conf) when it
25 is spawned. You can therefore never change the behavior of a client
26 that's already connected. If nnrpd is run from innd (the default) or
27 from inetd(8), xinetd(8), or some equivalent, a new nnrpd process is
28 spawned for every connection and therefore any changes to configuration
29 files will be immediately effective for all new connections. If you
30 are instead running nnrpd with the -D option, any configuration changes
31 won't take effect until nnrpd is restarted.
32 When nnrpdloadlimit in inn.conf is not 0, it will also reject connec‐
34 tions if the load average is greater than that value (typically 16).
35 nnrpd can also prevent high-volume posters from abusing your resources.
36 See the discussion of exponential backoff in inn.conf(5).
37
39 -b address
40 The -b parameter instructs nnrpd to bind to the specified IP
41 address when started as a standalone daemon using the -D flag. This
42 has to be a valid IPv4 or IPv6 address belonging to an interface of
43 the local host. It can also be ::0 (although the default is
44 0.0.0.0 if unspecified).
45 -c configfile
47 By default, nnrpd reads the readers.conf to determine how to
48 authenticate connections. The -c flag specifies an alternate file
49 for this purpose. If the file name isn't fully qualified, it is
50 taken to be relative to pathetc in inn.conf (this is useful to have
51 several instances of nnrpd running on different ports or IP
52 addresses with different settings.)
53 -D If specified, this parameter causes nnrpd to operate as a daemon.
55 That is, it detaches itself and runs in the background, forking a
56 process for every connection. By default nnrpd listens on the NNTP
57 port (119), so either innd(8) has to be started on another port or
58 nnrpd -p parameter. Note that with this parameter, nnrpd continues
59 running until killed. This means that it reads inn.conf once on
60 startup and never again until restarted. nnrpd should therefore be
61 restarted if inn.conf is changed.
62 When started in daemon mode, nnrpd will write its PID into a file
64 in the pathrun directory. The file will be named nnrpd-%d.pid,
65 where %d is replaced with the port that nnrpd is configured to lis‐
66 ten on (119 unless the -p option is given).
67 -f If specified, nnrpd does not detach itself and runs in the fore‐
69 ground when started as a standalone daemon using the -D flag.
70 -g shadowgroup
72 On systems that have a shadow password file, nnrpd tries to add the
73 group shadow as a supplementary group if it is running in stand‐
74 alone mode. On many systems, members of that group have read per‐
75 mission for the shadow password file. The -g parameter instructs
76 nnrpd to try to add the named group as a supplementary group on
77 shadow systems instead of shadow. This only works if "HAVE_GETSP‐
78 NAM" in include/config.h is defined and nnrpd is running in stand‐
79 alone mode since this call only works when nnrpd is started as
80 root.
81 -i initial
83 Specify an initial command to nnrpd. When used, initial is taken as
84 if it were the first command received by nnrpd.
85 -I instance
87 If specified instance is used as an additional static portion
88 within MessageIDs generated by nnrpd; typically this option would
89 be used where a cluster of machines exist with the same virtual
90 hostname and must be disambiguated during posts.
91 -n The -n flag turns off resolution of IP addresses to names. If you
93 only use IP-based restrictions in readers.conf and can handle IP
94 addresses in your logs, using this flag may result in some addi‐
95 tional speed.
96 -o The -o flag causes all articles to be spooled instead of sending
98 them to innd(8). rnews with the -U flag should be invoked from cron
99 on a regular basis to take care of these articles. This flag is
100 useful if innd(8) in accepting articles and nnrpd is started stand‐
101 alone or using inetd(8).
102 -p port
104 The -p parameter instructs nnrpd to listen on port when started as
105 a standalone daemon using the -D flag.
106 -P prefork
108 The -P parameter instructs nnrpd to prefork prefork children await‐
109 ing connections when started as a standalone daemon using the -D
110 flag.
111 -r reason
113 If the -r flag is used, then nnrpd will reject the incoming connec‐
114 tion giving reason as the text. This flag is used by innd(8) when
115 it is paused or throttled.
116 -s padding
118 As each command is received, nnrpd tries to change its "argv" array
119 so that ps(1) will print out the command being executed. To get a
120 full display, the -s flag may be used with a long string as its
121 argument, which will be overwritten when the program changes its
122 title.
123 -S If specified, nnrpd will start a negotiation for SSL session as
125 soon as connected. To use this flag, "--with-openssl" must have
126 been specified at "configure" time.
127 -t If the -t flag is used then all client commands and initial
129 responses will be traced by reporting them in syslog. This flag is
130 set by innd(8) under the control of the ctlinnd(8) "trace" command,
131 and is toggled upon receipt of a "SIGHUP"; see signal(2).
132
134 If INN is built with "--with-openssl", nnrpd will support news reading
135 over TLS (also known as SSL). For clients that use the STARTTLS com‐
136 mand, no special configuration is needed beyond creating a TLS/SSL cer‐
137 tificate for the server. You should do this in exactly the same way
138 that you would generate a certificate for a web server.
139 If you're happy with a self-signed certificate (which will generate
141 warnings with some news reader clients), you can create and install one
142 in the default path by running "make cert" after "make install" when
143 installing INN, or by running the following commands:
144 openssl req -new -x509 -nodes -out /usr/local/news/lib/cert.pem \
146 -days 366 -keyout /usr/local/news/lib/key.pem
147 chown news:news /usr/local/news/lib/cert.pem
148 chmod 640 /usr/local/news/lib/cert.pem
149 chown news:news /usr/local/news/lib/key.pem
150 chmod 600 /usr/local/news/lib/key.pem
151 Replace the paths with something appropriate to your INN installation.
153 This will create a self-signed certificate that will expire in a year.
154 The openssl program will ask you a variety of questions about your
155 organization. Enter the fully qualified domain name of the server as
156 the name the certificate is for.
157 Most news clients currently do not use the STARTTLS command, however,
159 and instead expect to connect to a separate port (563) and start an SSL
160 negotiation immediately. innd does not, however, know how to listen
161 for connections to that port and then spawn nnrpd the way that it does
162 for regular reader connections. You will therefore need to arrange for
163 nnrpd to listen on that port through some other means. This can be
164 done with the -D flag (and "-P 563"), but the easiest way is probably
165 to add a line like:
166 nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S
168 to /etc/inetd.conf or the equivalent on your system and let inetd run
170 nnrpd. (Change the path to nnrpd to match your installation if
171 needed.) You may need to replace "nntps" with 563 if "nntps" isn't
172 defined in /etc/services on your system.
173
175 nnrpd implements the NNTP commands defined in RFC 977, with the follow‐
176 ing differences:
177 1. The "slave" command is not implemented. This command has never
179 been fully defined.
180 2. The "list" command may be followed by the optional word
182 "active.times", "distributions", "distrib.pats", "moderators",
183 "newsgroups", "subscriptions", or "Ioverview.fmt" to get a list of
184 when newsgroups where created, a list of valid distributions, a
185 file specifying default distribution patterns, moderators list, a
186 one-per-line description of the current set of newsgroups, a list
187 of the automatic group subscriptions, or a listing of the over‐
188 view.fmt file.
189 The command "list active" is equivalent to the "list" command. This
191 is a common extension.
192 3. The "xhdr", "authinfo user" and "authinfo pass" commands are imple‐
194 mented. These are based on the reference Unix implementation. See
195 RFC 2980.
196 4. A new command, "xpat header range⎪MessageID pat [morepat...]", is
198 provided. The first argument is the case-insensitive name of the
199 header to be searched. The second argument is either an article
200 range or a single Message-ID, as specified in RFC 977. The third
201 argument is a "uwildmat"(3)-style pattern; if there are additional
202 arguments they are joined together separated by a single space to
203 form the complete pattern. This command is similar to the "xhdr"
204 command. It returns a 221 response code, followed by the text
205 response of all article numbers that match the pattern.
206 5. The "listgroup group" command is provided. This is a comment
208 extension. It is equivalent to the "group" command, except that
209 the reply is a multi-line response containing the list of all arti‐
210 cle numbers in the group.
211 6. The "xgtitle [group]" command is provided. This extension is used
213 by ANU-News. It returns a 282 reply code, followed by a one-line
214 description of all newsgroups thatmatch the pattern. The default
215 is the current group.
216 7. The "xover [range]" command is provided. It returns a 224 reply
218 code, followed by the overview data for the specified range; the
219 default is to return the data for the current article.
220 8. The "xpath MessageID" command is provided; see innd(8).
222 9. The "date" command is provided; this is based on the draft NNTP
224 protocol revision (draft-ietf-nntpext-imp-04.txt). It returns a
225 one-line response code of 111 followed by the GMT date and time on
226 the server in the form "YYYYMMDDhhmmss".
227
229 Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. Overview
230 support added by Rob Robertston <rob@violet.berkeley.edu> and Rich in
231 January, 1993. Exponential backoff (for posting) added by Dave Hayes
232 in Febuary 1998.
233 $Id: nnrpd.8 7393 2005-07-18 01:50:17Z eagle $
235
237 ctlinnd(8), innd(8), inn.conf(5), signal(2), uwildmat(3).
238INN 2.4.3 2005-07-17 NNRPD(8)