nnrpd(8)


NAME

   nnrpd - NNTP server for reader clients

SYNOPSIS

   nnrpd [-DfnoSt] [-4 address] [-6 address] [-b address] [-c configfile]
   [-i initial] [-I instance] [-p port] [-P prefork] [-r reason] [-s
   padding]

DESCRIPTION

   nnrpd is an NNTP server for newsreaders.  It accepts commands on its
   standard input and responds on its standard output.  It is normally
   invoked by innd(8) with those descriptors attached to a remote client
   connection.  nnrpd also supports running as a standalone daemon.

   Unlike innd(8), nnrpd supports all NNTP commands for user-oriented
   reading and posting.  nnrpd uses the readers.conf file to control who
   is authorized to access the Usenet database.

   On exit, nnrpd will report usage statistics through syslog(3).

   nnrpd only reads config files (both readers.conf and inn.conf) when it
   is spawned.  You can therefore never change the behavior of a client
   that's already connected.  If nnrpd is run from innd (the default) or
   from inetd(8), xinetd(8), or some equivalent, a new nnrpd process is
   spawned for every connection and therefore any changes to configuration
   files will be immediately effective for all new connections.  If you
   are instead running nnrpd with the -D option, any configuration changes
   won't take effect until nnrpd is restarted.

   The inn.conf setting nnrpdflags can be used to pass any of the options
   below to instances of nnrpd that are spawned directly from innd.  Many
   options only make sense when -D is used, so these options should not be
   used with nnrpdflags.  See also the discussion of nnrpdflags in
   inn.conf(5).

   When nnrpdloadlimit in inn.conf is not 0, it will also reject
   connections if the load average is greater than that value (typically
   16).  nnrpd can also prevent high-volume posters from abusing your
   resources.  See the discussion of exponential backoff in inn.conf(5).

OPTIONS

   -4 address
       The -4 parameter instructs nnrpd to bind to the specified IPv4
       address when started as a standalone daemon using the -D flag.
       This has to be a valid IPv4 address belonging to an interface of
       the local host.  It can also be 0.0.0.0, saying to bind to all
       addresses (this is the default).

   -6 address
       The -6 parameter instructs nnrpd to bind to the specified IPv6
       address when started as a standalone daemon using the -D flag.
       This has to be a valid IPv6 address belonging to an interface of
       the local host.  It can also be "::0", saying to bind to all IPv6
       addresses.

       By default, nnrpd in daemon mode listens to both IPv4 and IPv6
       addresses.  With this option, it will listen only to the specified
       IPv6 addresses.  On some systems however, a value of "::0" will
       cause it to listen to all IPv4 addresses as well.

   -b address
       Similar to the -4 flag.  -b is kept for backwards compatibility.

   -c configfile
       By default, nnrpd reads the readers.conf to determine how to
       authenticate connections.  The -c flag specifies an alternate file
       for this purpose.  If the file name isn't fully qualified, it is
       taken to be relative to pathetc in inn.conf.  (This is useful to
       have several instances of nnrpd running on different ports or IP
       addresses with different settings.)

   -D  If specified, this parameter causes nnrpd to operate as a daemon.
       That is, it detaches itself and runs in the background, forking a
       process for every connection.  By default, nnrpd listens on the
       NNTP port (119), so either innd(8) has to be started on another
       port or the -p parameter used.  Note that with this parameter,
       nnrpd continues running until killed.  This means that it reads
       inn.conf once on startup and never again until restarted.  nnrpd
       should therefore be restarted if inn.conf is changed.

       When started in daemon mode, nnrpd will write its PID into a file
       in the pathrun directory.  The file will be named nnrpd.pid if
       nnrpd listens on port 119 (default), or nnrpd-%d.pid, where %d is
       replaced with the port that nnrpd is configured to listen on (-p
       option is given and its argument is not 119).

   -f  If specified, nnrpd does not detach itself and runs in the
       foreground when started as a standalone daemon using the -D flag.

   -i initial
       Specify an initial command to nnrpd.  When used, initial is taken
       as if it were the first command received by nnrpd.  After having
       responded, nnrpd will close the connection.

   -I instance
       If specified, instance is used as an additional static portion
       within message-IDs generated by nnrpd; typically this option would
       be used where a cluster of machines exist with the same virtual
       hostname and must be disambiguated during posts.

   -n  The -n flag turns off resolution of IP addresses to names.  If you
       only use IP-based restrictions in readers.conf and can handle IP
       addresses in your logs, using this flag may result in some
       additional speed.

   -o  The -o flag causes all articles to be spooled instead of sending
       them to innd(8).  rnews with the -U flag should be invoked from
       cron on a regular basis to take care of these articles.  This flag
       is useful if innd(8) is accepting articles and nnrpd is started
       standalone or using inetd(8).

   -p port
       The -p parameter instructs nnrpd to listen on port when started as
       a standalone daemon using the -D flag.

   -P prefork
       The -P parameter instructs nnrpd to prefork prefork children
       awaiting connections when started as a standalone daemon using the
       -D flag.

   -r reason
       If the -r flag is used, then nnrpd will reject the incoming
       connection giving reason as the text.  This flag is used by innd(8)
       when it is paused or throttled.  reason should be encoded in UTF-8.

   -s padding
       As each command is received, nnrpd tries to change its "argv" array
       so that ps(1) will print out the command being executed.  To get a
       full display, the -s flag may be used with a long string as its
       argument, which will be overwritten when the program changes its
       title.

   -S  If specified, nnrpd will start a negotiation for a TLS session as
       soon as connected.  To use this flag, the OpenSSL SSL and crypto
       libraries must have been found at configure time, or --with-openssl
       specified at configure time.  For more information on running nnrpd
       with TLS support, see "TLS SUPPORT".

   -t  If the -t flag is used, then all client commands and initial
       responses will be traced by reporting them in syslog.  This flag is
       set by innd(8) under the control of the ctlinnd(8) "trace" command,
       and is toggled upon receipt of a SIGHUP; see signal(2).

TLS SUPPORT

   If INN is built with --with-openssl or if the OpenSSL SSL and crypto
   libraries are found at configure time, nnrpd will support news reading
   over TLS (also known as SSL).  For clients that use the STARTTLS
   command, no special configuration is needed beyond creating a TLS/SSL
   certificate for the server.  You should do this in exactly the same way
   that you would generate a certificate for a web server.

   If you're happy with a self-signed certificate (which will generate
   warnings with some news reader clients), you can create and install one
   in the default path by running "make cert" after "make install" when
   installing INN, or by running the following commands:

       umask 077
       openssl req -new -x509 -nodes -out <pathetc>/cert.pem \
           -days 366 -keyout <pathetc>/key.pem
       chown news:news <pathetc>/cert.pem
       chmod 640 <pathetc>/cert.pem
       chown news:news <pathetc>/key.pem
       chmod 600 <pathetc>/key.pem

   Replace the paths with something appropriate to your INN installation.
   This will create a self-signed certificate that will expire in a year.
   The openssl program will ask you a variety of questions about your
   organization.  Enter the fully qualified domain name of the server as
   the name the certificate is for.

   You then have to set these inn.conf parameters with the right paths:

       tlscapath:      <pathetc>
       tlscertfile:    <pathetc>/cert.pem
       tlskeyfile:     <pathetc>/key.pem

   In case you have a certificate authority root certificate, you can also
   set tlscafile to its path.

   There are two common ways for a news client to negotiate a TLS
   connection:  either via the use of the STARTTLS command on the usual
   NNTP port (119) or via the now discouraged way (per RFC 4642) to
   immediately negotiate an encrypted session upon connection on a
   dedicated port (usually 563).  As most news clients currently do not
   use the STARTTLS command, and instead expect to connect to a separate
   port (563) and start a TLS negotiation immediately, it is still useful
   to provide a legacy way for these news clients to encrypt the NNTP
   session.  innd does not, however, know how to listen for connections to
   that separate port.  You will therefore need to arrange for nnrpd to
   listen on that port through some other means.  This can be done with
   the -D flag along with "-p 563" and put into your init scripts:

       su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S'

   but the easiest way is probably to add a line like:

       nntps stream tcp nowait news <pathbin>/nnrpd nnrpd -S

   to /etc/inetd.conf or the equivalent on your system and let inetd run
   nnrpd.  (Change the path to nnrpd to match your installation.)  You may
   need to replace "nntps" with 563 if "nntps" isn't defined in
   /etc/services on your system.

   Optionally, you may set the tlsciphers, tlscompression, tlseccurve,
   tlspreferserverciphers, and tlsprotocols parameters in inn.conf to
   fine-tune the behaviour of the TLS/SSL negotiation whenever a new
   attack on the TLS protocol or some supported cipher suite is
   discovered.

PROTOCOL DIFFERENCES

   nnrpd implements the NNTP commands defined in RFC 3977 (NNTP), RFC 4642
   (TLS/NNTP), RFC 4643 (NNTP authentication) and RFC 6048 (NNTP LIST
   additions) with the following differences:

   1.  The XGTITLE [wildmat] command is provided.  This extension is used
       by ANU-News and documented in RFC 2980.  It returns a 282 reply
       code, followed by a one-line description of all newsgroups that
       match the pattern.  The default is the current group.

       Note that LIST NEWSGROUPS should be used instead of XGTITLE.

   2.  The XHDR header [message-ID|range] command is implemented.  It
       returns a 221 reply code, followed by specific headers for the
       specified range; the default is to return the data for the current
       article.  See RFC 2980.

       Note that HDR should be used instead of XHDR.

   3.  The XOVER [range] command is provided.  It returns a 224 reply
       code, followed by the overview data for the specified range; the
       default is to return the data for the current article.  See
       RFC 2980.

       Note that OVER should be used instead of XOVER.

   4.  A new command, XPAT header message-ID|range pattern [pattern ...],
       is provided.  The first argument is the case-insensitive name of
       the header to be searched.  The second argument is either an
       article range or a single message-ID, as specified in RFC 2980.
       The third argument is a uwildmat(3)-style pattern; if there are
       additional arguments, they are joined together separated by a
       single space to form the complete pattern.  This command is similar
       to the XHDR command.  It returns a 221 response code, followed by
       the text response of all article numbers that match the pattern.

   5.  A newsgroup name is case-sensitive for nnrpd.

   6.  If IHAVE has been advertised, it will not necessarily be advertised
       for the entire session (contrary to section 3.4.1 of RFC 3977).
       nnrpd only advertises the IHAVE capability when it is really
       available.

   7.  nnrpd allows a wider syntax for wildmats and ranges (especially "-"
       and "-article-number").

HISTORY

   Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews.  Overview
   support added by Rob Robertston <rob@violet.berkeley.edu> and Rich in
   January, 1993.  Exponential backoff (for posting) added by Dave Hayes
   in Febuary 1998.

   $Id: nnrpd.pod 10064 2016-09-04 12:55:40Z iulius $

SEE ALSO

   ctlinnd(8), innd(8), inn.conf(5), readers.conf(5), signal(2),
   uwildmat(3).


More Linux Commands

manpages/Tk_DistanceToTextLayout.3.html
Tk_DistanceToTextLayout(3) - routines to measure and display
These routines are for measuring and displaying single-font, multi-line, justified text. To measure and display simple single-font, single-line strings, refer t

manpages/update-desktop-database.1.html
update-desktop-database(1) - Build cache database of MIME ty
The update-desktop-database program is a tool to build a cache database of the MIME types handled by desktop files. The cache database contains the list of MIME

manpages/Digest::base.3pm.html
Digest::base(3pm) - Digest base class - Linux manual page...
The Digest::base class provide implementations of the methods addfile and add_bits in terms of add, and of the methods hexdigest and b64digest in terms of diges

manpages/dijkstra.1.html
dijkstra(1) - single-source distance filter - Linux man page
dijkstra reads a stream of graphs and for each computes the distance of every node from sourcenode. Edge length is given in the len attribute, and the default i

manpages/iso_8859-15.7.html
iso_8859-15(7) - ISO 8859-15 character set encoded in octal,
The ISO 8859 standard includes several 8-bit extensions to the ASCII character set (also known as ISO 646-IRV). Especially important is ISO 8859-1, the Latin Al

manpages/XGetEventData.3.html
XGetEventData(3) - retrieve and free additional event data t
Some extension XGenericEvents require additional memory to store information. For these events, the library returns a XGenericEventCookie with a token (cookie)

manpages/glTranslated.3gl.html
glTranslated(3gl) - multiply the current matrix by a transla
glTranslate produces a translation by $(x,y,z)$. The current matrix (see glMatrixMode) is multiplied by this translation matrix, with the product replacing the

manpages/XDGAOpenFramebuffer.3.html
XDGAOpenFramebuffer(3) - Client library for the XFree86-DGA
The XFree86-DGA extension is an X server extension for allowing client programs direct access to the video frame buffer. This is a brief description of the prog

manpages/gnutls_x509_privkey_get_pk_algorithm.3.html
gnutls_x509_privkey_get_pk_algorithm(3) - API function......
gnutls_x509_privkey_get_pk_algorithm.3 - This function will return the public key algorithm of a private key. RETURNS a member of the gnutls_pk_algorithm_t enum

manpages/getrpcbyname.3.html
getrpcbyname(3) - get RPC entry (Library - Linux man page)
The getrpcent(), getrpcbyname(), and getrpcbynumber() functions each return a pointer to an object with the following structure containing the broken-out fields

manpages/gnutls_pubkey_deinit.3.html
gnutls_pubkey_deinit(3) - API function - Linux manual page
This function will deinitialize a public key structure. SINCE 2.12.0 REPORTING BUGS Report bugs to &lt;bug-gnutls@gnu.org&gt;. GnuTLS home page: http://www.gnu.org/so

manpages/nfsd.8.html
nfsd(8) - NFS server process (Admin - Linux man page).......
The rpc.nfsd program implements the user level part of the NFS service. The main functionality is handled by the nfsd kernel module. The user space program mere





We can't live, work or learn in freedom unless the software we use is free.