nnrpd(8)
NAME
nnrpd - NNTP server for reader clients
SYNOPSIS
nnrpd [-DfnoSt] [-4 address] [-6 address] [-b address] [-c configfile] [-i initial] [-I instance] [-p port] [-P prefork] [-r reason] [-s padding]
DESCRIPTION
nnrpd is an NNTP server for newsreaders. It accepts commands on its standard input and responds on its standard output. It is normally invoked by innd(8) with those descriptors attached to a remote client connection. nnrpd also supports running as a standalone daemon. Unlike innd(8), nnrpd supports all NNTP commands for user-oriented reading and posting. nnrpd uses the readers.conf file to control who is authorized to access the Usenet database. On exit, nnrpd will report usage statistics through syslog(3). nnrpd only reads config files (both readers.conf and inn.conf) when it is spawned. You can therefore never change the behavior of a client that's already connected. If nnrpd is run from innd (the default) or from inetd(8), xinetd(8), or some equivalent, a new nnrpd process is spawned for every connection and therefore any changes to configuration files will be immediately effective for all new connections. If you are instead running nnrpd with the -D option, any configuration changes won't take effect until nnrpd is restarted. The inn.conf setting nnrpdflags can be used to pass any of the options below to instances of nnrpd that are spawned directly from innd. Many options only make sense when -D is used, so these options should not be used with nnrpdflags. See also the discussion of nnrpdflags in inn.conf(5). When nnrpdloadlimit in inn.conf is not 0, it will also reject connections if the load average is greater than that value (typically 16). nnrpd can also prevent high-volume posters from abusing your resources. See the discussion of exponential backoff in inn.conf(5).
OPTIONS
-4 address
The -4 parameter instructs nnrpd to bind to the specified IPv4
address when started as a standalone daemon using the -D flag.
This has to be a valid IPv4 address belonging to an interface of
the local host. It can also be 0.0.0.0, saying to bind to all
addresses (this is the default).
-6 address
The -6 parameter instructs nnrpd to bind to the specified IPv6
address when started as a standalone daemon using the -D flag.
This has to be a valid IPv6 address belonging to an interface of
the local host. It can also be "::0", saying to bind to all IPv6
addresses.
By default, nnrpd in daemon mode listens to both IPv4 and IPv6
addresses. With this option, it will listen only to the specified
IPv6 addresses. On some systems however, a value of "::0" will
cause it to listen to all IPv4 addresses as well.
-b address
Similar to the -4 flag. -b is kept for backwards compatibility.
-c configfile
By default, nnrpd reads the readers.conf to determine how to
authenticate connections. The -c flag specifies an alternate file
for this purpose. If the file name isn't fully qualified, it is
taken to be relative to pathetc in inn.conf. (This is useful to
have several instances of nnrpd running on different ports or IP
addresses with different settings.)
-D If specified, this parameter causes nnrpd to operate as a daemon.
That is, it detaches itself and runs in the background, forking a
process for every connection. By default, nnrpd listens on the
NNTP port (119), so either innd(8) has to be started on another
port or the -p parameter used. Note that with this parameter,
nnrpd continues running until killed. This means that it reads
inn.conf once on startup and never again until restarted. nnrpd
should therefore be restarted if inn.conf is changed.
When started in daemon mode, nnrpd will write its PID into a file
in the pathrun directory. The file will be named nnrpd.pid if
nnrpd listens on port 119 (default), or nnrpd-%d.pid, where %d is
replaced with the port that nnrpd is configured to listen on (-p
option is given and its argument is not 119).
-f If specified, nnrpd does not detach itself and runs in the
foreground when started as a standalone daemon using the -D flag.
-i initial
Specify an initial command to nnrpd. When used, initial is taken
as if it were the first command received by nnrpd. After having
responded, nnrpd will close the connection.
-I instance
If specified, instance is used as an additional static portion
within message-IDs generated by nnrpd; typically this option would
be used where a cluster of machines exist with the same virtual
hostname and must be disambiguated during posts.
-n The -n flag turns off resolution of IP addresses to names. If you
only use IP-based restrictions in readers.conf and can handle IP
addresses in your logs, using this flag may result in some
additional speed.
-o The -o flag causes all articles to be spooled instead of sending
them to innd(8). rnews with the -U flag should be invoked from
cron on a regular basis to take care of these articles. This flag
is useful if innd(8) is accepting articles and nnrpd is started
standalone or using inetd(8).
-p port
The -p parameter instructs nnrpd to listen on port when started as
a standalone daemon using the -D flag.
-P prefork
The -P parameter instructs nnrpd to prefork prefork children
awaiting connections when started as a standalone daemon using the
-D flag.
-r reason
If the -r flag is used, then nnrpd will reject the incoming
connection giving reason as the text. This flag is used by innd(8)
when it is paused or throttled. reason should be encoded in UTF-8.
-s padding
As each command is received, nnrpd tries to change its "argv" array
so that ps(1) will print out the command being executed. To get a
full display, the -s flag may be used with a long string as its
argument, which will be overwritten when the program changes its
title.
-S If specified, nnrpd will start a negotiation for a TLS session as
soon as connected. To use this flag, the OpenSSL SSL and crypto
libraries must have been found at configure time, or --with-openssl
specified at configure time. For more information on running nnrpd
with TLS support, see "TLS SUPPORT".
-t If the -t flag is used, then all client commands and initial
responses will be traced by reporting them in syslog. This flag is
set by innd(8) under the control of the ctlinnd(8) "trace" command,
and is toggled upon receipt of a SIGHUP; see signal(2).
TLS SUPPORT
If INN is built with --with-openssl or if the OpenSSL SSL and crypto
libraries are found at configure time, nnrpd will support news reading
over TLS (also known as SSL). For clients that use the STARTTLS
command, no special configuration is needed beyond creating a TLS/SSL
certificate for the server. You should do this in exactly the same way
that you would generate a certificate for a web server.
If you're happy with a self-signed certificate (which will generate
warnings with some news reader clients), you can create and install one
in the default path by running "make cert" after "make install" when
installing INN, or by running the following commands:
umask 077
openssl req -new -x509 -nodes -out <pathetc>/cert.pem \
-days 366 -keyout <pathetc>/key.pem
chown news:news <pathetc>/cert.pem
chmod 640 <pathetc>/cert.pem
chown news:news <pathetc>/key.pem
chmod 600 <pathetc>/key.pem
Replace the paths with something appropriate to your INN installation.
This will create a self-signed certificate that will expire in a year.
The openssl program will ask you a variety of questions about your
organization. Enter the fully qualified domain name of the server as
the name the certificate is for.
You then have to set these inn.conf parameters with the right paths:
tlscapath: <pathetc>
tlscertfile: <pathetc>/cert.pem
tlskeyfile: <pathetc>/key.pem
In case you have a certificate authority root certificate, you can also
set tlscafile to its path.
There are two common ways for a news client to negotiate a TLS
connection: either via the use of the STARTTLS command on the usual
NNTP port (119) or via the now discouraged way (per RFC 4642) to
immediately negotiate an encrypted session upon connection on a
dedicated port (usually 563). As most news clients currently do not
use the STARTTLS command, and instead expect to connect to a separate
port (563) and start a TLS negotiation immediately, it is still useful
to provide a legacy way for these news clients to encrypt the NNTP
session. innd does not, however, know how to listen for connections to
that separate port. You will therefore need to arrange for nnrpd to
listen on that port through some other means. This can be done with
the -D flag along with "-p 563" and put into your init scripts:
su news -s /bin/sh -c '<pathbin>/nnrpd -D -p 563 -S'
but the easiest way is probably to add a line like:
nntps stream tcp nowait news <pathbin>/nnrpd nnrpd -S
to /etc/inetd.conf or the equivalent on your system and let inetd run
nnrpd. (Change the path to nnrpd to match your installation.) You may
need to replace "nntps" with 563 if "nntps" isn't defined in
/etc/services on your system.
Optionally, you may set the tlsciphers, tlscompression, tlseccurve,
tlspreferserverciphers, and tlsprotocols parameters in inn.conf to
fine-tune the behaviour of the TLS/SSL negotiation whenever a new
attack on the TLS protocol or some supported cipher suite is
discovered.
PROTOCOL DIFFERENCES
nnrpd implements the NNTP commands defined in RFC 3977 (NNTP), RFC 4642
(TLS/NNTP), RFC 4643 (NNTP authentication) and RFC 6048 (NNTP LIST
additions) with the following differences:
1. The XGTITLE [wildmat] command is provided. This extension is used
by ANU-News and documented in RFC 2980. It returns a 282 reply
code, followed by a one-line description of all newsgroups that
match the pattern. The default is the current group.
Note that LIST NEWSGROUPS should be used instead of XGTITLE.
2. The XHDR header [message-ID|range] command is implemented. It
returns a 221 reply code, followed by specific headers for the
specified range; the default is to return the data for the current
article. See RFC 2980.
Note that HDR should be used instead of XHDR.
3. The XOVER [range] command is provided. It returns a 224 reply
code, followed by the overview data for the specified range; the
default is to return the data for the current article. See
RFC 2980.
Note that OVER should be used instead of XOVER.
4. A new command, XPAT header message-ID|range pattern [pattern ...],
is provided. The first argument is the case-insensitive name of
the header to be searched. The second argument is either an
article range or a single message-ID, as specified in RFC 2980.
The third argument is a uwildmat(3)-style pattern; if there are
additional arguments, they are joined together separated by a
single space to form the complete pattern. This command is similar
to the XHDR command. It returns a 221 response code, followed by
the text response of all article numbers that match the pattern.
5. A newsgroup name is case-sensitive for nnrpd.
6. If IHAVE has been advertised, it will not necessarily be advertised
for the entire session (contrary to section 3.4.1 of RFC 3977).
nnrpd only advertises the IHAVE capability when it is really
available.
7. nnrpd allows a wider syntax for wildmats and ranges (especially "-"
and "-article-number").
HISTORY
Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. Overview support added by Rob Robertston <rob@violet.berkeley.edu> and Rich in January, 1993. Exponential backoff (for posting) added by Dave Hayes in Febuary 1998. $Id: nnrpd.pod 10064 2016-09-04 12:55:40Z iulius $
SEE ALSO
ctlinnd(8), innd(8), inn.conf(5), readers.conf(5), signal(2), uwildmat(3).
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
