I set up an news server today. Jotted some notes.
Configuration files
inn.conf(5) parameters
domain: domain name suffic without periodpathhost: things to put in “Path:” field of posted message. Usually the FQDN of the system. If it is unset, innd won’t start.artcutoff: Drop postings older than this number of days. Default is 10, valid for feeding.maxartsize: Max article size in bytes, 0 allows any sizemaxconnections: Default is 50 simultaneous usersallownewnews: Allow new news? Default is yesclienttimeout: Amount of idle times in secionds before the connection dropped. Default 600 sec.complaints: value for “X-Complaints-To:” header fieldlocalmaxartsize: max article size in bytes for locally posted articles (c.f.maxartsizefor feeded articles)
readers.conf(5) parameters
There are two type of config groups: “auth” and “access”
auth: establish the identity of the useraccess: given the identity, what they can do
The format for the auth group is:
auth [name] {
hosts: 192.168.0.0/24, 10.0.0.0/8
auth: /usr/local/bin/...
res: /usr/local/bin/....
default: anonymous
default-domain: example.com
}
If hosts part is matched with the user’s, the program pointed by res is run
and it should return user@doamin as the reported user identity. If res is
not set or failed to return, the user identity is constructed by default and
default-domain, in the above example, it is anonymous@example.com. If the
user is passsed with USER/AUTH commands, the info will pass to the program
pointed by auth, which will return another identity of the form user@domain.
The name of the group is for documentation only.
The format for the access group is:
access [name] {
users: alice@domain.com,bob@example.com,...
newsgroups: gp1,gp2,gp3,gp4,...
read: gp1,gp3,...
post: gp2,gp4,...
}
The users list out all the users that this access group is applicable to, and
newsgroups list out all the groups that the user can both read or post.
The lines of read and post are respectively meant to allow the users to read
or posts only.
Both auth and access group will have the behavior determined by
“last-match-counts”. But the two groups are linked together to make effect by
key options only. For example, the following allows all ccess for users from
example.com:
auth example {
key: special
hosts: *.example.com
default: specialuser
}
access example {
key: special
users: specialuser
newsgroups: *
}
and the following is a typical example for password-protected sites:
auth all {
auth: "ckpasswd -d /var/lib/.../news_users"
}
access full {
users: *
nesgroups: *
}
Please note that the auth group do not provide default or res, so the
users would not have any valid identity until authentication. We rely on this
feature for mandatory login and hence, a password protection.
active(5)
This file describes all the newsgroups on this server.
- Path:
[pathdb]/activ - Each line of active file is:
[name] [himark] [lomark] [flag]name= the name of the newsgrouphimark= highest article sequence number in the grouplomark= lowest article sequence number in the groupflagcan be:y: Allow local postingn: No local posting is allowedm: Moderatedj: Do not keep posting, just pass onx: No post at all=foo.bar: Locally filed tofoo.bargroup
Commands
ckpasswd(1)
Options available:
-s # check against system password
-f file # check against passwd-like file
-d database # check against dbm database
Creation of passwd-like file for authentication: Using the following Perl script.
#/usr/bin/perl
open FILE,"file";
print "Username: ";
my $user=<STDIN>; chomp $user;
print "Password: ";
my $pass=<STDIN>; chomp $pass;
my @alphabet = ('.', '/', 0..9, 'A'..'Z', 'a'..'z');
my $salt = join ", @alphabet[rand 64,rand 64];
my $crypted = crypt($pass,$salt);
print FILE "$user=$crypted\n"
ctlinnd(8)
Usage:
ctlinnd command [option]
Getting help:
ctlinnd -h # Get a list of commands
ctlinnd -h command # Usage of the command
For example, to create a group, we are running:
ctlinnd newgroup group flag creator
like:
# ctlinnd newgroup new_project y adrian
Setup session:
# apt-get install inn2
# cd /etc/news
# mv readers.conf readers.conf.old
# cat > readers.conf
auth all {
auth: "ckpasswd -s"
}
access full {
users: *
nesgroups: *
}
^D
# chgrp shadow /usr/lib/news/bin/auth/passwd/ckpasswd
# chmod g+s /usr/lib/news/bin/auth/passwd/ckpasswd
# ctlinnd newgroup mygroup y adrian
# /etc/init.d/inn2 restart