Installing the NNTP Server The NNTP server (nntpd) (Web server logs)
Installing the NNTP Server The NNTP server (nntpd) may be compiled in two ways, depending on the expected load on the news system. There are no compiled versions available, because of some site-specific defaults that are hardcoded into the executable. All configuration is done through macros defined in common/conf.h. nntpd may be configured as either a standalone server that is started at system boot time from an rc file, or a daemon managed by inetd. In the latter case, you have to have the following entry in /etc/inetd.conf: nntp stream tcp nowait news /usr/etc/in.nntpd nntpd The inetd.conf syntax is described in detail in Chapter 12, Important Network Features. If you configure nntpd as standalone, make sure that any such line in inetd.conf is commented out. In either case, you have to make sure the following line appears in /etc/services: nntp 119/tcp readnews untp # Network News Transfer Protocol To temporarily store any incoming articles, nntpd also needs a .tmp directory in your news spool. You should create it using the following commands: # mkdir /var/spool/news/.tmp # chown news.news /var/spool/news/.tmp Restricting NNTP Access Access to NNTP resources is governed by the file nntp_access in /etc/news. Lines in this file describe the access rights granted to foreign hosts. Each line has the following format: site read|xfer|both|no post|no [!exceptgroups] If a client connects to the NNTP port, nntpd attempts to obtain the host’s fully qualified domain name from its IP address using reverse lookup. The client’s hostname and IP address are checked against the site field of each entry in the order in which they appear in the file. Matches may be either partial or exact. If an entry matches exactly, it applies; if the match is partial, it applies only if there is no other match following it that is at least as good. site may be specified in one of the following ways: Hostname This is a fully qualified domain name of a host. If this matches the client’s canonical hostname literally, the entry applies, and all following entries are ignored. IP address This is an IP address in dotted quad notation. If the client’s IP address matches this, the entry applies, and all following entries are ignored. Domain name This is a domain name, specified as *.domain. If the client’s hostname matches the domain name, the entry matches. Network name This is the name of a network as specified in /etc/networks. If the network number of the client’s IP address matches the network number associated with the network name, the entry matches. Default The string default matches any client. Entries with a more general site specification should be specified earlier, because any matches will be overridden by later, more exact matches. The second and third fields describe the access rights granted to the client. The second field details the permissions to retrieve news by pulling (read), and transmit news by pushing (xfer). A value of both enables both; no denies access altogether. The third field grants the client the right to post articles, i.e., deliver articles with incomplete header information, which is completed by the news software. If the second field contains no, the third field is ignored. The fourth field is optional and contains a comma-separated list of groups to which the client is denied access.