Provided by: inn2-lfs_2.4.5-5_i386 bug

NAME

       nnrpd - NNTP server for reader clients

SYNOPSIS

       nnrpd [-DfnoSt] [-b address] [-c configfile] [-g shadowgroup>] [-i
       initial] [-I instance] [-p port] [-P prefork] [-r reason] [-s padding]

DESCRIPTION

       nnrpd is an NNTP server for newsreaders.  It accepts commands on its
       standard input and responds on its standard output.  It is normally
       invoked by innd(8) with those descriptors attached to a remote client
       connection.  nnrpd also supports running as a standalone daemon.

       Unlike innd(8) nnrpd supports all NNTP commands for user-oriented
       reading and posting.  nnrpd uses the readers.conf file to control who
       is authorized to access the Usenet database.

       On exit, nnrpd will report usage statistics through syslog(3).

       nnrpd only reads config files (both readers.conf and inn.conf) when it
       is spawned.  You can therefore never change the behavior of a client
       that’s already connected.  If nnrpd is run from innd (the default) or
       from inetd(8), xinetd(8), or some equivalent, a new nnrpd process is
       spawned for every connection and therefore any changes to configuration
       files will be immediately effective for all new connections.  If you
       are instead running nnrpd with the -D option, any configuration changes
       won’t take effect until nnrpd is restarted.

       The inn.conf setting nnrpdflags can be used to pass any of the options
       below to instances of nnrpd that are spawned directly from innd.  Many
       options only make sense when -D is used, so these options should not be
       used with nnrpdflags.  See also the discussion of nnrpdflags in
       inn.conf(5).

       When nnrpdloadlimit in inn.conf is not 0, it will also reject
       connections if the load average is greater than that value (typically
       16).  nnrpd can also prevent high-volume posters from abusing your
       resources. See the discussion of exponential backoff in inn.conf(5).

OPTIONS

       -b address
           The -b parameter instructs nnrpd to bind to the specified IP
           address when started as a standalone daemon using the -D flag. This
           has to be a valid IPv4 or IPv6 address belonging to an interface of
           the local host.  It can also be ::0 (although the default is
           0.0.0.0 if unspecified).

       -c configfile
           By default, nnrpd reads the readers.conf to determine how to
           authenticate connections.  The -c flag specifies an alternate file
           for this purpose.  If the file name isn’t fully qualified, it is
           taken to be relative to pathetc in inn.conf (this is useful to have
           several instances of nnrpd running on different ports or IP
           addresses with different settings.)

       -D  If specified, this parameter causes nnrpd to operate as a daemon.
           That is, it detaches itself and runs in the background, forking a
           process for every connection. By default nnrpd listens on the NNTP
           port (119), so either innd(8) has to be started on another port or
           nnrpd -p parameter.  Note that with this parameter, nnrpd continues
           running until killed.  This means that it reads inn.conf once on
           startup and never again until restarted. nnrpd should therefore be
           restarted if inn.conf is changed.

           When started in daemon mode, nnrpd will write its PID into a file
           in the pathrun directory.  The file will be named nnrpd-%d.pid,
           where %d is replaced with the port that nnrpd is configured to
           listen on (119 unless the -p option is given).

       -f  If specified, nnrpd does not detach itself and runs in the
           foreground when started as a standalone daemon using the -D flag.

       -g shadowgroup
           On systems that have a shadow password file, nnrpd tries to add the
           group shadow as a supplementary group if it is running in
           standalone mode. On many systems, members of that group have read
           permission for the shadow password file. The -g parameter instructs
           nnrpd to try to add the named group as a supplementary group on
           shadow systems instead of shadow. This only works if
           "HAVE_GETSPNAM" in include/config.h is defined and nnrpd is running
           in standalone mode since this call only works when nnrpd is started
           as root.

       -i initial
           Specify an initial command to nnrpd. When used, initial is taken as
           if it were the first command received by nnrpd.

       -I instance
           If specified instance is used as an additional static portion
           within MessageIDs generated by nnrpd; typically this option would
           be used where a cluster of machines exist with the same virtual
           hostname and must be disambiguated during posts.

       -n  The -n flag turns off resolution of IP addresses to names.  If you
           only use IP-based restrictions in readers.conf and can handle IP
           addresses in your logs, using this flag may result in some
           additional speed.

       -o  The -o flag causes all articles to be spooled instead of sending
           them to innd(8). rnews with the -U flag should be invoked from cron
           on a regular basis to take care of these articles. This flag is
           useful if innd(8) in accepting articles and nnrpd is started
           standalone or using inetd(8).

       -p port
           The -p parameter instructs nnrpd to listen on port when started as
           a standalone daemon using the -D flag.

       -P prefork
           The -P parameter instructs nnrpd to prefork prefork children
           awaiting connections when started as a standalone daemon using the
           -D flag.

       -r reason
           If the -r flag is used, then nnrpd will reject the incoming
           connection giving reason as the text. This flag is used by innd(8)
           when it is paused or throttled.

       -s padding
           As each command is received, nnrpd tries to change its "argv" array
           so that ps(1) will print out the command being executed. To get a
           full display, the -s flag may be used with a long string as its
           argument, which will be overwritten when the program changes its
           title.

       -S  If specified, nnrpd will start a negotiation for SSL session as
           soon as connected. To use this flag, "--with-openssl" must have
           been specified at "configure" time.

       -t  If the -t flag is used then all client commands and initial
           responses will be traced by reporting them in syslog. This flag is
           set by innd(8) under the control of the ctlinnd(8) "trace" command,
           and is toggled upon receipt of a "SIGHUP"; see signal(2).

SSL SUPPORT

       If INN is built with "--with-openssl", nnrpd will support news reading
       over TLS (also known as SSL).  For clients that use the STARTTLS
       command, no special configuration is needed beyond creating a TLS/SSL
       certificate for the server.  You should do this in exactly the same way
       that you would generate a certificate for a web server.

       If you’re happy with a self-signed certificate (which will generate
       warnings with some news reader clients), you can create and install one
       in the default path by running "make cert" after "make install" when
       installing INN, or by running the following commands:

           openssl req -new -x509 -nodes -out /usr/local/news/lib/cert.pem \
               -days 366 -keyout /usr/local/news/lib/key.pem
           chown news:news /usr/local/news/lib/cert.pem
           chmod 640 /usr/local/news/lib/cert.pem
           chown news:news /usr/local/news/lib/key.pem
           chmod 600 /usr/local/news/lib/key.pem

       Replace the paths with something appropriate to your INN installation.
       This will create a self-signed certificate that will expire in a year.
       The openssl program will ask you a variety of questions about your
       organization.  Enter the fully qualified domain name of the server as
       the name the certificate is for.

       Most news clients currently do not use the STARTTLS command, however,
       and instead expect to connect to a separate port (563) and start an SSL
       negotiation immediately.  innd does not, however, know how to listen
       for connections to that port and then spawn nnrpd the way that it does
       for regular reader connections.  You will therefore need to arrange for
       nnrpd to listen on that port through some other means.  This can be
       done with the -D flag (and "-P 563"), but the easiest way is probably
       to add a line like:

           nntps stream tcp nowait news /usr/lib/news/bin/nnrpd nnrpd -S

       to /etc/inetd.conf or the equivalent on your system and let inetd run
       nnrpd.  (Change the path to nnrpd to match your installation if
       needed.)  You may need to replace "nntps" with 563 if "nntps" isn’t
       defined in /etc/services on your system.

PROTOCOL DIFFERENCES

       nnrpd implements the NNTP commands defined in RFC 977, with the
       following differences:

       1.  The "slave" command is not implemented.  This command has never
           been fully defined.

       2.  The "list" command may be followed by the optional word
           "active.times", "distributions", "distrib.pats", "moderators",
           "newsgroups", "subscriptions", or "Ioverview.fmt" to get a list of
           when newsgroups where created, a list of valid distributions, a
           file specifying default distribution patterns, moderators list, a
           one-per-line description of the current set of newsgroups, a list
           of the automatic group subscriptions, or a listing of the
           overview.fmt file.

           The command "list active" is equivalent to the "list" command. This
           is a common extension.

       3.  The "xhdr", "authinfo user" and "authinfo pass" commands are
           implemented.  These are based on the reference Unix implementation.
           See RFC 2980.

       4.  A new command, "xpat header range|MessageID pat [morepat...]", is
           provided.  The first argument is the case-insensitive name of the
           header to be searched.  The second argument is either an article
           range or a single Message-ID, as specified in RFC 977.  The third
           argument is a "uwildmat"(3)-style pattern; if there are additional
           arguments they are joined together separated by a single space to
           form the complete pattern.  This command is similar to the "xhdr"
           command.  It returns a 221 response code, followed by the text
           response of all article numbers that match the pattern.

       5.  The "listgroup group" command is provided.  This is a comment
           extension.  It is equivalent to the "group" command, except that
           the reply is a multi-line response containing the list of all
           article numbers in the group.

       6.  The "xgtitle [group]" command is provided. This extension is used
           by ANU-News.  It returns a 282 reply code, followed by a one-line
           description of all newsgroups thatmatch the pattern.  The default
           is the current group.

       7.  The "xover [range]" command is provided. It returns a 224 reply
           code, followed by the overview data for the specified range; the
           default is to return the data for the current article.

       8.  The "xpath MessageID" command is provided; see innd(8).

       9.  The "date" command is provided; this is based on the draft NNTP
           protocol revision (draft-ietf-nntpext-imp-04.txt).  It returns a
           one-line response code of 111 followed by the GMT date and time on
           the server in the form "YYYYMMDDhhmmss".

HISTORY

       Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews.  Overview
       support added by Rob Robertston <rob@violet.berkeley.edu> and Rich in
       January, 1993.  Exponential backoff (for posting) added by Dave Hayes
       in Febuary 1998.

       $Id: nnrpd.8 7880 2008-06-16 20:37:13Z iulius $

SEE ALSO

       ctlinnd(8), innd(8), inn.conf(5), signal(2), uwildmat(3).