Red Hat Linux 7 Unleashed

Red Hat Linux 7 Unleashed

By William Ball

An Introduction to INN

INN was designed for handling news on very large systems with complex connections and configuration problems. INN contains an NNTP component but is noticeably faster when downloading and handling newsgroups than NNTP alone. Luckily, INN can be quickly configured for most basic Linux setups. I look at setting up INN on a typical Red Hat Linux system using a dial-up connection to an ISP using TCP/IP because this is the most common configuration. One problem with INN is a lack of good documentation. To date, no one has spent the time to produce a good public domain HOW-TO file about configuring and maintaining INN on Linux systems, but there is an INN FAQ, among other things, available from the INN home page at http://www.isc.org/inn.html.

INN uses a daemon called innd to control its behavior. Another daemon, nnrpd, is used to provide newsreader services. After INN is installed it will start automatically at boot. Every time a user launches a newsreader, a copy of nnrpd is started.

Installing INN

To install INN, you can start with either the source code (usually obtained from a Web or FTP site) or a precompiled binary included in the Red Hat INN package. Precompiled binaries are much easier because they save the hassle of running a C compiler to produce the binary from source code.

NOTE

If you are working with INN source code instead of a precompiled binary, you should carefully read any README files included in the source distribution. They describe the steps involved in compiling the INN software for your system. A makefile accompanies the source code and will almost certainly need modification to suit your system. With the latest INN distribution, however, a configure script gets run before compilation, which takes care of most configuration options. The version of INN shipping with Red Hat Linux when this chapter was written was 2.2.3.

To install your precompiled INN binaries on the system and properly configure it for secure operation, follow these steps:

  1. Check your /etc/passwd file for a user called news. If one does not exist, create the news user. The user news should belong to a group called news. The home directory can be anything, and the startup command should be blank or something like /bin/false for security reasons—no one should ever need to actively log in as the news user. Neither of these parameters is used by the system. The news user is created to allow INN to run as a non-root login for better system security. This account should exist by default on Red Hat systems. Also make sure that the Password field is filled by an asterisk (*) in /etc/passwd (or if shadow passwords are in use it should be an x in /etc/passwd and an asterisk in /etc/shadow). This makes doubly sure that no one can log in interactively as the news user.
  2. Check the /etc/group file for a group called news. If one does not exist, create it. The news login should be the only user in the news group. Providing a dedicated group for INN access enhances system security. This group should exist by default on Red Hat systems.
  3. INN often sends mail to the news logins, so you might want to create an alias for the usernames news and usenet to root, postmaster, or to whatever other login you want these messages to be sent. The alias file is kept in /etc/aliases. When you add aliases, make sure to run the /usr/bin/newaliases command afterward so that the added aliases will take effect.

  4. Check to see if INN is already installed on your system by typing this code:

    
         rpm -q inn

    If no installed package is found, you'll need to install INN and probably the cleanfeed package as well. To install cleanfeed, do the following:

    
         rpm -i cleanfeed-0.95.7b-9.noarch.rpm

    Install the INN package from the directory containing RPM files by issuing the following command:

    
         rpm -i inn-2.2.3-3.i386.rpm

    Installing the package should cause the creation of two files called /etc/init.d/innd and /etc/rc.news. These files will be used by init to start news services each time you boot. Once installed, they are executed automatically during the boot process unless explicitly disabled or removed.

  5. The INN RPM file will install INN and newsgroup support under the /usr hierarchy (mainly in /usr/lib and /usr/bin). In previous versions of Red Hat Linux these files were located under /usr/lib/news.

  6. The INN RPM will install the INN configuration files into the /etc/news directory and will add several files to the /etc/cron.* directories to be run by cron. The /etc/cron.daily/inn-cron-expire file calls the news.daily program once per day to expire (remove) old articles and to clean and maintain the INN logs. The /etc/cron.hourly/inn-cron-rnews file downloads new articles to your system once per day. The /etc/cron.hourly/inn-cron-nntpsend file sends articles created on your system to your outgoing news server once every hour.

    After the INN package has successfully been installed, you can start news services by typing this code:

    
         /etc/init.d/innd start
  7. If you are uncomfortable starting INN on a running system, you can reboot your machine now. INN should start automatically as a part of the boot process.

The INN Startup Files

When the INN RPM is installed, it should automatically install the important INN startup files, /etc/init.d/innd (shown in Listing 13.1) and /usr/bin/rc.news.

Example 13.1. Contents of /etc/init.d/innd 

#! /bin/sh
#
# innd        InterNet News System
#
# chkconfig: 345 95 05
# description: inn is the most popular server for Usenet news. It allows #              you to setup local news servers. It can be difficult to #              set up properly though, so be sure to read /usr/doc/inn* #              before trying.
# processname: innd
# pidfile: /var/run/news/innd.pid

# Source function library.
. /etc/init.d/functions

# Get config.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${ NETWORKING}  = "no" ]
then
    exit 0
fi

[ -d /etc/news ] || exit 0
[ -d /var/spool/news ] || exit 0

RETVAL=0

start() {
        echo -n "Starting INND system: "
        daemon --user news /etc/rc.news
        RETVAL=$?
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/innd
        echo
        return $RETVAL
}

stop() {
        if [ -f /var/run/news/innd.pid ]
        then
                echo -n "Stopping INND service: "
                killproc innd
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/run/news/innd.pid
                echo
        fi
        if [ -f /var/run/news/innwatch.pid ]
        then
                echo -n "Stopping INNWatch service: "
                killproc innwatch -9
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/run/news/innwatch.pid
                echo
        fi
        if [ -f /var/run/news/innfeed.pid ]
        then
                echo -n "Stopping INNFeed service: "
                killproc innfeed -9
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/run/news/innfeed.pid
                echo
        fi
        if [ -f /var/run/news/actived.pid ]
        then
                echo -n "Stopping INN actived service: "
                killproc actived -9
                RETVAL=$?
                [ $RETVAL -eq 0 ] && rm -f /var/run/news/actived.pid
                echo
        fi
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/innd /var/lock/news/*
        return $RETVAL
}

reload() {
        echo -n "Reloading INN Service: "
        killproc innd -HUP

        RETVAL=$?
        return $RETVAL
}

restart() {
        stop
        start
}


# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  status)
        status innd
        ;;
  reload)
        reload
        ;;
  restart)
        stop
        start
        ;;
  condrestart)
        if [ -f /var/lock/subsys/innd ]; then
            restart
        fi
        ;;
  *)
        echo "Usage: $0 { start|stop|status|restart|condrestart} "
        exit 1
        ;;
esac

exit $RETVAL

It is a pretty standard control file—very similar to all the others in the /etc/init.d directory. It starts off by checking that all the various networking services are running; then, depending on what argument is passed to it (start, stop, status, or restart), it performs the appropriate action. Most of the work is performed in the rc.news file, an example of which is displayed in Listing 13.2.

Example 13.2. Contents of /etc/rc.news 

#!/bin/sh
##  $Revision: 1.22.2.1 $
##  News boot script.  Runs as "news" user.  Requires inndstart be
##  setuid root.  Run from rc.whatever as:
##     su news -c /path/to/rc.news >/dev/console

. /usr/lib/innshellvars

AZ=ABCDEFGHIJKLMNOPQRSTUVWXYZ
az=abcdefghijklmnopqrstuvwxyz
##  Pick ${ INND}  or ${ INNDSTART}
WHAT=${ INNDSTART}
##  Set to true or false
: ${ DOINNWATCH:=true}
DOINNWATCH=`echo ${ DOINNWATCH}  | tr ${ AZ}  ${ az} `
if [ -z "${ DOINNWATCH} "      -o "${ DOINNWATCH} " = "on"      -o "${ DOINNWATCH} " = "true"      -o "${ DOINNWATCH} " = "yes" ]; then
    DOINNWATCH=true
else
    DOINNWATCH=false
fi


: ${ DOCNFSSTAT:=false}
DOCNFSSTAT=`echo ${ DOCNFSSTAT}  | tr ${ AZ}  ${ az} `
if [ -z "${ DOCNFSSTAT} "      -o "${ DOCNFSSTAT} " = "on"      -o "${ DOCNFSSTAT} " = "true"      -o "${ DOCNFSSTAT} " = "yes" ]; then
    DOCNFSSTAT=true
else
    DOCNFSSTAT=false
fi

MAIL="${ MAILCMD}  -s 'Boot-time Usenet warning on `hostname`'${ NEWSMASTER} "

##  RFLAG is set below; set INNFLAGS in inn.conf(5)
RFLAG=""

##  Clean shutdown or already running?
if [ -f ${ SERVERPID}  ] ; then
    if kill -0 `cat ${ SERVERPID} ` 2>/dev/null; then
    echo 'INND is running'
    exit 0
    fi
    echo 'INND:  PID file exists -- unclean shutdown!'
    RFLAG="-r"
fi

if [ ! -f ${ PATHDB} /.news.daily ] ; then
    case `find ${ PATHBIN} /innd -mtime +1 -print 2>/dev/null` in
    "")
    ;;
    *)
    echo 'No .news.daily file; need to run news.daily?'| eval ${ MAIL}
    ;;
    esac
else
    case `find${ PATHDB} /.news.daily -mtime +1 -print 2>/dev/null` in
    "")
    ;;
    *)
    echo 'Old .news.daily file; need to run news.daily?'| eval ${ MAIL}
    ;;
    esac
fi

##  Active file recovery.
if [ ! -s ${ ACTIVE}  ] ; then
    if [ -s ${ NEWACTIVE}  ] ; then
    mv ${ NEWACTIVE}  ${ ACTIVE}
    else
    if [ -s ${ OLDACTIVE}  ] ; then
        cp ${ OLDACTIVE}  ${ ACTIVE}
    else
        echo 'INND:   No active file!'
        exit 1
    fi
    fi
    RFLAG="-r"
    # You might want to rebuild the DBZ database, too:
    #cd ${ PATHDB}      #        && makehistory -r     #        && mv history.n.dir history.dir     #        && mv history.n.index history.index     #        && mv history.n.hash history.hash
fi


##  Remove temporary batchfiles and lock files.
( cd ${ BATCH}  && rm -f bch* )
( cd ${ LOCKS}  && rm -f LOCK* )
( cd ${ TEMPSOCKDIR}  && rm -f ${ TEMPSOCK}  )
rm -f ${ NEWSCONTROL}  ${ NNTPCONNECT}  ${ SERVERPID}

##  Start the show.
echo 'Starting innd.'
eval ${ WHAT}  ${ RFLAG}  ${ INNFLAGS}

# Gee, looks like lisp, doesn't it?
${ DOINNWATCH}  && {
    echo "Scheduled start of ${ INNWATCH} ."
    ( sleep 60 ; ${ INNWATCH}  ) &
}

${ DOCNFSSTAT}  && {
    echo "Scheduled start of cnfsstat."
    ( sleep 60 ; ${ PATHBIN} /cnfsstat -s -l ) &
}

RMFILE=${ MOST_LOGS} /expire.rm
for F in ${ RMFILE}  ${ RMFILE} .*; do
    if [ -f $F -a -s $F ] ; then
    echo "Removing articles from pre-downtime expire run (${F})."
    (
        echo 'System shut down during expire.'        'Unlinking articles listed in'
        echo ${ F}
    ) | eval ${ MAIL}
    ${ PATHBIN} /expirerm ${ F}
    fi
done &

This script performs numerous housekeeping chores, which include checking that the news.daily script (which takes care of things such as article expiration) has been run recently and actually starting INN.

After the INN package is installed and ready to go, you need to check the configuration information to make sure everything will run smoothly when innd or nntpd (the NNTP daemon) connect to the newsfeed.

NOTE

INN is very particular about its user and group setup and file permissions in general. As a general rule, don't modify any INN file permissions at all; you may otherwise find the package ceases to work properly.

Configuring INN

Configuring INN can take hours because it is a complex package that allows many newsfeeds at once. Don't worry; for a simple connection to an ISP through TCP/IP or UUCP, you can configure INN in a few minutes. Most of the work was done when you installed the package.

When changing configuration files it is always advisable to back up the copies. If it's a personal system, just copy them with the same name with the extension .orig or .bak appended. If there are multiple admins on the machine, adding your login name helps the other admins know who did what. Follow these steps to check and configure your INN setup, being careful to back up any files changed and preserve permissions as you go:

  1. Edit the /etc/news/incoming.conf file. This file lists all the newsfeeds that your system connects to and is read by the INN daemon. Enter the names or IP addresses of the newsfeed machines using the following as an example:

                   peer newsfeed {
                 hostname:     news.isp.net
               }

    Because most systems will have only a single newsfeed, you will only need one peer entry. If your newsfeed requires a password, add another parameter password: with the appropriate password after the colon. There are many other parameters that can be specified on a per-newsfeed basis. For a full list see the incoming.conf(5) manual page.

  2. If you allow other machines on your local area network or machines connecting through a remote access server on your machine to read news collected by your system, you need to add their names to the /etc/news/nnrp.access file. This file is read when the nnrpd daemon starts for each person invoking a newsreader. The nnrp.access file contains a list of all the machines that are allowed to read news from your server and follows this syntax:

    
         name:perms:user:password:newsgroup

    name is the address of the machine that you are allowing to read news. (You can use wildcards to allow entire subnets.) perms is the permissions and has one of the following values: Read (for read-only access), Post (to allow posting of messages), or Read Post (for both Read and Post). user authenticates a username before it is allowed to post, and password accomplishes the same task. To prevent a user from posting messages through your server, leave user and password as spaces so they can't be matched.

    newsgroup is a pattern of newsgroup names that can be either read or not read, depending on how you set up the contents. Access to newsgroups uses wildcards, so comp* allows access to all newsgroups starting with comp, whereas !sex disables access to any newsgroups starting with the word sex. The default setting in the nnrp.access file is to prevent all access. To allow all users in the domain tpci.com to read and post news with no authentication required, add this line to nnrp.access:

    
         *.tpci.com:Read Post:::*

    To open the news system to everyone on your system regardless of domain name, use an asterisk instead of a domain name.

  3. The file inn.conf should be in your /etc/news directory. You should probably change the line with organization in it to the following:

    
         organization:    Your company name

    This specifies the default organization: header entry when your users post an article to your news server.

Of course, if you are setting up INN to get news from your ISP's news server, your ISP would have to set up its end with the newsgroups that you want your users to be able to access. Remember that news takes up a lot of bandwidth, so try to minimize the amount of news you download.

Another common task is to set up a local newsgroup. This might be used by a company to discuss projects, or by a school to discuss classes. This common task is covered in part six of the INN FAQ. The entire FAQ can be found in /usr/share/doc/inn-2.2.2/faq. To do this, make sure that INN is up by running /etc/init.d/innd status. Add the group by typing ctlinnd newgroup foozle.widgets. Add the following to /etc/news/newsfeeds:


   ME:!foozle.*::
out.going.site:*,!foozle.*:Tf,Wnm

Then add a descriptive entry to /var/lib/news/newsgroups and you're done. Replace "foozle" and "out.going.site" with the group hierarchy name you'd like to use and the name of your peering site.

After setting the incoming.conf, nnrp.access, and inn.conf files and notifying your ISP that you want to access its NNTP service, you should be able to use INN to download news and access it with a newsreader. (This assumes you've granted yourself permission in the nnrp.access file.) A lot of complexity can be introduced into INN's configuration file, but keeping it simple tends to be the best method. As your experience grows, you can modify the behavior of the newsfeeds; you should start, however, with as simple an access approach as possible to allow testing of the news system first. After setting up INN, the next step is to provide users with a newsreader.

Share ThisShare This

Informit Network