-*- text -*-

Install INN with ACL Support

M.C. Widerkrantz, mc at hack.org
Time-stamp: <2006-07-02 21:27:48 by MC>

You can find the latest patched INN version with Access Control List
support here:

  http://hack.org/mc/hacks.html

The latest version should be:

  http://hack.org/mc/inn-mc.tar.gz

Most of the changes are in nnrpd, see nnrpd/userdb.c.

You will also need some way of editing the ACL and authentication
database. The tool I provide is called NAF and can be fetched from the
same place:

  http://hack.org/mc/naf.tar.gz

NAF comes in two flavours, one interactive command line flavour and as
a CGI script. They both rely on a Perl module, News::INNAdmin,
included in the distribution.

After unpacking the INN tar ball, check the

  authprogs/Makefile

and

  nnrpd/Makefile

and change the DBINCLUDE and DBLIB paths if you have Berkeley DB
installed at another path.

Then do something like this:

  % ./configure --prefix=/news --with-perl
  % make

Make sure there is a news user on your system or create the user if
need be. Set the user's home directory to where you would like to
install INN, the admin scripts and, possibly, the Webnews WWW News
client. Typical values are /news or /home/news.

Then install INN with

  make install

and, as the news user, create the empty history database:

  % su - news
  % cd db
  % touch history
  % makedbz -i

Then manually rename the history.n.* files to history.*.

Create the log files (for instance news.notice, news.err, news.crit).
Edit your syslog configuration, most likely in /etc/syslog.conf and
restart your syslog daemon, usually by sending a HUP signal to
syslogd.

Edit the crontab entry (usually with crontab -e) for the news user to
run /news/bin/news.daily at least daily. See the man page for
news.daily for options you may want to add.

0 3 * * * /home/www/news/bin/news.daily expireover lowmark delayrm

* ACL Support

Now edit 

  ~news/etc/inn.conf

And insert 

  nnrpdauthfrom: true

if you want From line rewriting based on authentication, and,

  nnrpdacl: true

to use the Access Control Lists for newsgroup access.

Add readers.conf to go along with the ACL database and authenticate
users from it:

  auth "remotes" {
      hosts: "*"
      auth: "mcpasswd -f /news/db/newsusers.db"
  }

Now start the News server:

  $ rc.news

You might want to include something like this if you have an rc.d type
system to start your servers. I named this script inn.sh and put it in
/usr/local/etc/rc.d/ on my FreeBSD system, which starts things
automagically at boot time:

  #! /bin/sh

  case X"$1" in
  Xstart)
      if [ -x /home/news/bin/rc.news ]
      then
          printf "Starting inn: "
          su news -c /home/news/bin/rc.news
      fi
  ;;
  Xstop)
      if [ -x /home/news/bin/rc.news ]
      then
          su news -c '/home/news/bin/rc.news stop'
      fi
      exit 0
  ;;
  esac

To edit the ACLs and the user data, install NAF and procede from
there.
