My wife is half-working, half-preparing for some course, on a Sunday. I’m setting up a news server in 2023. Oh well!
A year ago, I tried setting up INN because I wanted to use NNCP to exchange net news. Like Usenet. Like UUCP. But it didn’t quite work: 2022-02-06 Struggling with INN.
2022-02-06 Struggling with INN
A few days ago, I abandoned the NNCP goal and decided to go small instead: 2023-05-17 Net News.
Using sn was comparatively easy! I got it up and running. I found a way to enable authentication, I even found a way to test it all: I had sn running on the server, and I had sn running on the laptop. The sn on the laptop used authentication to exchange news with the server. Yay! Glorious!
But then I wondered about INN again. Also, Cosmic Voyage and the Tildeverse Usenet News keep singing their siren song in the distance. And their setup uses INN. “Peering” only seems to work for INN. What a mess.
And so I dismantled my sn setup and tried INN. This resulted in some complications for sn running on the laptop was out of sync. The news client tin running on the server and tin running on the laptop were out of sync. Yikes! Don’t do this. If you do, remove the .newsrc file and the .tin directory, and start from scratch. That was the easiest way to move forward. On the laptop, I used sndelgroup to delete the existing groups, and changed the password files… Aaargh.
When I ran “apt install inn2” on the server, it uninstalled sn. Sure! But critically, it left “/etc/inetd.conf” untouched, so incoming connections on port 119 would be handled by inetd, which ran my “nntp.sh” file with the sn authentication code, which then called snntpd which no longer existed. 😭
OK, but what about the configuration on the server? Let’s start with INN again.
When you install the inn2 package on Debian, it fails with an error message because there are problems with inn.conf. You need to edit that file and then you can install it again, and it’ll work.
So, “/etc/news/inn.conf”. What did I change?
organization: "Campaign Wiki" pathhost: campaignwiki.org domain: campaignwiki complaints: alex@alexschroeder.ch
For authentication, I changed “/etc/news/readers.conf”. First, comment the existing sections. Instead, use the following:
auth "foreignokay" {
auth: "ckpasswd -f /var/lib/news/newsusers"
default: "<unauthenticated>"
}
access "authenticatedpeople" {
users: "*"
newsgroups: "*,!junk,!control,!control.*"
}
access "readonly" {
users: "<unauthenticated>"
read: "local.*,campaignwiki.*"
post: "!*"
}
If a user authenticates, nothing happens. If a user does not authenticate, they aren’t allowed to post – and they only have access to the newsgroups local.general, local.test, campaignwiki.talk (which is going to be created below) and others forming the same conventions, but not cosmic._ or tilde._, should we ever peer with them.
Thus, if you’re using tin as the client, you need to run tin -r -A. -r makes it use NNTP and -A makes it authenticate even if the server isn’t asking for it.
The “/var/lib/news/newsusers” file is created manually. Every line consists of a username, a colon, and a hashed password. In order to generate the hash for the password “_secret_”, run the following:
openssl passwd -5 "*secret*"
By default, you have two local groups, “local.general” and “local.test”. It should be possible to post by now.
In order to create a new group:
ctlinnd newgroup campaignwiki.talk
This updates “/var/lib/news/active” (and maybe it does other things as well). You have to manually update “/var/lib/news/newsgroups” to add the name, a tab, and a short description:
campaignwiki.talk Campaign Wiki group to be human
Now it should be possible to list this group.
The sn setup on my laptop remained unchanged. I added back the foreign groups I had deleted:
sudo snnewgroup local.test campaignwiki.org sudo snnewgroup local.general campaignwiki.org sudo snnewgroup campaignwiki.talk campaignwiki.org
I made sure to have the files “username” and “password” containing the respective username (”alex”) and password (”_secret_”) in the directory “/var/spool/sn/.outgoing/campaignwiki.org:119/”.
Get the new posts from the server, and to post any articles I wrote locally:
sudo snget
To debug, look at the output of the above command, and look at the inn log on the server:
journalctl --unit inn2.service --follow
I think it works!
Give it a try. Use Thunderbird! Or tin:
tin -g campaignwiki.org
There, you can look at the groups. Read-only access! Contact me to get an account. With that:
tin -A -g campaignwiki.org
Use the same credentials to setup a local news server like I did, if you feel like it. It’s not required, however.
As a note to myself and to anybody who’s already using tin for some other server: You probably don’t want to use the same “.newsrc” file or you’ll get a lot of non-existing groups. Here’s how to specify a new (and empty) one.
tin -g campaignwiki.org -f .newsrc-campaignwiki
Alternatively, set up “~/.tin/newsrctable”:
campaignwiki.org .newsrc-campaignwiki cw
And “~/.newsauth”:
campaignwiki.org <password> <username>
Fix permissions:
chmod 600 ~/.newsauth
Now you can run tin with authentication, for campaignwiki.org:
tin -g cw -A
Next up: peering??
#Administration #News
When adding a new group: