💾 Archived View for gemini.complete.org › using-nncp-with-sudo captured on 2024-12-17 at 10:00:13. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2024-07-09)
-=-=-=-=-=-=-
We're going to cover two different sudo situations:
1. Running NNCP[1] commands for an NNCP installation that runs as a different user
2. Using sudo to facilitate communications between two different NNCP installations on a system, running as different users
Sometimes, the NNCP commands run as a different user than your day-to-day user. Perhaps you would like to be able to use them with sudo, both for sending and receiving. This document shows you how. It doesn't actually need any nncp-tools code; it's pure documentation.
In my case, I have a jgoerzen user for my main work, and a nncp user for nncp. I created a `/etc/sudoers.d/local-nncp` file like this:
jgoerzen ALL=(nncp) NOPASSWD: /usr/local/nncp/bin/nncp-* nncp ALL=(jgoerzen) NOPASSWD: /home/jgoerzen/bin/gitsync-recv
I have my NNCP programs installed in `/usr/local/nncp/bin`, so this lets jgoerzen run any of them without a password.
Also, I use gitsync-nncp[2], so I allow NNCP to send data to it.
2: https://github.com/jgoerzen/gitsync-nncp
You could, of course, type `sudo -Hu nncp /usr/local/nncp/bin/nncp-stat` and similar (note that the full path is required here). But that's a real pain. Instead, just do this (assuming bash):
for FILE in /usr/local/nncp/bin/*; do BASENAME="`basename "$FILE"`" alias "$BASENAME=sudo -Hu nncp $FILE" done
You can put that in your .bash_aliases or other .bashrc/.profile files as appropriate.
In order to receive nncp-exec files, you'll use a line like this in your nncp.hjson exec clause:
repo1: ["sudo", "-Hu", "jgoerzen", "/home/jgoerzen/bin/gitsync-recv", "/home/jgoerzen/repo1"]
That's all there is to it!
In my Tunneling NNCP over other transports[3] documentation, I talk about running NNCP over ssh. A very similar approach can be taken with sudo. For instance, if you have user1 and user2 on a system, each with separate NNCP installations with their own spools, you can let them talk to each other via sudo. One of them will need an addrs[4] section like this:
3: /tunneling-nncp-over-other-transports/
4: https://nncp.mirrors.quux.org/CfgNeigh.html
addrs: { sudo: "|sudo -Hu otheruser /usr/local/nncp/bin/nncp-daemon -ucspi" }
And your sudoers would look like:
firstuser ALL=(otheruser) NOPASSWD: /usr/local/nncp/bin/nncp-daemon
There you have it - instant communication!
--------------------------------------------------------------------------------
5: /tunneling-nncp-over-other-transports/
NNCP[6] has built-in support for running over TCP, with nncp-daemon and nncp-call/caller. NNCP's own use cases[7] page talks about various use cases for NNCP. Some of them, such as the no link[8] page, cover use of nncp-xfer; others, such as the one-way broadcasting[9] page go over nncp-bundle.
7: https://nncp.mirrors.quux.org/Use-cases.html
8: https://nncp.mirrors.quux.org/UsecaseNoLink.html
9: https://nncp.mirrors.quux.org/UsecaseBroadcast.html
Usenet[11], of course, originally ran over UUCP[12] in quite a few cases. Since NNCP[13] is quite similar to UUCP -- in fact, you can map UUCP commands to NNCP ones[14] -- it is quite possible, and not all that hard, to run Usenet over NNCP. In fact, in a number of ways, it works better than Usenet over UUCP!
14: https://nncp.mirrors.quux.org/Comparison.html
NNCP lets you securely send files, or request remote execution, between systems. It uses asynchronous communication[16], so the source and destination need never be online simultaneously. NNCP can route requests via intermediate devices -- other NNCP nodes, USB sticks, tapes, radios, phones, cloud services, whatever -- leading to a network that is highly resilient and flexible. NNCP makes it much easier to communicate with devices that lack Internet connectivity, or have poor Internet.
16: /asynchronous-communication/
(c) 2022-2024 John Goerzen