Introduction $Id: checklist 5912 2002-12-03 05:31:11Z vinocur $ This is an installation checklist written by Rebecca Ore, intended to be the beginning of a different presentation of the information in INSTALL, since getting started with installing INN can be complex. Further clarifications, updates, and expansion are welcome. Setup * Make sure there is a "news" user (and a "news" group) * Create a home directory for news (perhaps /usr/local/news/) and make sure it (and subdirectories) are owned by "news", group "news". You want to be careful that things in that directory stay owned by "news" -- but you can't just "chown -R news.news" after the install, because you may have binaries that are SUID root. You can do the build as any user, because "make install" will set the permissions correctly. After that point, though, you may want to "su news" to avoid creating any files as root. (For routine maintenance once INN is working, you can generally be root.) * If necessary, add ~news/bin to the news user's path and ~news/man to the news user's manpath in your shell config files. (You may want to do this, especially the second part, on your regular account; the manpages are very useful.) You can do this now or later, but you will certainly want the manpages to help with configuring INN. For bash, try: PATH=~news/bin:$PATH export PATH MANPATH=~news/man:$MANPATH export MANPATH or csh: setenv PATH ~news/bin:$PATH setenv MANPATH ~news/man:$MANPATH although if you don't already have MANPATH set, the above may give an error or override your defaults (making it so you can only read the news manpages); if "echo $MANPATH" does not give some reasonable path, you'll need to look up what the default is for your system (such as /usr/man or /usr/share/man). Compile * Download the INN tarball and unpack. * Work out configure options ("./configure --help" for a list). If you aren't working out of /usr/local/news, or want to put some files on a different partition, you can set the directories now (or later in inn.conf if you change your mind). You probably want "--with-perl". If you're not using NetBSD with cycbuffs or OpenBSD, perhaps "--with-tagged-hash". You might want to compile in SSL and Berkeley DB, if your system supports them. ./configure --with-perl ... make su make install (If you do the last step as root, all of the ownerships and permissions will be correct.) Configure * Find INSTALL and open a separate window for it. A printout is probably a good idea -- it's long but very helpful. Any time the instructions below ask you to make a decision, you can probably find help in INSTALL. * Now it's time to work on the files in ~news/etc/. Start with inn.conf; you must fill in the default moderators address, your fully qualified domain names and path. Fill in all the blanks. Change the file descriptor limits to something like 500. * If using cycbuffs (the CNFS storage method), open cycbuff.conf in one window and a shell in another to create the cycbuff as described in INSTALL. As you create them, record in cycbuff.conf the paths and sizes. Save paths and sizes in a separate text file on another machine in case you ever blow away the wrong file. Name the metacycbuff, then configure storage.conf. * In storage.conf, be sure that all sizes of articles can be accomodated. If you want to throw away large articles, do it explicitly by using the "trash" storage method. * The default options in expire.ctl work fine if you have cycbuffs, if not, configure to suit. * Check over moderators and control.ctl. * Run ~news/bin/inncheck and fix anything noted. Inncheck gives a rough check on the appropriateness of the configuration files as you go. (It's the equivalent of "perl -cw yourfile.pl" for perl scripts.) Note that inncheck is very conservative about permissions; there's no reason most of the config files can't be world-readable if you prefer that. * Import an active file (~news/db/active) and run inncheck again. Change where noted (there's a gotcha in the ISC's active list 000000 000000 (whatever number of zeros) should be 0000000 00000001). * Create empty initial db files. Be sure these end up owned by news. cd ~news/db touch newsgroups touch active.times touch history ~news/bin/makedbz -i mv history.n.hash history.hash mv history.n.index history.index mv history.n.dir history.dir chmod 644 * * Create the cron jobs and make the changes to your system's syslog.conf as noted in INSTALL. Also create the cron job for nntpsend if you've chosen that over innfeed. Create the log files. * For the time being, we can see if everything initially works without worrying about feeds or reader access. Run * Start inn by running ~news/bin/rc.news *as the news user*. Check ~news/log/news.notice to see if everything went well, also use "ps" to see if innd is running. "telnet localhost 119" and you should see either a welcome banner or a "no permission to talk" message. If not, investigate. * "man ctlinnd" now; you'll use "ctlinnd reload" as you complete your configuration. Feeds All of this can be done while INN is running. * To get your incoming feeds working, edit incoming.conf. When done, "ctlinnd reload incoming.conf reason" (where "reason" is some text that will show up in the logs, anything will do). * To get your outgoing feeds working, decide whether to use innfeed or nntpsend. Edit newsfeeds and either innfeed.conf or nntpsend.ctl. In newsfeeds, if using innfeed, use the option which doens't require you to do a separate innfeed configuration unless you know more than I do. Then "ctlinnd reload newsfeeds reason". * In readers.conf, remember that auth and access can be separated. Begin with auth. Your auth for password users could look like this: auth "foreignokay" { auth: "ckpasswd -d ~news/db/newsusers" default: "" } There is a perl script in the ckpasswd man page if you want to do authentications by password and have the appropriate libraries. Copy it to ~news/bin, name the file something like makepasswd.pl and change the internal paths to whatever you're using and wherever you're putting the newsusers database. The standard Apache "htpasswd" tool also works just fine to create INN password files. Follow with the access stanzas. Something for people with passwords: access "generalpeople" { users: "*" newsgroups: "*,!junk,!control,!control.*" } And then something like one of the following two, depending on whether unauthenticated users get any access: access "restrictive" { users: "" newsgroups: "!*" } access "readonly" { users: "" read: "local.*" post: "!*" } You don't need to reload anything after modifying readers.conf; every time an nnrpd launches it reads its configuration from disk.