openbsd-ports/news/leafnode/patches/patch-INSTALL

$OpenBSD: patch-INSTALL,v 1.13 2014/03/25 12:23:36 ajacoutot Exp $
--- INSTALL.orig	Tue Apr 14 14:49:24 2009
+++ INSTALL	Tue Mar 25 13:21:54 2014
@@ -70,14 +70,14 @@ as sudo.
     the lock file (defaults to leaf.node/lock.file below the spooldir).
 
  ## Since 1.9.52, you can also configure the user and group account that
- ## leafnode switches to when started as "news", by means of the --with-user
+ ## leafnode switches to when started as "_news", by means of the --with-user
  ## and --with-group options. DO MAKE SURE that the --with-user is a member of
  ## the group you give to the --with-group option (on most systems, the "id" or
  ## "groups" command with a user account name should tell you what groups the
  ## user is in.)
 
     NOTE: DO MAKE SURE that the lock file is in a directory that is writable by
-    the user "news". Leafnode will have dropped root privileges when it tries
+    the user "_news". Leafnode will have dropped root privileges when it tries
     to obtain the lock file, and it needs write access. The new default (as of
     1.9.37) should be fine in most cases.
 
@@ -100,11 +100,11 @@ as sudo.
 
 3a. (as root) Create a "news" group if you don't have one.
 
-3b. (as root) Create a "news" user if you don't have one. Its primary group
+3b. (as root) Create a "_news" user if you don't have one. Its primary group
     should be "news", with no supplemental groups.
 
 3c. (as root) Create an alias in your mail system to forward mail addressed to
-    "news" to the real user who looks after leafnode.
+    "_news" to the real user who looks after leafnode.
 
     If you run qmail: get and install the fastforward package.
     It is available from qmail distribution sites.
@@ -112,7 +112,7 @@ as sudo.
     Common choices are Postfix, Exim and Courier.
 
     Find your aliases file (/etc/aliases or /etc/mail/aliases), add a line
-    "news: joe" (assuming joe looks after your leafnode) and then type
+    "_news: joe" (assuming joe looks after your leafnode) and then type
 
 	newaliases.
 
@@ -165,17 +165,17 @@ as sudo.
     different postings clash and other troubles. See one of the README-FQDN*
     files for details.
 
-8.  (as news) Set up a cron job to run texpire every night or at least every
+8.  (as _news) Set up a cron job to run texpire every night or at least every
     week.  Here is my crontab line, which runs nightly:
 
     0 4 * * * /usr/local/sbin/texpire
 
-    On some systems, you may need to allow the user "news" to install/edit
+    On some systems, you may need to allow the user "_news" to install/edit
     crontabs, some of these use the file /etc/cron.allow to store this
     information. Check the information for your cron system, man cron or man
     crontab should provide you with details.
 
-    I did "su news -c 'crontab -e'" as root to edit the crontab file, and added
+    I did "su _news -c 'crontab -e'" as root to edit the crontab file, and added
     this line.  Substituting "1" for the third "*", thus:
 
     0 4 * * 1 /usr/local/sbin/texpire
@@ -184,9 +184,9 @@ as sudo.
     details.
 
 9.  Make sure fetchnews is run at the appropriate time.  If you have a
-    full-time link, run it from cron (as "news" again), if not, run it when
+    full-time link, run it from cron (as "_news" again), if not, run it when
     your connection to the net is established.  If it is run as root, it will
-    change its user ID to "news" automatically. If you use PPP, you can
+    change its user ID to "_news" automatically. If you use PPP, you can
     probably run fetchnews from /etc/ppp/ip-up.local or /etc/ppp/ip-up.
 
 10. (as root) Edit /etc/hosts.deny to add a line:
@@ -221,31 +221,21 @@ as sudo.
        configuration file for inetd is usually /etc/inetd.conf or
        /etc/inet/inetd.conf.
 
-    b) Then, xinetd has joined in and is now the default on Red Hat and
-       SUSE Linux, it is described in section 11b.
-
-    c) Another possibility is to use Dan J. Bernstein's daemontools and
+    b) Another possibility is to use Dan J. Bernstein's daemontools and
        ucspi-tcp packages, but like all DJB-ware, their installation is easy,
        but different from that of most other packages. The installation is
-       described in section 11c (automatic) and 11d (manual).
+       described in section 11b (automatic) and 11c (manual).
 
-11a.ONLY WHEN USING INETD (Beware, many systems ship xinetd nowadays, see
-    section 11b below instead.)
+11a.ONLY WHEN USING INETD
 
     (as root) Edit /etc/inetd.conf so that $(BINDIR)/leafnode is executed for
     incoming NNTP connections.  Here is my inetd.conf line (insert it at the
     leftmost column, without leading spaces!):
 
-    nntp stream tcp nowait news /usr/sbin/tcpd /usr/local/sbin/leafnode
+    nntp stream tcp nowait _news /usr/local/sbin/leafnode leafnode
 
-    This starts leafnode for all connections on the nntp port, subject to
-    /etc/hosts.allow and /etc/hosts.deny screening.  If you don't have
-    /usr/sbin/tcpd, fetch the tcp_wrappers package and install it.
-
-    Using leafnode without tcpd is not supported and opens your computer to
-    abuse (even happens on modem lines that are only connected during the
-    fetch!)
-
+    This starts leafnode for all connections on the nntp port.
+    
     After these changes, force inetd to read the changed configuration file by
     sending it the HANGUP signal. To achieve this, issue the following command
     (as root):
@@ -254,51 +244,8 @@ as sudo.
 
     Proceed to step #12.
 
-11b.ONLY WHEN USING XINETD
-    (as root)
+11b. (as root) AUTOMATIC INSTALLATION WITH DAEMONTOOLS AND UCSPI-TCP
 
-    xinetd versions before 2.3.10 are not supported. It may or may not work for
-    you with older versions.
-
-    More documentation is available in the xinetd and xinetd.conf manual pages.
-    Try man xinetd.
-
-     a. check if your /etc/xinetd.conf has a "includedir /etc/xinetd.d" line.
-	If it has, store the configuration snippet below as
-	/etc/xinetd.d/leafnode. If your xinetd.conf does NOT have that
-	includedir line, append the configuration snippet to your
-	/etc/xinetd.conf.
-
-     b. After you have figured which of the two files to edit (or create), add
-	this to the xinetd configuration file:
-
-	service nntp
-	{
-	    flags           = NAMEINARGS NOLIBWRAP
-	    socket_type     = stream
-	    protocol        = tcp
-	    wait            = no
-	    user            = news
-	    server          = /usr/sbin/tcpd
-	    server_args     = /usr/local/sbin/leafnode
-	    instances       = 7
-	    per_source      = 3
-	}
-
-    This allows at most 7 leafnode connections. At most 3 connections are
-    allowed from the same client host at the same time. Adjust these figures if
-    necessary.
-
-    Send xinetd a USR2 or HUP signal (check the documentation which one you
-    need, it depends on the xinetd version) to make it re-read its
-    configuration.  Figure its PID with ps ax | egrep '[x]inetd' on Linux or
-    *BSD or ps -ef | egrep '[x]inetd' on SysV machines (Solaris), then do:
-    kill -s USR2 12345, replacing 12345 with the PID you just found out.
-
-    Proceed to step #12.
-
-11c. (as root) AUTOMATIC INSTALLATION WITH DAEMONTOOLS AND UCSPI-TCP
-
     Scope: this installation will configure to run tcpserver for leafnode, with
     native ("tcprules") access control that (by default) allows connections
     from 127.0.0.1 and listens on that address.
@@ -320,7 +267,7 @@ as sudo.
     c. Configuration hints that relate to this setup (listening IP,
        access control, maximum number of clients) are in README-daemontools.
 
-11d. (as root) MANUAL INSTALLATION WITH DAEMONTOOLS AND UCSPI-TCP
+11c. (as root) MANUAL INSTALLATION WITH DAEMONTOOLS AND UCSPI-TCP
     a. Before you can proceed, you need to install Dan J. Bernstein's
        daemontools and ucspi-tcp, available from
        http://cr.yp.to/daemontools.html and http://cr.yp.to/ucspi-tcp.html --
@@ -349,7 +296,7 @@ as sudo.
        #! /bin/sh
        exec 2>&1
        exec /usr/local/bin/tcpserver -c10 -l0 -H -v 127.0.0.1 119 \
-       /usr/local/bin/setuidgid news /usr/local/bin/argv0 /usr/sbin/tcpd \
+       /usr/local/bin/setuidgid _news /usr/local/bin/argv0 /usr/libexec/tcpd \
        /usr/local/sbin/leafnode
 
        You may need to adjust the paths if your software is in a non-standard
@@ -365,7 +312,7 @@ as sudo.
        exec 2>&1
        exec /usr/local/bin/tcpserver -c10 -l0 -H -v -x nntp.cdb \
        127.0.0.1 119 \
-       /usr/local/bin/setuidgid news /usr/local/sbin/leafnode
+       /usr/local/bin/setuidgid _news /usr/local/sbin/leafnode
 
        As above, adjust the paths and the IP.
 
@@ -400,7 +347,7 @@ as sudo.
     svscan should notice the new leafnode service within 5 seconds and
     start it.
 
-12. (as root or news) Run fetchnews.  The first run will take some time since
+12. (as root or _news) Run fetchnews.  The first run will take some time since
     fetchnews reads a list of all newsgroups from your upstream server.  With
     an 28.8 modem, it can take as long as 60 minutes (depending on how many
     newsgroups your provider offers). To see fetchnews working, run it with
@@ -427,7 +374,7 @@ as sudo.
     After this, you should have empty files in
     /var/spool/news/interesting.groups/ for every group you want to read.
 
-14. (as root or news) Run fetchnews again. This run should pick up all the
+14. (as root or _news) Run fetchnews again. This run should pick up all the
     groups you want to read.
 
 15. Note: for access from remote sites, outside of your LAN, additional