Merge branch 'develop'

[nncp.git] / doc / admin.texi

@node Administration
@unnumbered Administration

NNCP uses following files/directories you should be aware of:

@itemize

@item
    @ref{Configuration} file, for example @file{/usr/local/etc/nncp.hjson}.
    Should not be globally readable, because it contains private keys.

@item
    @ref{Spool} directory with inbound/outbound encrypted packets, for
    example @file{/var/spool/nncp}.

    It also contains temporary files (in @file{tmp/} directory),
    possibly left alone, if some of the commands failed and prematurely
    exited and that should be cleaned from time to time.

    Partly transferred files are stored with @file{.part} suffix. And
    possibly they also require cleanup if they are completely lost.

    Also it can contain @file{.seen} files, that should be cleaned too
    from time to time.

    All of that cleaning tasks can be done with @ref{nncp-rm} utility.

    @anchor{Shared spool}
    If you want to share single spool directory with multiple grouped
    Unix users, then you can @command{setgid} it and assure that umask
    is group friendly. For convenience you can set @option{umask}
    globally for invoked NNCP commands in the configuration file. For
    example:

@example
$ chgrp nncp /usr/local/etc/nncp.hjson /var/spool/nncp
$ chmod g+r /usr/local/etc/nncp.hjson
$ chmod g+rwxs /var/spool/nncp
$ echo 'umask: "007"' >> /usr/local/etc/nncp.hjson
@end example

@item
    @ref{Log} file, for example @file{/var/spool/nncp/log}. It should be
    rotated. Choose you own preferable way to do it.

    Example @url{https://www.newsyslog.org/manual.html, newsyslog}'s entry:
@example
/var/spool/nncp/log             644     7       100     *       BCYN
@end example

@item
    Optional @ref{CfgIncoming, incoming} directories where uploaded
    files are stored. Probably you want to run @ref{nncp-reass} from
    time to time to reassemble all chunked uploads. Example crontab
    entry:

@example
*/1     *       *       *       *       nncp-reass -all -noprogress
@end example

@item
    Possibly long running @ref{nncp-daemon}, @ref{nncp-caller},
    @ref{nncp-toss} daemons. As all software, they can fail and you
    should place them under some supervisor control.

    For example you can use @url{http://cr.yp.to/daemontools.html,
    daemontools} for that task to run them under probably existing
    @verb{|uucp|} user:

@example
# mkdir -p /var/service/.nncp-toss/log
# cd /var/service/.nncp-toss

# cat > run <<EOF
#!/bin/sh -e
exec 2>&1
exec setuidgid uucp /usr/local/bin/nncp-toss -cycle 10
EOF

# cat > log/run <<EOF
#!/bin/sh -e
exec setuidgid uucp multilog t ./main
EOF

# chmod -R 755 /var/service/.nncp-toss
# mv /var/service/.nncp-toss /var/service/nncp-toss
@end example

@item
    @ref{nncp-daemon} can also be run as
    @url{https://en.wikipedia.org/wiki/Inetd, inetd} service on UUCP's port:

@example
uucp    stream  tcp6    nowait  nncpuser        /usr/local/bin/nncp-daemon      nncp-daemon -quiet -inetd
@end example

@item
    Or it can be also run as a @command{daemontools} daemon under
    @url{http://cr.yp.to/ucspi-tcp.html, UCSPI-TCP}:

@example
# mkdir -p /var/service/.nncp-daemon/log
# cd /var/service/.nncp-daemon

# cat > run <<EOF
#!/bin/sh -e
exec envuidgid nncpuser tcpserver -DRHU -l 0 0 uucp \
        /usr/local/bin/nncp-daemon -quiet -inetd
EOF

# cat > log/run <<EOF
#!/bin/sh -e
exec setuidgid uucp multilog t ./main
EOF

# chmod -R 755 /var/service/.nncp-daemon
# mv /var/service/.nncp-daemon /var/service/nncp-daemon
@end example

@end itemize