using NNCP with sudo

Background

We’re going to cover two different sudo situations:

  1. Running NNCP commands for an NNCP installation that runs as a different user
  2. Using sudo to facilitate communications between two different NNCP installations on a system, running as different users

Interacting with NNCP that’s running as a different user

Sometimes, the NNCP commands run as a different user than your day-to-day user. Perhaps you would like to be able to use them with sudo, both for sending and receiving. This document shows you how. It doesn’t actually need any nncp-tools code; it’s pure documentation.

setting up sudoers

In my case, I have a jgoerzen user for my main work, and a nncp user for nncp. I created a /etc/sudoers.d/local-nncp file like this:

jgoerzen ALL=(nncp) NOPASSWD: /usr/local/nncp/bin/nncp-*
nncp ALL=(jgoerzen) NOPASSWD: /home/jgoerzen/bin/gitsync-recv

I have my NNCP programs installed in /usr/local/nncp/bin, so this lets jgoerzen run any of them without a password.

Also, I use gitsync-nncp, so I allow NNCP to send data to it.

Setting up aliases

You could, of course, type sudo -Hu nncp /usr/local/nncp/bin/nncp-stat and similar (note that the full path is required here). But that’s a real pain. Instead, just do this (assuming bash):

for FILE in /usr/local/nncp/bin/*; do
   BASENAME="`basename "$FILE"`"
   alias "$BASENAME=sudo -Hu nncp $FILE"
done

You can put that in your .bash_aliases or other .bashrc/.profile files as appropriate.

Receiving nncp-exec files

In order to receive nncp-exec files, you’ll use a line like this in your nncp.hjson exec clause:

     repo1: ["sudo", "-Hu", "jgoerzen", "/home/jgoerzen/bin/gitsync-recv", "/home/jgoerzen/repo1"]

That’s all there is to it!

Facilitating communications between two installations

In my Tunneling NNCP over other transports documentation, I talk about running NNCP over ssh. A very similar approach can be taken with sudo. For instance, if you have user1 and user2 on a system, each with separate NNCP installations with their own spools, you can let them talk to each other via sudo. One of them will need an addrs section like this:

addrs: {
  sudo: "|sudo -Hu otheruser /usr/local/nncp/bin/nncp-daemon -ucspi"
}

And your sudoers would look like:

firstuser ALL=(otheruser) NOPASSWD: /usr/local/nncp/bin/nncp-daemon

There you have it - instant communication!


NNCP has built-in support for running over TCP, with nncp-daemon and nncp-call/caller. NNCP’s own use cases page talks about various use cases for NNCP. Some of them, such as the no link page, cover use of nncp-xfer; others, such as the one-way broadcasting page go over nncp-bundle.

Usenet, of course, originally ran over UUCP in quite a few cases. Since NNCP is quite similar to UUCP – in fact, you can map UUCP commands to NNCP ones – it is quite possible, and not all that hard, to run Usenet over NNCP. In fact, in a number of ways, it works better than Usenet over UUCP!

NNCP lets you securely send files, or request remote execution, between systems. It uses asynchronous communication, so the source and destination need never be online simultaneously. NNCP can route requests via intermediate devices – other NNCP nodes, USB sticks, tapes, radios, phones, cloud services, whatever – leading to a network that is highly resilient and flexible. NNCP makes it much easier to communicate with devices that lack Internet connectivity, or have poor Internet.