返回主页
虚拟光驱软件 DaemonTools 安装说明
ucspi-tcp 软件包安装说明
tcpserver 使用详解
设置一个 daytime 服务器
命令行版 tcpserver 安装指南

A complete setup of a daytime server

A daytime server just hands out a human readable date for each connection to port 13. This is not particularly exciting, but the real goal here is to understand a standard daemontools/tcpserver setup complete with logging and all.

Install instructions

Prepare the installation


groupadd daytime &&
useradd -g daytime daytime &&
groupadd daytime-log &&
useradd -g daytime-log daytime-log &&
mkdir -p /etc/daytime/log &&
mkdir /var/log/daytime &&
chown daytime-log:daytime-log /var/log/daytime

We are creating seperate user and group IDs for the server and logging processes. /etc/daytime will contain the run file for the tcpserver process, /etc/daytime/log will contain the run file for the logging process. Logfiles will go to /var/log/daytime.

Create the tcpserver run file


cd /etc/daytime

cat <<"EOF" > run
#!/bin/sh

DTIME_UID=`id -u daytime`
DTIME_GID=`id -g daytime`

exec 2>&1
exec /usr/bin/tcpserver -vRHl0 -u "$DTIME_UID" -g "$DTIME_GID" \
    -x /etc/tcprules/tcp.daytime.cdb 0 13 date
EOF

chmod 0700 run

These commands create the run file for tcpserver. Most of the tcpserver command line is explained in getting started with tcpserver.

New options:


-u "$DTIME_UID" -g "$DTIME_GID"

tcpserver switches to the UID/GID of daytime after preparing to receive connections.


-x /etc/tcprules/tcp.daytime.cdb

tcpserver will accept/reject connections based on the contents of tcp.daytime.cdb.

Create the multilog run file


cd log
cat <<"EOF" > run
#!/bin/sh

exec /usr/sbin/setuidgid daytime-log /usr/sbin/multilog t /var/log/daytime
EOF
chmod 0700 run

Explanation of the multilog command line


/usr/sbin/setuidgid daytime-log

This runs the multilog program under the UID/GID of daytime-log.


/usr/sbin/multilog t /var/log/daytime

multilog logs messages to /var/log/daytime, adding a timestamp in tai64n format in front of each line.

Configure access control


mkdir /etc/tcprules &&
cd /etc/tcprules

cat <<"EOF" > tcp.daytime
127.0.0.1:allow
:deny
EOF

tcprules tcp.daytime.cdb tcp.daytime.tmp < tcp.daytime

tcp.daytime contains the access rules in plaintext. In this case, only access from localhost is allowed. The next line converts the rules into cdb format readable by tcpserver.

These access rules could also have been achieved by having tcpserver listen on 127.0.0.1 exclusively.

Start the service


ln -s /etc/daytime /service

Things fall into place now: By creating the link, svscan will find the /etc/daytime and /etc/daytime/log directories. It starts two supervise processes with a pipe between them; this is how multilog gets the logging output of tcpserver. The supervise processes start the actual run scripts.

Test the installation


pstree -p

You should see approximately this in the output:


`-svscanboot(156)-+-readproctitle(162)
                  `-svscan(161)-+-supervise(164)---tcpserver(211)
                                `-supervise(165)---multilog(213)


date@ 127.0.0.1

You should see the current date.

View the logs


tai64nlocal < /var/log/daytime/current

This command shows the logs with human readable timestamps.


联系我们:

Stefan Krah <website @ bytereef.org>

本站内容由中国分布式计算总站组织翻译。