From: ke.han <ke...@re...> - 2005-12-09 04:42:44
|
I have had success using yaws on Linux. Now, I'm using it on freeBSD 6. Mostly it works fine (except for the switching user name option). I would like to know the best way to start yaws at system boot. The freeBSD handbook recommends I use the rcNG startup methods and would therefore have a yaws_enabled = "YES" line in /etc/rc.conf. I would like to follow this but am new to it and would appreciate if someone can send me their proven yaws startup script. It would also be good to include this in a future yaws port. I know yaws uses internal mechanisms for starting and stopping and yaws knows where its pid is located. The rcNG startup scripts specify the pid in the script. Is this something I need to take into account? thanks ke han |
From: Claes W. <kl...@ta...> - 2005-12-09 08:48:15
|
ke.han wrote: > I have had success using yaws on Linux. Now, I'm using it on freeBSD 6. > Mostly it works fine (except for the switching user name option). > I would like to know the best way to start yaws at system boot. > The freeBSD handbook recommends I use the rcNG startup methods and would > therefore have a yaws_enabled = "YES" line in /etc/rc.conf. I would > like to follow this but am new to it and would appreciate if someone can > send me their proven yaws startup script. It would also be good to > include this in a future yaws port. > I know yaws uses internal mechanisms for starting and stopping and yaws > knows where its pid is located. The rcNG startup scripts specify the > pid in the script. Is this something I need to take into account? It would make a lot of sense to include a proper startup script for BSD in the yaws distro. I would need help with his and if someone has a proper script, I'd appreciate to have it. Also - yaws controls the shutdown of the server, not through the pid to yaws but rather through a socket to the system. Each Yaws node has the following characteristics, it runs under a username and also possibly with a certain "id" When Yaws start, it will listen on socket on the loopback if and write the portnumber into the file /tmp/yaws/${id}/ctl To shutdown Yaws, we call # yaws -s which will read the ctl file, connect to that portnumber and send a "stop" message on the socket. This scheme makes it possible to run and control multiple yaws nodes on the same box. The directory /tmp/yaws/${id} will be owned by user that runs the Yaws node. /klacke -- Claes Wikstrom -- Caps lock is nowhere and http://www.tail-f.com -- everything is under control cellphone: +46 70 2097763 |
From: Fredrik T. <ft...@it...> - 2005-12-13 13:18:50
|
On Friday 09 December 2005 09.45, Claes Wikstrom wrote: ... > To shutdown Yaws, we call > > # yaws -s > > which will read the ctl file, connect to that portnumber > and send a "stop" message on the socket. > > This scheme makes it possible to run and control multiple > yaws nodes on the same box. > The directory /tmp/yaws/${id} will be owned by user that > runs the Yaws node. I've been casually wondering about this. I don't run Yaws on any real multi user boxes, so it hasn't been a real concern for me (yet) but is the port number the only thing you need to know to shut Yaws down, if you can log into a box (to be able to reach ports only listening on 127.0.0.1)? The port number of other users Yaws instances can be easily figured out, so I think there ought to be some secret stored in the /tmp/yaws/$id file besides the port number, to make sure the user invoking 'yaws -s' really could read that file. Is there some kind of additional security here that I've missed, or is Yaws simply not meant to be used in multi user environments? /Fredrik |
From: Claes W. <kl...@ta...> - 2005-12-13 19:58:54
|
Fredrik Thulin wrote: > On Friday 09 December 2005 09.45, Claes Wikstrom wrote: > ... > >>To shutdown Yaws, we call >> >># yaws -s >> >>which will read the ctl file, connect to that portnumber >>and send a "stop" message on the socket. >> >>This scheme makes it possible to run and control multiple >>yaws nodes on the same box. >>The directory /tmp/yaws/${id} will be owned by user that >>runs the Yaws node. > > > I've been casually wondering about this. I don't run Yaws on any real > multi user boxes, so it hasn't been a real concern for me (yet) but is > the port number the only thing you need to know to shut Yaws down, if > you can log into a box (to be able to reach ports only listening on > 127.0.0.1)? > > The port number of other users Yaws instances can be easily figured out, > so I think there ought to be some secret stored in the /tmp/yaws/$id > file besides the port number, to make sure the user invoking 'yaws -s' > really could read that file. Is there some kind of additional security > here that I've missed, or is Yaws simply not meant to be used in multi > user environments? > In it's current shape, it's ment to be used (and is used) in friendly multiuser environments. That said, the scheme with file in /tmp/yaws should possibly be replaced with a scheme with files in $HOME/.yaws instead. The id thing is still good though when we want to run multiple yaws'es under the same uid. If, we're concerned with different users shutting down other users yaws nodes, it's a simple matter of manually creating the dir /tmp/myid, give it the right ownership and then the right perms bits - and problem solved. (Need to this before yaws is started) /klacke |
From: Fredrik T. <ft...@it...> - 2005-12-14 05:54:45
|
On Tuesday 13 December 2005 20.58, Claes Wikstrom wrote: ... > In it's current shape, it's ment to be used (and is used) > in friendly multiuser environments. Ok, noted. ... > If, we're concerned with different users shutting down other > users yaws nodes, it's a simple matter of manually creating the > dir /tmp/myid, give it the right ownership and then the right > perms bits - and problem solved. (Need to this before yaws is > started) What prevents me from connecting to all listening ports on 127.0.0.1 and sending a 'stop if you're a Yaws server' command? I don't need read permissions to other peoples /tmp/yaws/myid/ctl files since there is a very limited range of possible port numbers. /Fredrik |
From: Claes W. <kl...@ta...> - 2005-12-14 08:33:48
|
Fredrik Thulin wrote: > > What prevents me from connecting to all listening ports on 127.0.0.1 and > sending a 'stop if you're a Yaws server' command? I don't need read > permissions to other peoples /tmp/yaws/myid/ctl files since there is a > very limited range of possible port numbers. > Nothing ... actually. So you are right, Yaws needs a friendly environment. The situation is fixable though if someone needs it. One easy solution would be to R = read_port_no(), Cookie = read($HOME/.erlang.cookie), Sock = cnct(R), write(Sock, ["stop", Cookie]) .. sortof. Actually, this is a good idea, even in a friendly environment. /klacke -- Claes Wikstrom -- Caps lock is nowhere and http://www.tail-f.com -- everything is under control cellphone: +46 70 2097763 |
From: Sebastian S. <se...@st...> - 2006-02-08 11:40:39
|
"ke.han" <ke...@re...> writes: > I have had success using yaws on Linux. Now, I'm using it on freeBSD > 6. Mostly it works fine (except for the switching user name option). Btw, I just fixed that problem (the one which caused the printout =ERROR REPORT==== 8-Dec-2005::22:20:22 === Bad username "yaws" cannot get numeric uid in the logs). It was a missing setpwent() in the setuid_drv, checked into cvs. (However I guess it will be moot if we start using fdsrv instead:-) As for running on FreeBSD, I sure am - both running Yaws on a plain FreeBSD box, in a chroot environment and in a jail. I'll collect my scripts that sets this up, any day now:-) Cheers, /Sebastian |