Узбекистан, Бухара, Бухарский институт высоких технологий, 2013 |
Basic network access: servers
In the previous chapter, we saw how to use clients to access other systems. This is only half the picture, of course. At the other end of the link, we need servers to provide this service. For each client, there is a server (a daemon) whose name is usually derived from the client name by adding a d to it:
Client | Server |
---|---|
ssh | sshd |
telnet | telnetd |
sftp | sftp-server |
ftp | ftpd |
rsync | rsyncd |
(browser) | httpd |
(NFS) | nfsd |
In addition to these servers, we look at a few others in other chapters:
- We've already looked at Xservers briefly in "Тaking control" , Taking control, and we'll see more in "XFree86 in depth" , XFree86 in depth.
- "The Domain Name Service" discussed DNS name servers.
- "Electronic mail: servers" discusses Mail Transport Agents or MTAs, also referred to as mail servers.
Some servers don’t need any configuration, and about all you need to do is to start them. Others, like web servers, can be very complicated. None of the complication is related to FreeBSD. For example, the issues involved in configuring apache are the same whether you run it with FreeBSD, NetBSD, Linux or Solaris. There are several good books, each at least the size of this one, on the detailed setup of some of these servers. In this chapter we'll look at how to get the servers up and running in a basic configuration, and where to turn for more information.
Running servers from inetd
If you look at /etc/services, you'll find that there are over 800 services available, most of which are only supported on a small number of machines. It's not always the best idea to start up a daemon for every possible service you may want to offer. IP supplies an alternative: inetd, the Internet daemon, sometimes called a super-server, which listens on multiple ports. When a request arrives on a specific port, inetd starts a daemon specific to the port. For example, FreeBSD supports anonymous ftp, but most people don't receive enough requests to warrant having the ftp daemon, ftpd, running all the time. Instead, inetd starts an ftpd when a request comes in on port 21.
At startup, inetd reads a configuration file /etc/inetd.conf to determine which ports to monitor and what to do when a message comes in. Here's an excerpt:
#$FreeBSD: src/etc/inetd.conf,v 1.58 2002/08/09 17:34:13 gordon Exp $ # #Internet server configuration database # #ftp stream tcp nowait root /usr/libexec/lukemftpd ftpd -l -r #ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l #ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l #telnet stream tcp nowait root /usr/libexec/telnetd telnetd #telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd #shell stream tcp nowait root /usr/libexec/rshd rshd #shell stream tcp6 nowait root /usr/libexec/rshd rshd #login stream tcp nowait root /usr/libexec/rlogind rlogind #login stream tcp6 nowait root /usr/libexec/rlogind rlogind #exec stream tcp nowait root /usr/libexec/rexecd rexecd #shell stream tcp6 nowait root /usr/libexec/rshd rshd
This file has the following format:
- • The first column is the service on which inetd should listen. If it starts with a # sign, it's a comment, and inetd ignores it. You'll note in this example that all the listed services have been commented out. Unless you run the daemon independently of inetd, a request for one of these services will be rejected with the message:
Unable to connect to remote host: Connection refused
- The next three columns determine the nature of the connection, the protocol to use, and whether inetd should wait for the process to complete before listening for new connections. In the example, all the services are TCP, but there are entries both for tcp (the normal TCP protocol for IP Version 4) and tcp6 (the same service for IP Version 6).
- The next column specifies the user as which the function should be performed.
- The next column is the full pathname of the program (almost always a daemon) to start when a message comes in. Alternatively, it might be the keyword internal, which specifies that inetd should perform the function itself.
- All remaining columns are the parameters to be passed to the daemon.
Older versions of UNIX ran inetd as part of the startup procedure. That isn't always necessary, of course, and for security reasons the default installation of FreeBSD no longer starts it. You can change that by adding the following line to your /etc/rc.conf:
inetd_enable="YES" # Run the network daemon dispatcher (YES/NO).
To enable services in /etc/inetd.conf, it may be enough to remove the comment from the corresponding line. This applies for most the services in the example above. In some cases, though, you may have to perform additional steps. For example, lukemftpd, an alternative ftpd, and nntpd, the Network News Transfer Protocol, are not part of FreeBSD: they're in the Ports Collection. Also, nntpd is intended to run as user use net, which is not in the base system.
The other daemons are not mentioned in /etc/inetd.conf:
The preferred way to run sshd is at system startup. As we'll see, the startup is quite slow, so it's not a good idea to run it from /etc/inetd.conf though it is possible—see the man page if you really want to.
sftp-server is the server for sftp. It gets started from sshd.
httpd, the Apache Web Server, also has quite a long startup phase that makes it impractical to start it from /etc/inetd.conf. Note also that httpd requires a configuration file. We'll look at that on page 455.
By contrast, it's perfectly possible to start rsyncd from inetd. It's not included in the standard /etc/inetd.conf file because it's a port. Yes, so are lukemftpd and nntpd. It's just a little inconsistent. This is the line you need to put in /etc/inetd.conf to start rsyncd.
rsync stream tcp nowait root /usr/local/bin/rsync rsync –daemon
The name rsync is not a typo. rsync and rsyncd are the same thing; it's the --daemon option that makes rsync run as a daemon.
inetd doesn't notice alterations to /etc/inetd.conf automatically. After modifying the file, you must send it a SIGHUP signal:
# killall -HUP inetd
You can write -1 instead of -HUP. This causes inetd to re-read /etc/inetd.conf.
Instead of starting daemons via inetd, you can start them at boot time. inetd is convenient for servers that don't get run very often, but if you make frequent connections, you can save overhead by running the servers continuously. On the other hand, it's not practical to start rshd, rlogind, rexecd or telnetd at boot time: they're designed to be started once for each session, and they exit after the first connection closes. We'll look at starting the other daemons in the following sections, along with their configuration.
Configuring ftpd
Normally you'll run ftpd from inetd, as we saw above. If you want to run it directly, perform the following steps:
- Add the following line in /etc/rc.local:
echo -n 'starting local daemons:' #put your local stuff here echo " ftpd" && ftpd -D
The option -D tells ftpd to run as a daemon. You will possibly want other options as well; see the discussion below.
- Comment out the ftp line in /etc/inetd.conf by adding a hash mark (#) in front of it:
# ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
- Either reboot, or cause inetd to re-read its configuration file:
# killall -1 inetd send a SIGHUP
If you don't perform this step, inetd keeps the ftp port open, and ftpd can't run.
For security reasons, you will probably want to add options such as logging and anonymous ftp. We'll look at how to do that in the next two sections.