# A simplistic and secure Gopher server

**Khan** is a gopher server supporting chroot meant to be run on
inetd.

**Khan** design is relying on inetd, the idea is to delegate the
network to a daemon which proved doing it correctly, so khan takes
its request from stdin and outputs the result to stdout. This
also makes it very easy to write tests for it.

**Khan** is perfectly secure if run on **OpenBSD**, using `unveil()`
the filesystem access is restricted to one directory (default to
`/var/gopher/`) and with `pledge()` only systems calls related to
reading files and reading input/output are allowed.

In addition, it's possible to run khan into a chroot and drop
privileges to a dedicated user on every system on which **Khan**
compiles.


# Installing

For some systems, the library `libsd` may be required.

```
git clone https://tildegit.org/solene/khan.git
cd khan
make
sudo make install
```

# Running tests

**Khan** comes with a test suite you can use with `make test`.


# Command line parameters

**Khan**  has a few parameters you can use in inetd configuration.

- `-d PATH`: use `PATH` as the data directory to serve files from. Default is `/var/gopher`
- `-u username`: enable chroot to the data directory and drop privileges to `username`.


# How to configure Khan using inetd

Create directory `/var/gopher/`, files will be served from there,
or use `-d` parameter to choose another path.

Add this line to inetd.conf:

```
70 stream tcp nowait gopher_user /usr/local/bin/khan khan
```

On OpenBSD, enable and start inetd:
```
# rcctl enable inetd
# rcctl start inetd
```

# References

**Khan** is based on [Vger source code](https://tildegit.org/solene/vger).
I didn't want to add a lot of conditionals instructions to make
**Vger** support both gemini and gopher protocol.