67 lines
1.8 KiB
Markdown
67 lines
1.8 KiB
Markdown
# A simplistic and secure Gopher server
|
|
|
|
**Khan** is a gopher server supporting chroot meant to be run on
|
|
inetd.
|
|
|
|
**Khan** design is relying on inetd, the idea is to delegate the
|
|
network to a daemon which proved doing it correctly, so khan takes
|
|
its request from stdin and outputs the result to stdout. This
|
|
also makes it very easy to write tests for it.
|
|
|
|
**Khan** is perfectly secure if run on **OpenBSD**, using `unveil()`
|
|
the filesystem access is restricted to one directory (default to
|
|
`/var/gopher/`) and with `pledge()` only systems calls related to
|
|
reading files and reading input/output are allowed.
|
|
|
|
In addition, it's possible to run khan into a chroot and drop
|
|
privileges to a dedicated user on every system on which **Khan**
|
|
compiles.
|
|
|
|
|
|
# Installing
|
|
|
|
For some systems, the library `libsd` may be required.
|
|
|
|
```
|
|
git clone https://tildegit.org/solene/khan.git
|
|
cd khan
|
|
make
|
|
sudo make install
|
|
```
|
|
|
|
# Running tests
|
|
|
|
**Khan** comes with a test suite you can use with `make test`.
|
|
|
|
|
|
# Command line parameters
|
|
|
|
**Khan** has a few parameters you can use in inetd configuration.
|
|
|
|
- `-d PATH`: use `PATH` as the data directory to serve files from. Default is `/var/gopher`
|
|
- `-u username`: enable chroot to the data directory and drop privileges to `username`.
|
|
|
|
|
|
# How to configure Khan using inetd
|
|
|
|
Create directory `/var/gopher/`, files will be served from there,
|
|
or use `-d` parameter to choose another path.
|
|
|
|
Add this line to inetd.conf:
|
|
|
|
```
|
|
70 stream tcp nowait gopher_user /usr/local/bin/khan khan
|
|
```
|
|
|
|
On OpenBSD, enable and start inetd:
|
|
```
|
|
# rcctl enable inetd
|
|
# rcctl start inetd
|
|
```
|
|
|
|
# References
|
|
|
|
**Khan** is based on [Vger source code](https://tildegit.org/solene/vger).
|
|
I didn't want to add a lot of conditionals instructions to make
|
|
**Vger** support both gemini and gopher protocol.
|