solene
/
khan
2
2
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
khan/README.md

67 lines
1.8 KiB
Markdown
Raw Permalink Blame History

# A simplistic and secure Gopher server
**Khan** is a gopher server supporting chroot meant to be run on
inetd.
**Khan** design is relying on inetd, the idea is to delegate the
network to a daemon which proved doing it correctly, so khan takes
its request from stdin and outputs the result to stdout. This
also makes it very easy to write tests for it.
**Khan** is perfectly secure if run on **OpenBSD**, using `unveil()`
the filesystem access is restricted to one directory (default to
`/var/gopher/`) and with `pledge()` only systems calls related to
reading files and reading input/output are allowed.
In addition, it's possible to run khan into a chroot and drop
privileges to a dedicated user on every system on which **Khan**
compiles.
# Installing
For some systems, the library `libsd` may be required.
```
git clone https://tildegit.org/solene/khan.git
cd khan
make
sudo make install
```
# Running tests
**Khan** comes with a test suite you can use with `make test`.
# Command line parameters
**Khan** has a few parameters you can use in inetd configuration.
- `-d PATH`: use `PATH` as the data directory to serve files from. Default is `/var/gopher`
- `-u username`: enable chroot to the data directory and drop privileges to `username`.
# How to configure Khan using inetd
Create directory `/var/gopher/`, files will be served from there,
or use `-d` parameter to choose another path.
Add this line to inetd.conf:
```
70 stream tcp nowait gopher_user /usr/local/bin/khan khan
```
On OpenBSD, enable and start inetd:
```
# rcctl enable inetd
# rcctl start inetd
```
# References
**Khan** is based on [Vger source code](https://tildegit.org/solene/vger).
I didn't want to add a lot of conditionals instructions to make
**Vger** support both gemini and gopher protocol.
Reference in New Issue View Git Blame Copy Permalink