These are the command line options for both the UNIX inetd(8)
system utility based daemon, wnd
, and the stand-alone
daemon, wnsd
.
-a numeric_uid
-- Set
trusted numeric uid for authentication
The server will only allow password authentication if one of
the options -a
, -A
, -t
, or -T
is used. Then the index.cache
file for a
password protected directory must be owned by the user id specified
with the -a
(or -t
) option. The
-a
option only affects authentication while -t
has other effects. The four
command line arguments -a
, -A
, -t
, -T
all take a numeric argument.
Thus the command should be "./wnsd -a 203
" and
not "./wnsd -a joe
" if user
"joe
" has user id "203
".
-A numeric_gid
-- Set
trusted numeric gid for authentication
This is similar to the
option except
the group owner (gid) of the -a
index.cache
file is
used instead of the uid.
-d
-- Really verbose log
When the server is run with this option it will include copies of all the client headers plus some additional information in the log file. This is only useful for debugging or if you are curious about what clients actually send.
-e
-- Forbid CGI and execs
When the server is run with this option it will not execute a CGI program, a filter
or any executable in an include. In
addition the server will reject any request with the HTML <form action="post">
method.
-E
-- Restrict CGI and execs to
trusted users
This is similar to the -e
option except that index.cache
files owned
by a trusted user id or trusted group id (set with the -t
or -T
option) are exempt from the
restrictions. That is, only programs listed in index.cache
files owned
by the trusted user or group will be executed. If neither the -t
or -T
are used then no programs,
filters or includes will be executed. This option takes precedence
over the -u
option, i.e. if
both are used execution of programs and programs behaves as if the -u
were not present (although
the -u
option still grants
permission for the serving of ordinary files).
-F
-- Run server in foreground
The server (wnsd
only) will run in the foreground
rather than the background which is the default. This is useful
for things like daemontools
.
-h hostname
-- Set
hostname
Tell the server that its name is
hostname
. This is only used for a few
things: to pass to CGI programs and
for redirects generated when a trailing '/' is omitted in a
URL path to a directory. Also if the -i
option is
not used then the server will ascertain the IP address on
which to listen for connections by using the first IP
address obtained from the UNIX gethostbyname(3)
system call with this name.
-i Listen addresses
--
Set the IP addresses and ports on which the server listens
(wnsd
only).
Tell the server to listen on a set of address/ports. Since IPv6 has multiple IP addresses for each interface, multiple address/port combinations can be specified. The format for each entry is 'address/port' where address can be a IPv4 or IPv6 address, or a name resolvable via DNS. Port can either be a port number or the port name from the /etc/services files. Entries are separated by commas and generally should be enclosed in quotes. An example:
-i '2001:a:b:c::5/80, server.org.com/http-alt, 10.0.2.3/http'
In additon, "all" may be used for the address which will then listen on all addresses for IPv4 and all non-local IPv6 addresses: example: 'all/80'.
-L logfile
-- Set
log file name
Write log information to the file logfile
. This
will override the value specified when you ran the configure
program or by setting the macro #define WN_LOGFILE
in config.h
. If the
empty string ""
is used as the value of this
option then no transaction logging will be done.
-l error_log
-- Set
error log file name
Write information about errors to the file
error_log
. This will override the value
specified when you ran the configure
program or by
setting the macro #define WN_ERRLOGFILE
in config.h
. If the
empty string ""
is used as the value of this
option then the log file given with -L
is used for errors as well
as regular transactions.
-n effective_uid
-- Set
effective user numeric id (wnsd
only)
This option only has an effect when the server is run by
root
in the stand-alone version,
i.e. wnsd
. When invoked with the -n
option and a numeric user id (not a user name) the server will change
the user id under which it runs to the specified numeric value. If
you do not use this option the user id is changed from
root
to the value you set when you ran the configure
program (this is
usually the numeric id of the user "nobody
"; the
'n
' in -n
is a mnemonic for
"nobody
") or edited #define USERID
in config.h
. The
-n
option allows you to override that default
when you run the server. In normal use this option is not necessary
and should not be used unless you have a specific need.
-N effective_gid
-- Set
effective group numeric id (wnsd
only)
This option only has an effect when the server is run by
root
in the stand-alone version, i.e. wnsd
.
This option is identical to the -n
option except it sets the
numeric group id under which the server runs rather than the user id.
-p Removed
-- Replaced
by the -i option above.
PUT, MOVE
and DELETE
methods on the server.
If this option is not used the server will reject any requests
for the HTTP methods PUT, MOVE
and DELTE.
In the directory where objects are to be PUT, the "
Put-Authorization-Module, Put-Authorization-Realm, and
Put-Authorization-Type
directives must be used.
Finally in this same directory, the "
Default-Attributes=put
" directive must be used
(or in the case of a single file the " Attributes=put
"
directive.)
-q pid_file
-- Set file
name which contains the (wnsd
) server process id.
Write the process id or "pid" of the main server process to the file
"pid_file
". This file name should be the full
path relative to the system root. If this is not set either with the
-q
option, via the configure
program, or by editing the macro #define SWN_PID_FILE
in the config.h
file
then the pid will be written to the UNIX stdout(3)
stream when the server is started.
-S
-- Use the UNIX syslogd(8)
system utility for logging (deprecated).
This option is deprecated; use the -v option
instead.
Instead of writing log messages to a file specified with -L
or in config.h
, use the
UNIX syslog(3)
facility. If #define WN_ERRLOGFILE
is set to ""
and the server is run with the
-S
option then error logging will be
handled by the syslog(3)
facility. If #define WN_ERRLOGFILE
is given a value or the -l
option is used then
errors will be logged there rather than using the UNIX syslogd(8)
system utility.
-t trusted_uid
-- Set
trusted numeric uid
When invoked with the -t
option alone
wnd
or wnsd
will not serve a document
unless the index.cache
file
listing it has the prescribed owner (uid). This numeric uid should
be that of the maintainer not the one under which wnd
or
wnsd
runs if started by root
. Indeed, for
security reasons the server will refuse to use an index.cache
file whose
owner is the uid under which the server is running, in this case. If
on your server all index.cache
files are
created by a single user or a single group this option or the -T
option are highly
recommended. This added security is weakened somewhat if you also
use the -u
option which
allows index.cache
files owned by untrusted users to permit the serving of files owned
by the same user. If both -u
and -t
are used the trusted user specified by -t
is
exempt from the restrictions imposed by the -u
argument. The four command
line arguments -a
, -A
, -t
, -T
all take a numeric argument.
Thus the command should be "./wnsd -t 203
" and
not "./wnsd -t joe
" if user
"joe
" has user id "203
".
-T trusted_gid
-- Set
trusted numeric gid
This is similar to the -t
option except the numeric group owner (gid) of the index.cache
file is
used instead of the numeric uid.
-u
-- Restrict untrusted users
When this option is invoked the server requires that every file
served (including wrappers and includes) have the same owner as the
index.cache
file
which grants it permission to be served. This means that untrusted
users can only serve files which they own. If the -t
or -T
option is used with
-u
then index.cache
files owned
by the trusted user or trusted group are exempt from this requirement
and they may grant permission to serve any file the server can read.
If the -u
and -E
options are used together
then the -E
takes precedence
for execution of CGI program, a filter and executable includes, but the -u
still
has effect for ordinary files being served.
Notice that if none of -t
,
-T
, and
-u
are used then a user with his own home page can
make a symbolic link to any file readable by the server and that
document will be served. This is true even if the linked to document
is in a directory with limited access or is
outside the server data hierarchy.
-v log_format
-- Set log
format
The legal values for this option are "nolog
",
"common
", "verbose
",
"ncsa
", "syslog
", and
"vsyslog
". The first causes no logging to take
place. The next three cause the log file to be written in
the so-called common log format, or WN's verbose
format including user agent, referrer, virtual server
nickname, and cookies, or in the NCSA extended format which
includes referrer and user agent. The last two cause
logging to be done by the syslogd(8)
daemon and in the case of vsyslog
to include
the information in the verbose
format.
Each base log type may be optionally followed by a colon and
either nodns
or revdns.
If neither
of these is present then the default server action is to do
a DNS lookup on the client's IP address to obtain the
hostname of the client for logging purposes. If the
:revdns
extension is present the server will
additionally do a reverse DNS lookup on this name as a check
against name spoofing. If the :nodns
extension
is present the server will do no DNS lookup and will use the
IP address in the log instead of the host name. For example
the option "-v verbose:nodns
" indicates that
the server should use the verbose
log format,
but should use IP addresses rather than host names in log
entries. Obviously, use of :nodns
is more
efficient and :revdns
is less efficient than
the default.
The default can be set with #define VERBOSELOG
macro in config.h
.
-V virtual_host_file
--
Set file name which contains the list of virtual hosts
The file "virtual_host_file
" should be the name
of the file containing the list of "virtual hosts" and their
corresponding IP numbers and root directories. The format of this
file is one line per virtual host. Each such line should have the
form:
hostname IP_address root_path
with the three parts separated by white space. For example an entry might be:
myhost.school.edu 111.222.333.444 /var/wn
In particular the hostname should be the fully qualified domain name.
Lines in this file which are empty or start with '#
' are
ignored.
If the virtual host file is changed you will need to restart the server for the change to take effect.