[Previous] [Next] [Up] [Top] [Search] [Index]
Appendix A.1: WN command line options
- -a numeric_uid -- Set trusted numeric uid for
authentication
-
The server will only allow
password authentication if one of the options -a, -A,
-t, or -T is used. Then the index.cache
file for a password protected directory must be owned by
the user id specified with the -a (or -t) option. The -a
option only affects authentication while -t has other effects.
The four command line arguments -a, -A, -t, -T all take a
numeric argument. Thus the command should be "./swn -a 203"
and not "./swn -a joe" if user joe has user id 203.
- -A numeric_gid -- Set trusted numeric gid for authentication
-
This is similar to the -a option except the group owner (gid) of the
index.cache file is used instead of the uid.
- -d -- Really verbose log
-
When the server is run with this option it will include
copies of all the client headers plus some additional
information in the log file. This is only useful for
debugging or if you are curious about what clients actually
send.
- -e -- Forbid CGI and execs
-
When the server is run with this option it will not execute
a CGI script, a filter or any executable in an include.
In addition the server will reject any request with the POST
method.
- -E -- Restrict CGI and execs to trusted users
-
This is similar to the -e option except that index.cache files
owned by a trusted user id or trusted group id (set with the -t
or -T option) are exempt from the restrictions. That is, only
scripts listed in index.cache files owned by the trusted user
or group will be executed. If neither the -t or -T are used then
no scripts, filters or includes will be executed. This option
takes precedence over the -u option, i.e. if both are used
execution of scripts and programs behaves as if the -u were not
present (although the -u option still grants permission for the
serving of ordinary files).
- -h hostname -- Set hostname
-
Tell the server that its name is hostname. This is only
used for two things: to pass to CGI scripts and for redirects
generated when a trailing '/' is omitted in a URL path to a
directory. It is a shame browsers can't handle relative URL
redirects!
- -L logfile -- Set logfile name
-
Write log information to the file logfile. This will
override the value specified when you ran the configure script.
If the empty string "" is used as the value of this option then
no transaction logging will be done.
- -l error_log -- Set error logfile name
-
Write information about errors to the file err_log.
This will override the value specified when you ran the configure script.
If the empty string "" is used as the value of this option then
the logfile given with -L is used for errors as well as regular
transactions.
- -p port -- Set the port (swn only)
-
Running the command "swn -p 8080" will run the server on port
8080 rather than the default which is normally 80 but can be
set in config.h. If a value less than or equal to 1024 is used
then the server must be run by root (it will change its permissions
after opening the port). This option is only used by swn since when
wn is run under inetd, the port is determined by the setting in
/etc/services.
- -q pid_file -- Set file name which
contains the (swn) server process id.
-
Write the process id or "pid" of the main server process to
the file "pid_file". This file name should be the full path
relative to the system root. If this is not set either with
the -q option or via the configure script then the pid will be
written to standard output when the server is started.
- -S -- Use the UNIX syslog logging facility
-
Instead of writing log messages to a file specified with -L
or in config.h, use the UNIX syslog(3) facility.
If WN_ERRORLOGFILE is set to "" and the server is run with
the -S option then error logging will be handled by the syslog
facility. If WN_ERRORLOGFILE is given a value or the -l option
is used then errors will be logged there rather than using the
syslog facility.
- -t trusted_uid -- Set trusted numeric uid
-
When invoked with the -t option alone wn or swn will
not serve a document unless the index.cache file listing it has the
prescribed owner (uid). This numeric uid should be that of the
maintainer not the one under which wn or swn runs if started
by root. Indeed, for security reasons the server will refuse to use
an index.cache file whose owner is the uid under which the
server is running, in this case. If on your
server all index.cache files are created by a single user or a single
group this option or the -T option are highly recommended. This added
security is weakened somewhat if you also use the -u
option which allows index.cache files owned by untrusted users to
permit the serving of files owned by the same user. If both -u and
-t are used the trusted user specified by -t is exempt from the
restrictions imposed by the -u argument.
The four command line arguments -a, -A, -t, -T all take a
numeric argument. Thus the command should be "./swn -t 203"
and not "./swn -t joe" if user joe has user id 203.
- -T trusted_gid -- Set trusted numeric gid
-
This is similar to the -t option except the numeric group owner (gid) of
the index.cache file is used instead of the numeric uid.
- -u -- Restrict untrusted users
-
When this option is invoked the server requires that every file served
(including wrappers and includes) have the same owner as the
index.cache file which grants it permission to be served. This means
that untrusted users can only serve files which they own. If the -t
or -T option (described above) is used with -u then
index.cache files owned by the trusted user or trusted group are
exempt from this requirement and they may grant permission to serve
any file the server can read. If the -u and -E options are used
together then the -E takes precedence for execution of CGI scripts,
filters and executable includes, but the -u still has effect for
ordinary files being served.
Notice that if none of -t, -T, and -u are used then a user with
his own homepage can make a symbolic link to any file readable by the
server and that document will be served. This is true even if the
linked to document is in a directory with
limited access or is outside the server data
hierarchy.
- -v log_format -- Set log format
-
The legal values for this option are "common", "verbose",
and "ncsa". They cause the logfile to be written in the
so-called common log format, or WN's verbose format including
user agent, referrer and cookies, or in the NCSA extended
format which includes referrer and user agent.
- -V virtual_host_file -- Set file name which
contains the list of virtual hosts and their root directories
-
The file "virtual_host_file" should be the name of the file
containing the list of "virtual hosts" and their corresponding
IP numbers and root directories. The format of this file is one
line per virtual host. Each such line should have the form
hostname IP_address root_path
with the three parts separated by white space. For example an
entry might be
myhost.school.edu 111.222.333.444 /usr/local/wn
In particular the hostname should be the fully qualified domain
name. Lines in this file which are empty or start with '#' are
ignored.
If the virtual host file is changed you will need to restart
the server for the change to take effect.
John Franks <john@math.nwu.edu>
[Previous] [Next] [Up] [Top] [Search] [Index]