X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv.git;a=blobdiff_plain;f=INSTALL;h=681b61d3ceb6eb7c82d66d4e490ef73d4bf03371;hp=baf762f9d8e797449bde81be112f698a83bbbd43;hb=26f06c01c4cb357d9e4fb6d0cd0386e70f7e6b6e;hpb=db59ee1476515a65cfcca10a3059d8ccb2d24d32 diff --git a/INSTALL b/INSTALL index baf762f..681b61d 100644 --- a/INSTALL +++ b/INSTALL @@ -12,15 +12,18 @@ SYSTEM REQUIREMENTS: Programs: -* md5sum (Colin Plumb's or the GNU version) -* GNU m4 +* md5sum (GNU textutils; alternatively, Colin Plumb's, as shipped with + Debian in the `dpkg' package) - used during build only +* GNU m4 [fixme: should ship the output] * GNU make -* GNU flex +* GNU flex [fixme: should ship the output] * GCC is preferred but other compilers ought to work (though no portability testing has yet been done). ANSI C only. ints must be at least 32 bits. -* A sensible /bin/cat which notices write errors (ie not - SunOS4, BSD 4.3, or many others.) +* A sensible `cat' which notices write errors (ie not SunOS4, BSD 4.3, + or many others. GNU textutils has one. NB that this `cat' is used + at runtime and must be first on the system default PATH, so probably + in /bin.) C Library: @@ -55,8 +58,9 @@ System interfaces: open(O_WRONLY), close(), dup2, EPIPE, SIGPIPE, &c. (ie, opening pipes with O_RDWR never blocks; EPIPE happens if you write with no readers; EOF happens if you read with - no buffered data and writers) + no buffered data and writers); * POSIX signal handling - sigaction(2), sigprocmask(2), sigsuspend(2); +* POSIX sessions - setsid(2) (for -daemon flag). To format the documentation: @@ -68,6 +72,109 @@ For debugging version (./configure --enable-debug): * initgroups(3) must use setgroups(2) and dynamic linking must allow overriding setgroups(2) for initgroups(3); +DAEMON INVOCATION: + +The daemon can be invoked with no arguments, in which case it will not +fork or detach itself. This is suitable for running from init and +similar arrangements. + +With -daemon it will attempt to detach itself from the controlling +terminal and fork/exit so that control returns at startup. + +In both cases diagnostics which prevent correct startup will appear on +stderr. + +SYSLOG MESSAGES: + +The daemon issues diagnostics of various kinds to syslog, usually with +facility LOG_DAEMON (though this can be changed in daemon.h if you want). +The syslog levels used are: + debug - verbose messages about the activity of the userv daemon. + info - two log message about the nature and outcome of each request. + notice - messages about the status of the daemon, including the + startup message and the hourly socket check messages. + warning - if the uservd exits because it believes that it no longer + controls the rendezvous socket (ie, its socket has become + orphaned), this level will receive messages indicating why + the daemon believes this and notifying of its shutdown. + err - a believed-recoverable error condition was detected by the + userv server in itself, the client or the operating system + (this includes resource shortages). The uservd will try to + continue. + crit - the uservd detected a non-recoverable error condition + after startup and will exit. + alert - not used. + emerg - not used. + +The service configuration language has the facility to direct error +and warning messages to syslog. The default facility and level is +user.err, but the author of the configuration file(s) can override +this. + +DAEMON EXIT STATUS: + +The daemon's exit code will reflect how well things went: + + 0 - The daemon was asked to detach itself from the controlling + terminal and this appears to have been done successfully. + 1* - The daemon got a SIGTERM or SIGINT and shut itself down. + 2* - The daemon believes that it was no longer the uservd and so has + exited to clean itself up. + 3 - uservd was started with incorrect arguments. + 4 - A system call failure or other environmental problem occurred + during startup. + 5* - There was a non-recoverable error after startup; the uservd had + to exit. + 6 - The daemon was asked to detach itself, but its detaching child + died for some unexpected reason. + + SIGABRT/SIGIOT* - an unexpected internal error, usually caused by a + bug in uservd. This can also occur if an attempt to block signals + using sigprocmask fails. + +Outcomes marked * are not possible if the daemon is asked to detach +itself - these exit statuses will be reaped by init instead. + +The daemon's per-request children will note the success level of its +request in its exit status. This will not usually be logged unless it +is higher than those listed below; they are presented here for +completeness and as programming documentation. + + 2 - The connection was just an internal version check. + + 4 - The client requested that the service be disconnected. This + includes normal termination, which is achieved by having the + server tell the client that the service has completed and waiting + for the client to tell it to disconnect. + + 8 - The client closed its end of the socket when this would not + usually have been expected, causing an EPIPE or unexpected EOF in + the server. This is not an error condition - it can happen, for + example, if the client receives a fatal signal of some kind from + its execution environment (eg its controlling terminal). + + 10 - The per-request child wishes the server to check whether it is + still the uservd. + + 12 - The service failed onm the service side in an expected and + controlled manner, for example because it was rejected in the + configuration files. + + 16 - A fatal system call failure or other general error occurred, + which ought not to have happened at all, barring system resource + shortages. + + 20 - The client sent invalid data to the server, after the client + dropped all its system privilege. On some systems this can be + caused by a malicious calling user. + + SIGABRT/SIGIOT - The client sent invalid data to the server before it + dropped all its system privileges, or some other unexpected + internal error occurred. This can also occur if an attempt to + block signals using sigprocmask fails. + + 0-3,5-7,9,11,13-15,17-19 are not currently used by normal children. + REENTRANCY IN THE LIBC: We assume, both in the client and server, that it is safe to use one @@ -84,3 +191,61 @@ malloc, unless stdio makes gratuitous mallocs). openlog will already have been called (but syslog will not necessarily have been called). We assume that strerror is completely reentrant. + +PROBLEMS + +* `function declaration isn't a prototype' + + One some systems (at least some versions of NetBSD, for example), + the SIG_IGN and SIG_DFL macros contain function declarations (as part + of a typecast, presumably) which are not prototypes. The warning + options that are used by default if the configure script detects that + you're using a good GCC then cause the compilation to fail. You must + use + make CFLAGS=-O2 + instead of just `make', thus suppressing warnings. + + The bug is actually in your system header files, for not specifying + the number and types of arguments to signal handler functions when + they cast in the SIG_IGN and SIG_DFL macros. + +DEBUGGING VERSION + +If you run configure with --enable-debug, a debugging version will be +built. This will look in the current directory (the build directory) +for the base of various things, including the IPC area (which you must +therefore construct yourself). The debugging version will produce +extra output at various points. It will not attempt to call +setgroups(), instead just checking that the groups list is right, so +it will work non-setuid if the daemon is invoked as the service user. +The daemon won't fork for each request; instead, it will handle a +single request and exit. + +There may be other changes. Consult the code for details. Making the +debugging version of the client or daemon setuid root is probably a +bad idea. They may not work if they are run as different users. + + +COPYRIGHT + +This file, INSTALL, contains installation instructions and other +details for userv. + +userv is +Copyright (C)1996-2000 Ian Jackson . +Copyright (C)2000 Ben Harris + +userv is free software; you can redistribute it and/or modify it under +the terms of the GNU General Public License as published by the Free +Software Foundation; either version 2 of the License, or (at your +option) any later version. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with userv as the file COPYING; if not, email me at the address +above or write to the Free Software Foundation, 59 Temple Place - +Suite 330, Boston, MA 02111-1307, USA.