[sslh] Foreground mode.
Seblu
ml at seblu.net
Mon Apr 16 11:17:06 CEST 2012
On Mon, Apr 16, 2012 at 8:34 AM, Yves Rutschle <yves at naryves.com> wrote:
> On Mon, Apr 16, 2012 at 01:05:30AM +0200, Seblu wrote:
>> 1) the following command fail.
>> # /usr/sbin/sslh --foreground -p 192.168.241.2:44 --ssh 127.0.0.1:22
>> -u root
>> setsid: already process leader: Operation not permitted
>
> I guess somehow Archlinux has already made sslh a session leader. That sounds a
> little weird to me, but I don't fully understand the whole session business.
> You can try simply removing the check after setsid(), it should work:
Not arch related. Same issue on debian. When starting at foreground
with user root from a shell we have this message each time.
# cat /etc/debian_version
wheezy/sid
# sslh --foreground -p 0.0.0.0:444 --user root --ssh 127.0.0.1:22
setsid: already process leader: Operation not permitted
I think you should not call setsid when you are not in daemon mode.
>> 2) Running with --foreground still try to write a pidfile.
>> # /usr/sbin/sslh --foreground -p 192.168.241.2:44 --ssh 127.0.0.1:22
>> /var/run/sslh.pid: Permission denied
>
> Maybe you have a /var/run/sslh.pid owned by root? The last version of sslh
> turns into specified user (or 'nobody') *before* writing to the PID file, so it
> fails if one already exists from the previous version.
No previous file is here. /run (or its symlink /var/run) is not a
world writable directory. So nobody user cannot write in this
directory.
archibal ~ 1 # sslh -p 0.0.0.0:444 --ssh 127.0.0.1:22
/var/run/sslh.pid: Permission denied
archibal ~ # ll /var/run/sslh.pid
ls: cannot access /var/run/sslh.pid: No such file or directory
archibal ~ 2 # ll -d /var/run
drwxr-xr-x 18 root root 500 2012-04-16 01:14 /var/run
>
> That said, you're right there is little point writing a PID file at all when in
> foreground, I'll make a patch for that.
Thanks!
>
>> 3) There is no way of disabling log files except with inetd mode.
>
> Logs go to syslog, which is where you should disable them.
I'm wrong with inetd mode and logging.
As foreground mode send log into syslog (which is systemd logger) and
write its output to stderr (which is used by systemd logger), there is
a kind of weird redundancy with systemd.
>
> Now I am a little curious about the root of your questions:
Path from root is simple.
1) I would add a service file to start sslh
2) I'm looking for a foreground mode, as systemd discourage using daemon mode
3) Pid is still wrote with foreground. Rights issue on /run directory
(as in daemon mode), but pid file is useless with systemd.
4) I try to run it as root, to confirm right issue and i get an setsid error.
>
>> Trying to make a service file for sslh for archlinux, i see the
>> following issues.
>
> Are archlinux services expected to run in the foreground, create no PID file
> nor log messages? That seems a little un-service-like to me.
There is both way of running service. sysvinit and systemd [1]. By
service file, i mean systemd service file.
Systemd doesn't need syslog and daemon to have proper logging and
service running continuously.
[1] http://0pointer.de/blog/projects/systemd.html
--
Sébastien Luttringer
www.seblu.net
More information about the sslh
mailing list