Command Line Options for the WN Server

These are the command line options for both the UNIX inetd(8) system utility based daemon, wnd, and the stand-alone daemon, wnsd.

-a numeric_uid -- Set trusted numeric uid for authentication

The server will only allow password authentication if one of the options -a, -A, -t, or -T is used. Then the index.cache file for a password protected directory must be owned by the user id specified with the -a (or -t) option. The -a option only affects authentication while -t has other effects. The four command line arguments -a, -A, -t, -T all take a numeric argument. Thus the command should be "./wnsd -a 203" and not "./wnsd -a joe" if user "joe" has user id "203".

-A numeric_gid -- Set trusted numeric gid for authentication

This is similar to the -a option except the group owner (gid) of the index.cache file is used instead of the uid.

-d -- Really verbose log

When the server is run with this option it will include copies of all the client headers plus some additional information in the log file. This is only useful for debugging or if you are curious about what clients actually send.

-e -- Forbid CGI and execs

When the server is run with this option it will not execute a CGI program, a filter or any executable in an include. In addition the server will reject any request with the HTML <form action="post"> method.

-E -- Restrict CGI and execs to trusted users

This is similar to the -e option except that index.cache files owned by a trusted user id or trusted group id (set with the -t or -T option) are exempt from the restrictions. That is, only programs listed in index.cache files owned by the trusted user or group will be executed. If neither the -t or -T are used then no programs, filters or includes will be executed. This option takes precedence over the -u option, i.e. if both are used execution of programs and programs behaves as if the -u were not present (although the -u option still grants permission for the serving of ordinary files).

-h hostname -- Set hostname

Tell the server that its name is hostname. This is only used for two things: to pass to CGI programs and for redirects generated when a trailing '/' is omitted in a URL path to a directory. It is a shame browsers can't handle relative URL redirects!

-L logfile -- Set log file name

Write log information to the file logfile. This will override the value specified when you ran the configure program or by setting the macro #define WN_LOGFILE in config.h. If the empty string "" is used as the value of this option then no transaction logging will be done.

-l error_log -- Set error log file name

Write information about errors to the file error_log. This will override the value specified when you ran the configure program or by setting the macro #define WN_ERRLOGFILE in config.h. If the empty string "" is used as the value of this option then the log file given with -L is used for errors as well as regular transactions.

-n effective_uid -- Set effective user numeric id (wnsd only)

This option only has an effect when the server is run by root in the stand-alone version, i.e. wnsd. When invoked with the -n option and a numeric user id (not a user name) the server will change the user id under which it runs to the specified numeric value. If you do not use this option the user id is changed from root to the value you set when you ran the configure program (this is usually the numeric id of the user "nobody"; the 'n' in -n is a mnemonic for "nobody") or edited #define USERID in config.h. The -n option allows you to override that default when you run the server. In normal use this option is not necessary and should not be used unless you have a specific need.

-N effective_gid -- Set effective group numeric id (wnsd only)

This option only has an effect when the server is run by root in the stand-alone version, i.e. wnsd. This option is identical to the -n option except it sets the numeric group id under which the server runs rather than the user id.

-p port -- Set the port (wnsd only)

Running the command "wnsd -p 8080" will run the server on port 8080 rather than the default which is normally 80 but can be set in config.h by editing the #define DEFAULT_PORT macro. If a value less than or equal to 1024 is used then the server must be run by root (it will change its permissions after opening the port). This option is only used by wnsd since when wnd is run under the UNIX inetd(8) system utility, the port is determined by the setting in the UNIX services(5) configuration file normally found in /etc.

-q pid_file -- Set file name which contains the (wnsd) server process id.

Write the process id or "pid" of the main server process to the file "pid_file". This file name should be the full path relative to the system root. If this is not set either with the -q option, via the configure program, or by editing the macro #define SWN_PID_FILE in the config.h file then the pid will be written to the UNIX stdout(3) stream when the server is started.

-S -- Use the UNIX syslogd(8) system utility for logging.

Instead of writing log messages to a file specified with -L or in config.h, use the UNIX syslog(3) facility. If #define WN_ERRLOGFILE is set to "" and the server is run with the -S option then error logging will be handled by the syslog(3) facility. If #define WN_ERRLOGFILE is given a value or the -l option is used then errors will be logged there rather than using the UNIX syslogd(8) system utility.

-t trusted_uid -- Set trusted numeric uid

When invoked with the -t option alone wnd or wnsd will not serve a document unless the index.cache file listing it has the prescribed owner (uid). This numeric uid should be that of the maintainer not the one under which wnd or wnsd runs if started by root. Indeed, for security reasons the server will refuse to use an index.cache file whose owner is the uid under which the server is running, in this case. If on your server all index.cache files are created by a single user or a single group this option or the -T option are highly recommended. This added security is weakened somewhat if you also use the -u option which allows index.cache files owned by untrusted users to permit the serving of files owned by the same user. If both -u and -t are used the trusted user specified by -t is exempt from the restrictions imposed by the -u argument. The four command line arguments -a, -A, -t, -T all take a numeric argument. Thus the command should be "./wnsd -t 203" and not "./wnsd -t joe" if user "joe" has user id "203".

-T trusted_gid -- Set trusted numeric gid

This is similar to the -t option except the numeric group owner (gid) of the index.cache file is used instead of the numeric uid.

-u -- Restrict untrusted users

When this option is invoked the server requires that every file served (including wrappers and includes) have the same owner as the index.cache file which grants it permission to be served. This means that untrusted users can only serve files which they own. If the -t or -T option is used with -u then index.cache files owned by the trusted user or trusted group are exempt from this requirement and they may grant permission to serve any file the server can read. If the -u and -E options are used together then the -E takes precedence for execution of CGI program, a filter and executable includes, but the -u still has effect for ordinary files being served.

Notice that if none of -t, -T, and -u are used then a user with his own home page can make a symbolic link to any file readable by the server and that document will be served. This is true even if the linked to document is in a directory with limited access or is outside the server data hierarchy.

-v log_format -- Set log format

The legal values for this option are "common", "verbose", and "ncsa". They cause the log file to be written in the so-called common log format, or WN's verbose format including user agent, referrer, virtual server nickname, and cookies, or in the NCSA extended format which includes referrer and user agent. The default can be set with #define VERBOSELOG macro in config.h.

-V virtual_host_file -- Set file name which contains the list of virtual hosts

The file "virtual_host_file" should be the name of the file containing the list of "virtual hosts" and their corresponding IP numbers and root directories. The format of this file is one line per virtual host. Each such line should have the form:

hostname IP_address root_path

with the three parts separated by white space. For example an entry might be:

myhost.school.edu 111.222.333.444 /var/wn

In particular the hostname should be the fully qualified domain name. Lines in this file which are empty or start with '#' are ignored.

If the virtual host file is changed you will need to restart the server for the change to take effect.