On Tue, Oct 23, 2012 at 12:34:20AM +0100, Whiskers wrote:
On Mon, 22 Oct 2012 18:40:23 -0400 Dave Reisner <d@falconindy.com> wrote:
On Mon, Oct 22, 2012 at 11:19:37PM +0100, Whiskers wrote:
Thank you to all those who responded :))
I now have Leafnode-2 up and running smoothly with systemd.
I have created these files:
$ cat /etc/systemd/system/leafnode.socket [Unit] Description=Leafnode NNTP Socket
[Socket] ListenStream=119 Accept=yes
[Install] WantedBy=sockets.target
and
$ cat /etc/systemd/system/leafnode@.service [Unit] Description=Leafnode NNTP service After=syslog.target
This isn't needed. syslog is always available thanks to the journal socket.
OK.
[Service] ExecStart=/usr/local/sbin/leafnode
/usr/local?
That's where Leafnode-2 puts itself by default.
I assumed you were using the package in [community].
StandardInput=socket User=news
Access control depends entirely on ufw (iptables), rather than specifying a hostname or IPv6 or IPv4 number in leafnode.socket, although that would
Binding to a specifc IP is hardly what I'd call access control.
Wouldn't "ListenStream=127.0.0.1;119" prevent anyone not logged in to localhost from using Leafnode?
Sure. Nit: Would be a colon, not a semi-colon delimiter.
probably work instead. The ListenStream line could probably be omitted entirely, unless some port other than 119 is required.
Without the ListenStream declaration, systemd has no idea what port to open the socket on. It's needed.
Xinetd doesn't need to be told. Isn't there a table of standard ports for specified services?
Yes, there's a table of standard ports -- it's /etc/services. It merely lets you refer to ports by name rather than by number. Something still needs to indicate what port to listen on, regardless of how its mentioned. So, I call bull on xinetd not needing to know this. _somehow_ it's being told. d