[arch-general] Leafnode and Systemd

Dave Reisner d at falconindy.com
Mon Oct 22 19:40:37 EDT 2012 

On Tue, Oct 23, 2012 at 12:34:20AM +0100, Whiskers wrote:
> On Mon, 22 Oct 2012 18:40:23 -0400 Dave Reisner <d at falconindy.com> wrote:
> 
> >On Mon, Oct 22, 2012 at 11:19:37PM +0100, Whiskers wrote:
> >> Thank you to all those who responded  :))
> >> 
> >> I now have Leafnode-2 up and running smoothly with systemd.
> >> 
> >> I have created these files:
> >> 
> >>   $ cat /etc/systemd/system/leafnode.socket
> >>   [Unit]
> >>   Description=Leafnode NNTP Socket
> >>   
> >>   [Socket]
> >>   ListenStream=119
> >>   Accept=yes
> >>   
> >>   [Install]
> >>   WantedBy=sockets.target
> >> 
> >> and
> >> 
> >>   $ cat /etc/systemd/system/leafnode at .service
> >>   [Unit]
> >>   Description=Leafnode NNTP service
> >>   After=syslog.target
> >
> >This isn't needed. syslog is always available thanks to the journal
> >socket.
> 
> OK.
> 
> >>   
> >>   [Service]
> >>   ExecStart=/usr/local/sbin/leafnode
> >
> >/usr/local?
> 
> That's where Leafnode-2 puts itself by default.

I assumed you were using the package in [community].

> >>   StandardInput=socket
> >>   User=news
> >> 
> >> Access control depends entirely on ufw (iptables), rather than
> >> specifying a hostname or IPv6 or IPv4 number in leafnode.socket,
> >> although that would
> >
> >Binding to a specifc IP is hardly what I'd call access control.
> 
> Wouldn't "ListenStream=127.0.0.1;119" prevent anyone not logged in to
> localhost from using Leafnode?

Sure. Nit: Would be a colon, not a semi-colon delimiter.

> >> probably work instead.  The ListenStream line could probably be omitted
> >> entirely, unless some port other than 119 is required.
> >
> >Without the ListenStream declaration, systemd has no idea what port to
> >open the socket on. It's needed.
> 
> Xinetd doesn't need to be told.  Isn't there a table of standard ports for
> specified services?

Yes, there's a table of standard ports -- it's /etc/services. It merely
lets you refer to ports by name rather than by number. Something still
needs to indicate what port to listen on, regardless of how its
mentioned. So, I call bull on xinetd not needing to know this.
_somehow_ it's being told.

d

More information about the arch-general mailing list