ss5代理問題
我從官網http://ss5.sourceforge.net/上面下載了最新的ss5源碼安裝包ss5-3.6.4-3.src.rpm
安裝完后service ss5 start啟動提示
/etc/init.d/ss5: line 41: syntax error near unexpected token `;;'
/etc/init.d/ss5: line 41: ` ;;'
然後我打開這個文件,裡面代碼如下
#!/bin/sh
#
# chkconfig: 345 20 80
# description: This script takes care of starting \
# and stopping ss5
#
OS=`uname -s`
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -f /usr/sbin/ss5 ] || exit 0
fi
# Test custom variables
test -f /etc/sysconfig/ss5 && . /etc/sysconfig/ss5
# See how we were called.
case "$1" in
start)
# Start daemon.
echo -n "Starting ss5... "
if [ $OS = "Linux" ]; then
daemon /usr/sbin/ss5 -t $SS5_OPTS
touch /var/lock/subsys/ss5
if [ $OS = "SunOS" ]; then
/usr/sbin/ss5 -t
touch /var/lock/subsys/ss5
else
/usr/local/sbin/ss5 -t
fi
echo "done"
;;
stop)
# Stop daemon.
echo "Shutting down ss5... "
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
killproc ss5
rm -f /var/lock/subsys/ss5
else
killall ss5
fi
echo "done"
;;
reload)
# Reload configuration
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
echo -n "Reloading ss5... "
killproc ss5 -1
else
pkill -HUP ss5
fi
echo "done reload"
;;
restart)
# Restart daemon
echo -n "Restarting ss5... "
$0 stop
$0 start
;;
status)
if [ $OS = "Linux" ] || [ $OS = "SunOS" ]; then
status ss5
fi
;;
*)
echo "Usage: ss5 {start|stop|status|restart|reload}"
exit 1
;;
esac
exit 0
我用的是fedora8
《解決方案》
官方的srpm裡面的腳本有點小錯誤
所以就這樣了,你仔細看看這個init腳本就知道有問題了。如果你看不出有什麼問題的話,就找我以前的那篇ss5的教程,裡面的rpm製作部分的patch部分也有對ss5.init進行修改的部分,你看看就清楚了。
簽名
---
我覺得這是SS5作者為了讓大家都學習一下init腳本製作的知識而故意留下的bug~~~
《解決方案》
回復 #1 nwpulotus 的帖子
start)
# Start daemon.
echo -n "Starting ss5... "
if [ $OS = "Linux" ]; then
daemon /usr/sbin/ss5 -t $SS5_OPTS
touch /var/lock/subsys/ss5
fi
if [ $OS = "SunOS" ]; then
前面一個if未完結,所以要加個fi結束。
[ 本帖最後由 weekend 於 2008-3-2 16:31 編輯 ]
《解決方案》
噢,正在學習shell編程,麻煩大家了,現在搞定了。
《解決方案》
回復 #1 nwpulotus 的帖子
改成這樣子就好了。
# See how we were called.
case "$1" in
start)
# Start daemon.
echo -n "Starting ss5... "
if [ $OS = "Linux" ]; then
daemon /usr/sbin/ss5 -t $SS5_OPTS
touch /var/lock/subsys/ss5
elif [ $OS = "SunOS" ]; then
/usr/sbin/ss5 -t
touch /var/lock/subsys/ss5
但是還是有問題,不太明白ss5它的配置文件在這裡不能配置嘛?
很奇怪的問題,我啟動ss5,如果ss5.conf是是原始文件,代理是可以用的,但是只要是設置要驗證,就是按照coolzsb 的那篇帖子里的設置,代理就不能用了,設置的帳號信息好像不好用,真是不明白。
《解決方案》
把你的設置貼出來看看,密碼信息記得隱藏
原帖由 nwpulotus 於 2008-3-2 23:17 發表 http://bbs.chinaunix.net/images/common/back.gif
但是只要是設置要驗證,就是按照coolzsb 的那篇帖子里的設置,代理就不能用了,設置的帳號信息好像不好用
簽名
---
每個很妖異的問題後面都有一個很弱智的理由
《解決方案》
回復 #6 coolzsb 的帖子
#
# SECTION <VARIABLES AND FLAGS>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: set
#
# set option name:
# SS5_DNSORDER -> order dns answer
# SS5_VERBOSE -> enable verbose output to be written into logfile
# SS5_CONSOLE -> enable web console
# SS5_STIMEOUT -> set session idle timeout (default 1800 seconds)
# SS5_LDAP_TIMEOUT -> set ldap query timeout
# SS5_LDAP_BASE -> set BASE method for profiling (see PROFILING section)
# Is default option!
# SS5_LDAP_FILTER -> set FILTER method for profiling (see PROFILING
# section)
# SS5_PAM_AUTH -> set PAM authentication
# SS5_AUTHCACHEAGE -> set age in seconds for authentication cache
# SS5_AUTHOCACHEAGE -> set age in seconds for authorization cache
# SS5_STICKYAGE -> enable affinity session
# SS5_STICKYSESSION -> set age for affinity
# SS5_PROCESSLIFE -> set number of requests process must servs before
# closing
# SS5_NETBIOS_DOMAIN -> enable netbios domain mapping with directory store,
# during autorization process
#
# ///////////////////////////////////////////////////////////////////////////////////
#
# SECTION <AUTHENTICATION>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: auth
#
# auth source host, source port, authentication type
#
# Some examples:
#
# Authentication from 10.253.8.0 network
# auth 10.253.8.0/22 - u
#
# Fake authentication from 10.253.0.0 network. In this case, ss5 request
# authentication but doesn't check for password. Use fake authentication
# for logging or profiling purpose.
# auth 10.253.0.0/16 - n
#
# Fake authentication: ss5 doesn't check for correct password but fetchs
# username for profiling.
# auth 0.0.0.0/0 - n
#
# TAG: external_auth_program
#
# external_auth_program program name and path
#
# Some examples:
#
# Use shell file to autheticate user via ldap query
# external_auth_program /usr/local/bin/ldap.sh
#
# ///////////////////////////////////////////////////////////////////////////////////
# SHost SPort Authentication
#
auth 0.0.0.0/0 - u
#
# SECTION <PROXIES>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: proxy/noproxy
#
# proxy/noproxy dst host/network, dst port, socks proxy address, port address, ver
#
# Some examples:
#
# Proxy request for 172.0.0.0 network to socks server 10.253.9.240 on port 1081:
#
# if authentication is request, downstream socks server have to check it;
# if resolution is request, downstream socks server does it before proxying
# the request toward the upstream socks server.
# proxy 172.0.0.0/16 - 10.253.9.240 1081
#
# SS5 makes direct connection to 10.253.0.0 network (in this case, port value is not
# verified) without using upstream proxy server
# noproxy 0.0.0.0/0 - 10.253.0.0/16 1080 -
#
# ///////////////////////////////////////////////////////////////////////////////////
# DHost/Net DPort DProxyip DProxyPort SocksVer
#
# proxy 0.0.0.0/0 - 1.1.1.1 - -
#
# SECTION <DUMP>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: dump
#
# dump dst host/network, dst port, dump mode (0=rx, 1=tx, 2=rx+tx)
#
# Some examples:
#
# Dump traffic for 172.30.1.0 network on port 1521:
#
# if authentication is request, downstream socks server have to check it;
# if resolution is request, downstream socks server does it before proxying
# the request toward the upstream socks server.
# dump 172.30.1.0/24 1521 2
#
# ///////////////////////////////////////////////////////////////////////////////////
# DHost/Net DPort Dump mode (0=rx,1=tx,2=rx+tx)
#
# dump 0.0.0.0/0 - 1
#
# SECTION <ACCESS CONTROL>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: permit/deny
# permit/deny src auth flag, host/network, src port, dst host/network, dst port,
# fixup, group, bandwidth (from 256 bytes per second to 2147483647), expdate
#
# Some examples:
#
# FTP Control + Passive Mode
# permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
#
# FTP DATA Active Mode
# permit - 0.0.0.0/0 - 172.0.0.0/8 21 - - - -
# permit - 172.0.0.0/8 - 0.0.0.0/0 - - - - -
#
# Query DNS
# permit - 0.0.0.0/0 - 172.30.0.1/32 53 - - - -
#
# Http + fixup
# permit - 0.0.0.0/0 - www.example.com 80 http - - -
#
# Http + fixup + profile + bandwidth (bytes x second)
# permit - 0.0.0.0/0 - www.example.com 80 http admin 10240 -
#
# Sftp + profile + bandwidth (bytes x second)
# permit - 0.0.0.0/0 - sftp.example.com 22 - developer 102400 -
#
# Http + fixup
# permit - 0.0.0.0/0 - web.example.com 80 - - - -
#
# Http + fixup + user autentication required with expiration date to 31/12/2006
# permit u 0.0.0.0/0 - web.example.com 80 - - - 31-12-2006
#
# Deny all connection to web.example.com
# deny - 0.0.0.0/0 - web.example.com - - - - -
#
#
# /////////////////////////////////////////////////////////////////////////////////////////////////
# Auth SHost SPort DHost DPort Fixup Group Band ExpDate
#
#permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -
permit u 0.0.0.0/0 - 0.0.0.0/0 - - ulimit - -
permit u 0.0.0.0/0 - 0.0.0.0/0 - - limit 64000 -
#
# SECTION <PROFILING>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# 1) File profiling:
#
# ss5 look for a file name specified in permit line in the /etc/ss5 directory.
# This file must contain user members. File profiling is the default option.
#
# 2) Ldap profiling:
#
# ldap_profile_ip (directory internet address)
# ldap_profile_port (directory port)
# ldap_profile_base (ss5 replaces % with "group specified in permit line"
# if SS5LDAP_BASE if specified, otherwise if
# SS5LDAP_FILTER is specified, it uses base and search
# for group as attribute in user entry; see examples)
# ldap_profile_filter (ss5 uses filter for search operation)
# ldap_profile_dn (directory manager or another user authorized to
# query the directory)
# ldap_profile_pass ("dn" password)
# ldap_netbios_domain (If SS5_NETBIOS_DOMAIN option is set, ss5 map netbios
# domain user in authentication request with his configured
# directory sever. Otherwise no match is done and
# directory are contacted in order of configuration)
#
# Some examples:
#
# Directory configuration for ldap profiling with SS5LDAP_BASE option:
# in this case, ss5 look for attribute uid="username" with base ou="group",
# dc=example,dc=com where group is specified in permit line as
# "permit - - - - - group - -
#
# Note: in this case, attribute value is not userd
#
# ldap_profile_ip 10.10.10.1
# ldap_profile_port 389
# ldap_profile_base ou=%,dc=example,dc=com
# ldap_profile_filter uid
# ldap_profile_attribute gid
# userd ldap_profile_dn cn=root,dc=example,dc=com
# ldap_profile_pass secret
# ldap_netbios_domain dir
#
# Directory configuration for ldap profiling with SS5LDAP_FILTER option:
# in this case, ss5 look for attributes uid="username" & "gid=group" with
# base dc=example,dc=com where group is specified in permit line as
# "permit - - - - - group - -
#
# Note: you can also use a base like "ou=%,dc=example,dc=com", where %
# will be replace with "group".
#
# ldap_profile_ip 10.10.10.1
# ldap_profile_port 389
# ldap_profile_base ou=Users,dc=example,dc=com
# ldap_profile_filter uid
# ldap_profile_attribute gecos
# ldap_profile_dn cn=root,dc=example,dc=com
# ldap_profile_pass secret
# ldap_domain_domain dir
#
# Sample OpenLdap log:
# conn=304 op=0 BIND dn="cn=root,dc=example,dc=com" mech=simple ssf=0
# conn=304 op=0 RESULT tag=97 err=0 text=
# conn=304 op=1 SRCH base="ou=Users,dc=example,dc=com" scope=1 filter="(&(uid=usr1)(gecos=Users))"
# conn=304 op=1 SRCH attr=gecos
#
# where ldap entry is:
# dn: uid=usr1,ou=Users,dc=example,dc=com
# uid: usr1
# cn: usr1
# objectClass: account
# objectClass: posixAccount
# objectClass: top
# userPassword:: dXNyMQ==
# loginShell: /bin/bash
# homeDirectory: /home/usr1
# uidNumber: 1
# gidNumber: 1
# gecos: Users
#
# SECTION <SERVER BALANCE>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# TAG: virtual
#
# virtual virtual identification (vid), real ip server
#
# Some examples:
#
# Two vip balancing on three real server each one
# virtual 1 172.30.1.1
# virtual 1 172.30.1.2
# virtual 1 172.30.1.3
#
# virtual 2 172.30.1.6
# virtual 2 172.30.1.7
# virtual 2 172.30.1.8
#
# Note: Server balancing only works with -t option, (threaded mode) and ONLY
# with "connect" operation.
#
# ///////////////////////////////////////////////////////////////////////////////////
# Vid Real ip
#
#vitual - -
# SECTION <PROFILING>
# \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
#
# 1) File profiling:
#
# ss5 look for a file name specified in permit line in the /etc/ss5 directory.
# This file must contain user members. File profiling is the default option.
我注意到它說ss5在/etc/ss5中查找在permit中用到的文件,而coolzsb發的那個帖子里說的是在/etc/opt/ss5目錄下建相應的文件。
《解決方案》
if [ $OS = "Linux" ]; then
daemon /usr/sbin/ss5 -t $SS5_OPTS
touch /var/lock/subsys/ss5
if [ $OS = "SunOS" ]; then
/usr/sbin/ss5 -t
touch /var/lock/subsys/ss5
fi <-- 少個
else
/usr/local/sbin/ss5 -t
fi
echo "done"
;;
《解決方案》
回復 #7 nwpulotus 的帖子
把以下命令的結果貼上來
ls -lh /etc/opt/ss5
su nobody
more /etc/opt/ss5/limit
簽名
---
應該還是許可權的問題,要確保nobody用戶有讀取/etc/opt/ss5目錄下所有文件的許可權
簽名
---
如果你的ss5的確是最新版本的話,那就應該是這個問題
《解決方案》
以前覺得可能是沒有許可權,chmod 777 /etc/opt/ss5/ 了下
# ls /etc/opt/ss5/ -lh
total 24K
-rwxrwxrwx 1 root root 20 2008-03-02 17:37 limit
-rwxrwxrwx 1 root root 9.1K 2008-03-03 00:20 ss5.conf
-rwxrwxrwx 1 root root 56 2008-03-02 23:25 ss5.passwd
-rwxrwxrwx 1 root root 6 2008-03-02 17:33 ulimit
# su nobody
This account is currently not available.
//vipw nobody 裡面顯示nobody:x:99:99:Nobody:/:/sbin/nologin
請賜教。
