1. Marcin Kasperski
  2. track/chessd/bics_aramen

Overview

HTTPS SSH
Introduction
------------

This is an enhanced version of the 'lasker' internet chess server. I
started to enhance Lasker when I needed a working chess server for a
local school. You can get the original 'lasker' release from
http://chessd.sourceforge.net/ and you can get my enhanced version
from http://chess.samba.org/

Here is a list of some of the new features in this version:

     - lots and lots of bugs fixed
     - timeseal support added (see timeseal/README for details)
     - server configuration via 'aconfig' command instead of config.h
     - added multi-part command parsing (commands separated by ';')
     - enhanced aliases
     - build/install process fixed
     - fixed help system
     - transparent server reload (upgrade without disturbing connections or games)


Installation
------------

First you need to configure and compile the chessd server. Do
something like the following:

	  cd src
	  ./configure --prefix=/usr/local
	  make

Then to install the server run "make install". That will install a
basic skeleton installation in /usr/local/chessd. 

Setting up
----------

Next you will want to launch your chess server using the command:
     bin/chessd -f -p 5000
while in the chessd/ directory. This will launch the chess server
using the skeleton data you installed above.

I highly recommend creating a separate account on your machine to run
the chess daemon. This user should own all files in the chessd
directory.

After you launch chessd for the first time you will need to login as
the special user 'admin'. That username will be recognised as the
server administrator and you will be logged in with the rather unusual
combination of a head administrator who is also an unregistered
player.

The first thing you will want to do as the admin user is create a
proper 'admin' account with a password. Use the command 'addplayer'
while logged in as the admin user to create the admin account. You
will be told the password. Then you should immediately logout and log
back in using the admin password you have just been given. You will
probably want to change this password using the 'asetpass' command. 

You may also find the following commands useful:
    ahelp addplayer
    ahelp asetpass
    ahelp commands


Securing your server
--------------------

The source code for this chess server has been hacked on by dozens of
people over the years. It almost certainly has exploitable buffer
overruns or other security holes. If you are like me then you won't
like the idea of running an insecure program like that on your server.

To make it a lot more secure you can choose to run the chess server in
a chroot jail. This makes it much harder for an attacker to gain a
foothold on your server. It won't prevent them from crashing the
chessd process but it will prevent them from gaining access to other
parts of the system.

To run chessd in a chroot jail you need to do the following:

   1) chessd needs to be setuid root. I know this sounds bizarre, but
      it needs root privileges to use the chroot() system
      call. Immediately after the chroot chessd will permanently lose
      its root privileges and instead become the user that launched
      chessd. To make chessd setuid root do this as root:
	      chown root chessd
	      chmod u+s chessd

   2) pass the command line option -R to tell chessd that it should
      chroot to the current directory. So to launch chessd you can use
      this:
		chessd -p 5000 -T /usr/local/bin/timeseal_decoder -R /usr/local/chessd

      You may also like to look at the start_chessd script in the
      scripts directory. This is the script I use to keep chessd
      always running on my machine.

If you do use the -R option then I also recommend that you don't place
any of the chess server binaries (or any other binaries or libraries)
inside the chessd directory. That will increase the security of your
server a little.


Email spool
-----------

This chess server does not send emails directly, instead it puts
outgoing emails in the spool/ directory and waits for some external
program or script to deliver them. I designed it this way as it makes
it possible to send email from a chess server in a chroot jail, and
offers more flexibility in how email is handled (as that tends to vary
a lot between systems).

If you run sendmail then the sample script in scripts/spool_sendmail
might be good enough. Just run this script at startup and it will send
all spooled mail every minute.


Server reload
-------------

This version of chessd supports reloading the server code without
having to shutdown the server or disturb any games that are in
progress. This allows for on the fly upgrades, hopefully without the
users even noticing that the system is being upgraded.

In order to support this functionality I had to make the source code
rather more Linux specific than it was previously, but I think that is
worth it for the functionality. It would be possible to port the code
to many other platforms, but I have not yet done so.

To reload the server use the command 'areload'. You must be at the
ADMIN_GOD admin level to issue this command.

Updates
-------

Updates will be available on http://chess.samba.org/

You may wish to use the cvs version to enable you to update more
easily. I will only be doing tar ball releases occasionally.

License
-------

This chess server release is under the GNU General Public License,
which is the license used by the original chess server written by
Richard Nash. Various parts of the server are under different
licenses, depending on who wrote what part, but I believe that all of
the licenses are compatible with the GPL.

The reason I chose the GPL for this release is that I don't want this
code to become proprietary again. This has happened at least 3 times
in the past with this source code and while I'm sure there were very
good reasons at the time, it does mean that the freely available chess
servers have not benefited from the considerable development that has
happened over the past seven years. 

I also chose the GPL because it allows me to incorporate source code
from other GPLd projects. This saved me quite a lot of time, and is
sure to be useful again.


--------------------------------
Andrew Tridgell
tridge@chess.samba.org June 2002
--------------------------------