2005-12-08 12:14:33 +00:00
|
|
|
=head1 NAME
|
|
|
|
|
|
|
|
bosserver - Initializes the BOS Server
|
|
|
|
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
|
2006-03-01 05:02:29 +00:00
|
|
|
=for html
|
|
|
|
<div class="synopsis">
|
|
|
|
|
2011-10-06 11:03:07 +01:00
|
|
|
B<bosserver>
|
|
|
|
S<<< [B<-noauth>] >>>
|
|
|
|
S<<< [B<-log>] >>>
|
|
|
|
S<<< [B<-enable_peer_stats>] >>>
|
2020-12-04 17:16:57 +00:00
|
|
|
S<<< [B<-auditlog> [<I<interface>>:]<I<path>>[:<I<options>>]] >>>
|
|
|
|
S<<< [B<-audit-interface> <I<default interface>>>] >>>
|
2011-10-06 11:03:07 +01:00
|
|
|
S<<< [B<-enable_process_stats>] >>>
|
|
|
|
S<<< [B<-allow-dotted-principals>] >>>
|
|
|
|
S<<< [B<-cores>[=none|<I<path>>]] >>>
|
|
|
|
S<<< [B<-restricted>] >>>
|
|
|
|
S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
|
|
|
|
S<<< [B<-rxbind>] >>>
|
|
|
|
S<<< [B<-syslog>[=<I<facility>>]>] >>>
|
2015-02-06 16:33:48 +00:00
|
|
|
S<<< [B<-transarc-logs>] >>>
|
2011-10-06 11:03:07 +01:00
|
|
|
S<<< [B<-pidfiles>[=<I<path>>]] >>>
|
|
|
|
S<<< [B<-nofork>] >>>
|
|
|
|
S<<< [B<-help>] >>>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2006-03-01 05:02:29 +00:00
|
|
|
=for html
|
|
|
|
</div>
|
|
|
|
|
2005-12-08 12:14:33 +00:00
|
|
|
=head1 DESCRIPTION
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
The bosserver command initializes the Basic OverSeer (BOS) Server
|
|
|
|
(B<bosserver> process). In the conventional configuration, the binary file
|
|
|
|
is located in the F</usr/afs/bin> directory on a file server machine.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
The BOS Server must run on every file server machine and helps to automate
|
|
|
|
file server administration by performing the following tasks:
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Monitors the other AFS server processes on the local machine, to make sure
|
|
|
|
they are running correctly.
|
|
|
|
|
|
|
|
=item *
|
|
|
|
|
|
|
|
Automatically restarts failed processes, without contacting a human
|
|
|
|
operator. When restarting multiple server processes simultaneously, the
|
2005-12-13 19:21:13 +00:00
|
|
|
BOS Server takes interdependencies into account and initiates restarts in
|
|
|
|
the correct order.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Processes commands from the bos suite that administrators issue to verify
|
|
|
|
the status of server processes, install and start new processes, stop
|
|
|
|
processes either temporarily or permanently, and restart halted processes.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=item *
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Manages system configuration information: the files that list the cell's
|
|
|
|
server encryption keys, database server machines, and users privileged to
|
|
|
|
issue commands from the B<bos> and B<vos> suites.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
2009-07-24 21:18:31 +01:00
|
|
|
The BOS Server is configured via the F<BosConfig> configuration file.
|
|
|
|
Normally, this file is managed via the B<bos> command suite rather than
|
|
|
|
edited directly. See the L<BosConfig(5)> man page for the syntax of this
|
|
|
|
file.
|
|
|
|
|
|
|
|
The BOS Server will rewrite B<BosConfig> when shutting down, so changes
|
|
|
|
made manually to it will be discarded. Instead, to change the BOS Server
|
|
|
|
configuration only for the next restart of B<bosserver>, create a file
|
|
|
|
named F</usr/afs/local/BosConfig.new>. If B<BosConfig.new> exists when
|
|
|
|
B<bosserver> starts, it is renamed to F</usr/afs/local/BosConfig>,
|
|
|
|
removing any existing file by that name, before B<bosserver> reads its
|
|
|
|
configuration.
|
|
|
|
|
2005-12-08 12:14:33 +00:00
|
|
|
The BOS Server logs a default set of important events in the file
|
2005-12-13 19:21:13 +00:00
|
|
|
F</usr/afs/logs/BosLog>. To record the name of any user who performs a
|
|
|
|
privileged B<bos> command (one that requires being listed in the
|
|
|
|
F</usr/afs/etc/UserList> file), add the B<-log> flag. To display the
|
|
|
|
contents of the B<BosLog> file, use the B<bos getlog> command.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
The first time that the BOS Server initializes on a server machine, it
|
2005-12-13 19:21:13 +00:00
|
|
|
creates several files and subdirectories in the local F</usr/afs>
|
2005-12-08 12:14:33 +00:00
|
|
|
directory, and sets their mode bits to protect them from unauthorized
|
2005-12-13 19:21:13 +00:00
|
|
|
access. Each time it restarts, it checks that the mode bits still comply
|
|
|
|
with the settings listed in the following chart. A question mark indicates
|
|
|
|
that the BOS Server initially turns off the bit (sets it to the hyphen),
|
|
|
|
but does not check it at restart.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2009-07-24 21:03:48 +01:00
|
|
|
/usr/afs drwxr?xr-x
|
|
|
|
/usr/afs/backup drwx???---
|
|
|
|
/usr/afs/bin drwxr?xr-x
|
|
|
|
/usr/afs/db drwx???---
|
|
|
|
/usr/afs/etc drwxr?xr-x
|
|
|
|
/usr/afs/etc/KeyFile -rw????---
|
|
|
|
/usr/afs/etc/UserList -rw?????--
|
|
|
|
/usr/afs/local drwx???---
|
|
|
|
/usr/afs/logs drwxr?xr-x
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
If the mode bits do not comply, the BOS Server writes the following
|
|
|
|
warning to the F<BosLog> file:
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Bosserver reports inappropriate access on server directories
|
|
|
|
|
|
|
|
However, the BOS Server does not reset the mode bits, so the administrator
|
2005-12-13 19:21:13 +00:00
|
|
|
can set them to alternate values if desired (with the understanding that
|
|
|
|
the warning message then appears at startup).
|
|
|
|
|
|
|
|
This command does not use the syntax conventions of the AFS command
|
|
|
|
suites. Provide the command name and all option names in full.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 OPTIONS
|
|
|
|
|
|
|
|
=over 4
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-noauth>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2013-11-04 01:04:30 +00:00
|
|
|
Turns off all authorization checks, and allows all connecting users to act as
|
|
|
|
administrators, even unauthenticated users. The use of this option is
|
|
|
|
inherently insecure, and should only be used in controlled environments for
|
|
|
|
experimental or debug purposes. See L<NoAuth(5)>.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-log>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Records in the F</usr/afs/logs/BosLog> file the names of all users who
|
|
|
|
successfully issue a privileged B<bos> command (one that requires being
|
|
|
|
listed in the F</usr/afs/etc/UserList> file).
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2010-05-14 21:03:32 +01:00
|
|
|
=item B<-cores=>none|<I<path>>
|
|
|
|
|
|
|
|
The argument none turns off core file generation. Otherwise, the
|
|
|
|
argument is a path where core files will be stored.
|
|
|
|
|
2020-12-04 17:16:57 +00:00
|
|
|
=item B<-auditlog> [<I<interface>>:]<I<path>>[:<I<options>>]
|
2009-06-24 22:46:27 +01:00
|
|
|
|
2009-07-25 18:37:08 +01:00
|
|
|
Turns on audit logging, and sets the path for the audit log. The audit
|
2009-07-27 02:26:59 +01:00
|
|
|
log records information about RPC calls, including the name of the RPC
|
2009-07-25 18:37:08 +01:00
|
|
|
call, the host that submitted the call, the authenticated entity (user)
|
|
|
|
that issued the call, the parameters for the call, and if the call
|
2020-12-04 17:16:57 +00:00
|
|
|
succeeded or failed. See L<fileserver(8)> for an explanation of the audit
|
|
|
|
facility.
|
2009-06-24 22:46:27 +01:00
|
|
|
|
2020-12-04 17:16:57 +00:00
|
|
|
=item B<-audit-interface> <I<default interface>>
|
2009-06-24 22:46:27 +01:00
|
|
|
|
2020-12-04 17:16:57 +00:00
|
|
|
Sets the default audit interface used by the B<-auditlog> option. The
|
|
|
|
initial default is the C<file> interface. See L<fileserver(8)> for
|
|
|
|
an explanation of each interface.
|
2009-06-24 22:46:27 +01:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-enable_peer_stats>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Activates the collection of Rx statistics and allocates memory for their
|
2005-12-13 19:21:13 +00:00
|
|
|
storage. For each connection with a specific UDP port on another machine,
|
|
|
|
a separate record is kept for each type of RPC (FetchFile, GetStatus, and
|
|
|
|
so on) sent or received. To display or otherwise access the records, use
|
|
|
|
the Rx Monitoring API.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-enable_process_stats>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
Activates the collection of Rx statistics and allocates memory for their
|
|
|
|
storage. A separate record is kept for each type of RPC (FetchFile,
|
|
|
|
GetStatus, and so on) sent or received, aggregated over all connections to
|
|
|
|
other machines. To display or otherwise access the records, use the Rx
|
|
|
|
Monitoring API.
|
|
|
|
|
2009-05-05 14:30:24 +01:00
|
|
|
=item B<-allow-dotted-principals>
|
2008-01-23 04:13:55 +00:00
|
|
|
|
|
|
|
By default, the RXKAD security layer will disallow access by Kerberos
|
|
|
|
principals with a dot in the first component of their name. This is to avoid
|
|
|
|
the confusion where principals user/admin and user.admin are both mapped to the
|
|
|
|
user.admin PTS entry. Sites whose Kerberos realms don't have these collisions
|
|
|
|
between principal names may disable this check by starting the server
|
|
|
|
with this option.
|
|
|
|
|
2009-12-24 13:00:53 +00:00
|
|
|
=item B<-restricted>
|
|
|
|
|
|
|
|
In normal operation, the bos server allows a super user to run any command.
|
|
|
|
When the bos server is running in restricted mode (either due to this
|
|
|
|
command line flag, or when configured by L<bos_setrestricted(8)>) a number
|
|
|
|
of commands are unavailable. Note that this flag persists across reboots.
|
|
|
|
Once a server has been placed in restricted mode, it can only be opened up
|
|
|
|
by sending the SIGFPE signal.
|
|
|
|
|
2011-10-06 11:03:07 +01:00
|
|
|
=item B<-rxmaxmtu> <I<bytes>>
|
|
|
|
|
|
|
|
Sets the maximum transmission unit for the RX protocol.
|
|
|
|
|
|
|
|
=item B<-rxbind>
|
|
|
|
|
|
|
|
Bind the Rx socket to the primary interface only. If not specified, the
|
|
|
|
Rx socket will listen on all interfaces.
|
|
|
|
|
|
|
|
=item B<-syslog>[=<I<facility>>]>
|
|
|
|
|
|
|
|
Specifies that logging output should go to syslog instead of the normal
|
|
|
|
log file. B<-syslog>=I<facility> can be used to specify to which facility
|
|
|
|
the log message should be sent.
|
|
|
|
|
2015-02-06 16:33:48 +00:00
|
|
|
=item B<-transarc-logs>
|
|
|
|
|
|
|
|
Use Transarc style logging features. Rename the existing log file
|
|
|
|
F</usr/afs/logs/BosLog> to F</usr/afs/logs/BosLog.old> when the bos server is
|
|
|
|
restarted. This option is provided for compatibility with older versions.
|
|
|
|
|
2011-10-06 11:03:07 +01:00
|
|
|
=item B<-pidfiles>[=<I<path>>]
|
|
|
|
|
|
|
|
Create a one-line file containing the process id (pid) for each non-cron
|
|
|
|
process started by the BOS Server. This file is removed by the BOS Server when
|
|
|
|
the process exits. The optional <I<path>> argument specifies the path where
|
|
|
|
the pid files are to be created. The default location is C</usr/afs/local>.
|
|
|
|
|
|
|
|
The name of the pid files for C<simple> BOS Server process types are the BOS
|
|
|
|
Server instance name followed by C<.pid>.
|
|
|
|
|
|
|
|
The name of the pid files for C<fs> and C<dafs> BOS Server process types are
|
|
|
|
the BOS Server type name, C<fs> or C<dafs>, followed by the BOS Server core
|
|
|
|
name of the process, followed by C<.pid>. The pid file name for the
|
|
|
|
C<fileserver> process is C<fs.file.pid>. The pid file name for the C<volserver>
|
|
|
|
is C<fs.vol.pid>.
|
|
|
|
|
|
|
|
BOS Server instance names are specfied using the B<bos create> command. See
|
|
|
|
L<bos_create> for a description of the BOS Server process types and instance
|
|
|
|
names.
|
|
|
|
|
|
|
|
=item B<-nofork>
|
|
|
|
|
|
|
|
Run the BOS Server in the foreground. By default, the BOS Server process will
|
|
|
|
fork and detach the stdio, stderr, and stdin streams.
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
=item B<-help>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
Prints the online help for this command. All other valid options are
|
|
|
|
ignored.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=back
|
|
|
|
|
|
|
|
=head1 EXAMPLES
|
|
|
|
|
|
|
|
The following command initializes the BOS Server and logs the names of
|
|
|
|
users who issue privileged B<bos> commands.
|
|
|
|
|
2011-10-06 11:03:07 +01:00
|
|
|
% bosserver -log
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 PRIVILEGE REQUIRED
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
The issuer most be logged onto a file server machine as the local
|
|
|
|
superuser C<root>.
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 SEE ALSO
|
|
|
|
|
2005-12-13 19:21:13 +00:00
|
|
|
L<BosConfig(5)>,
|
|
|
|
L<BosLog(5)>,
|
|
|
|
L<bos(8)>,
|
|
|
|
L<bos_create(8)>,
|
|
|
|
L<bos_exec(8)>,
|
|
|
|
L<bos_getlog(8)>,
|
|
|
|
L<bos_getrestart(8)>,
|
|
|
|
L<bos_restart(8)>,
|
2009-12-24 13:00:53 +00:00
|
|
|
L<bos_setrestricted(8)>,
|
2005-12-13 19:21:13 +00:00
|
|
|
L<bos_shutdown(8)>,
|
|
|
|
L<bos_start(8)>,
|
|
|
|
L<bos_startup(8)>,
|
|
|
|
L<bos_status(8)>,
|
|
|
|
L<bos_stop(8)>
|
2005-12-08 12:14:33 +00:00
|
|
|
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
|
|
|
|
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
|
|
|
|
|
|
|
|
This documentation is covered by the IBM Public License Version 1.0. It was
|
|
|
|
converted from HTML to POD by software written by Chas Williams and Russ
|
|
|
|
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
|