openafs/doc/man-pages/pod8/upserver.pod

=head1 NAME

upserver - Initializes the server portion of the Update Server

=head1 SYNOPSIS

B<upserver> [<I<directory>>+]  [B<-crypt> <I<directory>>+]  [-clear <I<directory>>+]
[B<-auth> <I<directory>>+]  [B<-help>]

This command does not use the syntax conventions of the AFS command
suites. Provide the command name and all option names in full.

=head1 DESCRIPTION

The upserver command initializes the server portion of the
Update Server (the B<upserver> process). In the conventional
configuration, its binary file is located in the B</usr/afs/bin>
directory on a file server machine.

The upserver command is not normally issued at the command shell
prompt but rather placed into a file server machine's
B</usr/afs/local/BosConfig> file with the B<bos create>
command. If it is ever issued at the command shell prompt, the issuer
must be logged onto a database server machine as the local superuser
B<root>.

The upserver command specifies which of the directories on the
local disk are eligible for distribution in response to requests from the
client portion of the Update Server (the B<upclient> process) running
on other machines. If no directories are specified, the
B<upserver> process distributes the contents of any directory on its
local disk.

The upserver process can distribute a directory's contents
in encrypted or unencrypted form. By default, it does not use
encryption unless an B<upclient> process requests it (this default is
equivalent to setting the B<-clear> flag). When the
B<-crypt> flag is provided, the B<upserver> process only
fulfills requests for encrypted transfer.

For the United States edition of AFS, using the -crypt flag
guarantees that the B<upserver> process transfers a directory's
contents only in encrypted form. For the international edition, using
the B<-crypt> flag completely blocks data transfer, because the
international edition of the B<upclient> process cannot request
encrypted transfer (the B<upclient> initialization command does not
include the B<-crypt> flag).

The B<upclient> and upserver processes always mutually
authenticate, whether or not the data they pass is encrypted; they use
the key with the highest key version number in the
B</usr/afs/etc/KeyFile> file to construct a server ticket for mutual
authentication.

=head1 CAVEATS

Do not use the Update Server to distribute the contents of the
B</usr/afs/etc> directory if using the international edition of
AFS. The contents of this directory are sensitive and the international
edition of AFS does not include the encryption routines necessary for
encrypting files before transfer across the network.

=head1 OPTIONS

=over 4

=item I<directory
>

Names each directory to distribute in unencrypted form (because they
appear before the first B<-crypt> or B<-clear> flag on the
command line). If this argument is omitted, all directories on the
machine's local disk are eligible for distribution.

=item -crypt

Precedes a list of one or more directories that the upserver
process distributes only in encrypted form.

=item -clear

Precedes a list of one or more directories that the upserver
process distributes in unencrypted form unless the B<upclient> process
requests them in encrypted form. Use this argument only if a list of
directories headed by the B<-crypt> flag precedes it on the command
line.

=item -auth

Precedes a list of one or more directories which the upserver
process distributes using a form of encryption that is intermediate in
complexity and security between the unencrypted and encrypted levels set by
the B<-clear> and B<-crypt> arguments. Do not use this
argument, because the B<upclient> process does not have a
corresponding argument that it can use to request data transfer at this
level.

=item -help

Prints the online help for this command. All other valid options
are ignored.

=back

=head1 EXAMPLES

The following example bos create command defines and starts an
B<upserver> process on the host machine
B<fs1.abc.com>. The last parameter (enclosed in
quotes) instructs the B<upserver> process to distribute the contents
of the B</usr/afs/bin> directory in unencrypted form and the contents
of the B</usr/afs/etc> directory in encrypted form.

   % bos create  -server fs1.abc.com -instance upserver -type simple   \
                 -cmd "/usr/afs/bin/upserver /usr/afs/bin -crypt /usr/afs/etc"

=head1 PRIVILEGE REQUIRED

The issuer must be logged in as the superuser root on a file
server machine to issue the command at a command shell prompt. It is
conventional instead to create and start the process by issuing the B<bos
create> command.

=head1 SEE ALSO

L<BosConfig(1)>,
L<bos_create(1)>,
L<upclient(1)>

=head1 COPYRIGHT

IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0.  It was
converted from HTML to POD by software written by Chas Williams and Russ
Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.
man-page-conversion-20051208 This is the initial conversion of the AFS Adminstrators Reference into POD for use as man pages. The man pages are now generated via pod2man from regen.sh so that only those working from CVS have to have pod2man available. The Makefile only installs. The pages have also been sorted out into pod1, pod5, and pod8 directories, making conversion to the right section of man page easier without maintaining a separate list and allowing for names to be duplicated between pod5 and pod1 or pod8 (which will likely be needed in a few cases). This reconversion is done with a new script based on work by Chas Williams. In some cases, the output is worse than the previous POD pages, but this is a more comprehensive conversion. This is only the first step, and this initial conversion has various problems. In addition, the file man pages that didn't have simple names have not been converted in this pass and will be added later. Some of the man pages have syntax problems and all of them have formatting errors. The next editing pass, coming shortly, will clean up most of the remaining mess. 2005-12-08 12:14:33 +00:00			`=head1 NAME`

			`upserver - Initializes the server portion of the Update Server`

			`=head1 SYNOPSIS`

			`B<upserver> [<I<directory>>+] [B<-crypt> <I<directory>>+] [-clear <I<directory>>+]`
			`[B<-auth> <I<directory>>+] [B<-help>]`

			`This command does not use the syntax conventions of the AFS command`
			`suites. Provide the command name and all option names in full.`

			`=head1 DESCRIPTION`

			`The upserver command initializes the server portion of the`
			`Update Server (the B<upserver> process). In the conventional`
			`configuration, its binary file is located in the B</usr/afs/bin>`
			`directory on a file server machine.`

			`The upserver command is not normally issued at the command shell`
			`prompt but rather placed into a file server machine's`
			`B</usr/afs/local/BosConfig> file with the B<bos create>`
			`command. If it is ever issued at the command shell prompt, the issuer`
			`must be logged onto a database server machine as the local superuser`
			`B<root>.`

			`The upserver command specifies which of the directories on the`
			`local disk are eligible for distribution in response to requests from the`
			`client portion of the Update Server (the B<upclient> process) running`
			`on other machines. If no directories are specified, the`
			`B<upserver> process distributes the contents of any directory on its`
			`local disk.`

			`The upserver process can distribute a directory's contents`
			`in encrypted or unencrypted form. By default, it does not use`
			`encryption unless an B<upclient> process requests it (this default is`
			`equivalent to setting the B<-clear> flag). When the`
			`B<-crypt> flag is provided, the B<upserver> process only`
			`fulfills requests for encrypted transfer.`

			`For the United States edition of AFS, using the -crypt flag`
			`guarantees that the B<upserver> process transfers a directory's`
			`contents only in encrypted form. For the international edition, using`
			`the B<-crypt> flag completely blocks data transfer, because the`
			`international edition of the B<upclient> process cannot request`
			`encrypted transfer (the B<upclient> initialization command does not`
			`include the B<-crypt> flag).`

			`The B<upclient> and upserver processes always mutually`
			`authenticate, whether or not the data they pass is encrypted; they use`
			`the key with the highest key version number in the`
			`B</usr/afs/etc/KeyFile> file to construct a server ticket for mutual`
			`authentication.`

			`=head1 CAVEATS`

			`Do not use the Update Server to distribute the contents of the`
			`B</usr/afs/etc> directory if using the international edition of`
			`AFS. The contents of this directory are sensitive and the international`
			`edition of AFS does not include the encryption routines necessary for`
			`encrypting files before transfer across the network.`

			`=head1 OPTIONS`

			`=over 4`

			`=item I<directory`
			`>`

			`Names each directory to distribute in unencrypted form (because they`
			`appear before the first B<-crypt> or B<-clear> flag on the`
			`command line). If this argument is omitted, all directories on the`
			`machine's local disk are eligible for distribution.`

			`=item -crypt`

			`Precedes a list of one or more directories that the upserver`
			`process distributes only in encrypted form.`

			`=item -clear`

			`Precedes a list of one or more directories that the upserver`
			`process distributes in unencrypted form unless the B<upclient> process`
			`requests them in encrypted form. Use this argument only if a list of`
			`directories headed by the B<-crypt> flag precedes it on the command`
			`line.`

			`=item -auth`

			`Precedes a list of one or more directories which the upserver`
			`process distributes using a form of encryption that is intermediate in`
			`complexity and security between the unencrypted and encrypted levels set by`
			`the B<-clear> and B<-crypt> arguments. Do not use this`
			`argument, because the B<upclient> process does not have a`
			`corresponding argument that it can use to request data transfer at this`
			`level.`

			`=item -help`

			`Prints the online help for this command. All other valid options`
			`are ignored.`

			`=back`

			`=head1 EXAMPLES`

			`The following example bos create command defines and starts an`
			`B<upserver> process on the host machine`
			`B<fs1.abc.com>. The last parameter (enclosed in`
			`quotes) instructs the B<upserver> process to distribute the contents`
			`of the B</usr/afs/bin> directory in unencrypted form and the contents`
			`of the B</usr/afs/etc> directory in encrypted form.`

			`% bos create -server fs1.abc.com -instance upserver -type simple \`
			`-cmd "/usr/afs/bin/upserver /usr/afs/bin -crypt /usr/afs/etc"`

			`=head1 PRIVILEGE REQUIRED`

			`The issuer must be logged in as the superuser root on a file`
			`server machine to issue the command at a command shell prompt. It is`
			`conventional instead to create and start the process by issuing the B<bos`
			`create> command.`

			`=head1 SEE ALSO`

			`L<BosConfig(1)>,`
			`L<bos_create(1)>,`
			`L<upclient(1)>`

			`=head1 COPYRIGHT`

			`IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.`

			`This documentation is covered by the IBM Public License Version 1.0. It was`
			`converted from HTML to POD by software written by Chas Williams and Russ`
			`Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.`