Gerrits #13774 (audit: Support multiple audit interfaces and interface
options) and #13775 (audit: Add cmd helper for processing audit options)
added support in the audit facility for multiple audit logs.
Add command line support to use multiple audit logs for daemons that use
libcmd for command line processing: bosserver, buserver, butc,
fileserver, volserver, ptserver, and vlserver.
Update the daemons to add a call to audit_open, and where possible add a
call to audit_close when shutting down the daemon.
Update help message and manpage entries for -auditlog and
-audit-interface
Change-Id: I4356e1aa84f580897a0e788e2a2829685be891aa
Reviewed-on: https://gerrit.openafs.org/13776
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Do not create new server log files when servers are restarted by
default. External log rotation tools may be used to rotate the logs by
renaming log files and then signaling server processes to reopen
log files.
Add the -transarc-logs option to each server to provide backward
compatibility with the traditional Transarc-style logging. When
-transarc-logs is given, log files are renamed to an ".old" file
(overwriting the existing ".old" file) and the previous the log file is
truncated.
Change-Id: I2eeb67e3db32b2f75fe685b68dab1159e62061e9
Reviewed-on: https://gerrit.openafs.org/11731
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Fix -noauth documentation. The current documentation is referring to
the client-side -noauth option, but this is actually the server-side
-noauth option, which is very different.
Change-Id: I65154aef4734e69bb0f3ae485baacac11a718488
Reviewed-on: http://gerrit.openafs.org/10401
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Derrick Brashear <shadow@your-file-system.com>
Add the new -pidfiles option to the man page. Add a few other missing
options as well.
Change-Id: I2d72ec9948edb4dce4c6b6d974915d4ac7560b0b
Reviewed-on: http://gerrit.openafs.org/5587
Reviewed-by: Derrick Brashear <shadow@dementix.org>
Tested-by: Derrick Brashear <shadow@dementix.org>
Remove the #ifdef's around the bos restricted mode code. This makes
restricted mode available as part of the standard build, but a server
will not go into restricted mode unless the relevant command line
options are specified, or bos setrestricted is run.
Document bos_setrestricted and bos_getrestricted, and the new
'-restricted' command line option. Add a note to the man pages of
all of the commands whose behaviour is affected by restricted mode.
Add 'setr' and 'getr' aliases for setrestart and getrestart so that
these documented shortcuts continue to work (otherwise they'd be
ambiguous against setrestricted and getrestricted). Note that
setre, setres, and setrest will not work once this patch is applied.
Change-Id: Ie69d21493ea5f78757f0a3d478de43fdaabd3c31
Reviewed-on: http://gerrit.openafs.org/1028
Reviewed-by: Michael Meffie <mmeffie@sinenomine.net>
Reviewed-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Andrew Deason <adeason@sinenomine.net>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
Remove the conditional and Autoconf flag for enabling BosConfig.new
handling and change bosserver to always rename BosConfig.new to BosConfig
on startup if the former exists.
Document BosConfig.new handling in the bosserver and BosConfig man pages.
Tone down the warning about the BosConfig file format changing and warn
that bosserver rewrites BosConfig when shutting down.
Reviewed-on: http://gerrit.openafs.org/211
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Tested-by: Derrick Brashear <shadow@dementia.org>
The original IBM HTML documentation had a table showing the permissions
that bosserver expects and sets when it creates the directory structure
for AFS. That table was accidentally dropped in the conversion to POD.
Restore it from the HTML shipped with an older version of OpenAFS.
Reviewed-on: http://gerrit.openafs.org/210
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
It was suggested that the auditlog option should not say there is one
record per RPC. In the future, there might be a need for multiple records
per RPC.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/229
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
The expanded auditlog explanation includes what information is recorded
in the auditlog.
LICENSE BSD
Reviewed-on: http://gerrit.openafs.org/213
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Adds support for sysv message queues for fileserver audit logs. This
also organizes the audit log code into various 'interfaces', of which
there are two: the original 'file' interface, and the 'sysvmq' interface
that this adds. The interface is configurable at runtime with the
-audit-interface switch.
FIXES 124674
Reviewed-on: http://gerrit.openafs.org/82
Tested-by: Andrew Deason <adeason@sinenomine.net>
Tested-by: Derrick Brashear <shadow@dementia.org>
Reviewed-by: Derrick Brashear <shadow@dementia.org>
Implement proper synopsis wrapping for HTML generation.
This was done in three pieces. First, add HTML-specific tags to the POD to
mark the synopsis for HTML purposes so that we can apply style information
to it. Second, update the style sheet to indent all lines except for the
first in the synopsis section. Third, add the appropriate S<> tags around
option and argument pairs so that we don't wrap between the option and its
argument.
Unfortunately, due to the <I<foo>> style that looks nicer for other reasons,
we have to use the very verbose S<<< >>>. Oh well.
This completes the initial editing pass of the section eight man pages.
Only small amounts of content editing has been done. Some known problems
have been noted in README, but there will doubtless be others, as well as
some lingering formatting problems. However, the quality should now be
good enough for general public review.
Some of the section eight man pages were really supposed to be section one,
the package apropros and package help commands are too useless to document,
and a few of the difficult-to-name section five man pages have now acquired
names.
This is the initial conversion of the AFS Adminstrators Reference into POD
for use as man pages. The man pages are now generated via pod2man from
regen.sh so that only those working from CVS have to have pod2man
available. The Makefile only installs. The pages have also been sorted
out into pod1, pod5, and pod8 directories, making conversion to the right
section of man page easier without maintaining a separate list and allowing
for names to be duplicated between pod5 and pod1 or pod8 (which will likely
be needed in a few cases).
This reconversion is done with a new script based on work by Chas Williams.
In some cases, the output is worse than the previous POD pages, but this is
a more comprehensive conversion.
This is only the first step, and this initial conversion has various
problems. In addition, the file man pages that didn't have simple names
have not been converted in this pass and will be added later. Some of the
man pages have syntax problems and all of them have formatting errors. The
next editing pass, coming shortly, will clean up most of the remaining
mess.
