.\" Automatically generated by Pod::Man 4.10 (Pod::Simple 3.35) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is >0, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .\" .\" Avoid warning from groff about undefined register 'F'. .de IX .. .nr rF 0 .if \n(.g .if rF .nr rF 1 .if (\n(rF:(\n(.g==0)) \{\ . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "BOSSERVER 8" .TH BOSSERVER 8 "2021-01-27" "OpenAFS" "AFS Command Reference" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" bosserver \- Initializes the BOS Server .SH "SYNOPSIS" .IX Header "SYNOPSIS" \&\fBbosserver\fR [\fB\-noauth\fR] [\fB\-log\fR] [\fB\-enable_peer_stats\fR] [\fB\-auditlog\fR\ <\fIlog\ path\fR>] [\fB\-audit\-interface\fR\ (\ file\ |\ sysvmq\ )] [\fB\-enable_process_stats\fR] [\fB\-allow\-dotted\-principals\fR] [\fB\-cores\fR[=none|<\fIpath\fR>]] [\fB\-restricted\fR] [\fB\-rxmaxmtu\fR\ <\fIbytes\fR>] [\fB\-rxbind\fR] [\fB\-syslog\fR[=<\fIfacility\fR>]>] [\fB\-transarc\-logs\fR] [\fB\-pidfiles\fR[=<\fIpath\fR>]] [\fB\-nofork\fR] [\fB\-help\fR] .SH "DESCRIPTION" .IX Header "DESCRIPTION" The bosserver command initializes the Basic OverSeer (\s-1BOS\s0) Server (\fBbosserver\fR process). In the conventional configuration, the binary file is located in the \fI/usr/lib/openafs\fR directory on a file server machine. .PP The \s-1BOS\s0 Server must run on every file server machine and helps to automate file server administration by performing the following tasks: .IP "\(bu" 4 Monitors the other \s-1AFS\s0 server processes on the local machine, to make sure they are running correctly. .IP "\(bu" 4 Automatically restarts failed processes, without contacting a human operator. When restarting multiple server processes simultaneously, the \&\s-1BOS\s0 Server takes interdependencies into account and initiates restarts in the correct order. .IP "\(bu" 4 Processes commands from the bos suite that administrators issue to verify the status of server processes, install and start new processes, stop processes either temporarily or permanently, and restart halted processes. .IP "\(bu" 4 Manages system configuration information: the files that list the cell's server encryption keys, database server machines, and users privileged to issue commands from the \fBbos\fR and \fBvos\fR suites. .PP The \s-1BOS\s0 Server is configured via the \fIBosConfig\fR configuration file. Normally, this file is managed via the \fBbos\fR command suite rather than edited directly. See the \fBBosConfig\fR\|(5) man page for the syntax of this file. .PP The \s-1BOS\s0 Server will rewrite \fBBosConfig\fR when shutting down, so changes made manually to it will be discarded. Instead, to change the \s-1BOS\s0 Server configuration only for the next restart of \fBbosserver\fR, create a file named \fI/etc/openafs/BosConfig.new\fR. If \fBBosConfig.new\fR exists when \&\fBbosserver\fR starts, it is renamed to \fI/etc/openafs/BosConfig\fR, removing any existing file by that name, before \fBbosserver\fR reads its configuration. .PP The \s-1BOS\s0 Server logs a default set of important events in the file \&\fI/var/log/openafs/BosLog\fR. To record the name of any user who performs a privileged \fBbos\fR command (one that requires being listed in the \&\fI/etc/openafs/server/UserList\fR file), add the \fB\-log\fR flag. To display the contents of the \fBBosLog\fR file, use the \fBbos getlog\fR command. .PP The first time that the \s-1BOS\s0 Server initializes on a server machine, it creates several files and subdirectories in the local \fI/usr/afs\fR directory, and sets their mode bits to protect them from unauthorized access. Each time it restarts, it checks that the mode bits still comply with the settings listed in the following chart. A question mark indicates that the \s-1BOS\s0 Server initially turns off the bit (sets it to the hyphen), but does not check it at restart. .PP .Vb 9 \& /usr/afs drwxr?xr\-x \& /var/lib/openafs/backup drwx???\-\-\- \& /usr/lib/openafs drwxr?xr\-x \& /var/lib/openafs/db drwx???\-\-\- \& /etc/openafs/server drwxr?xr\-x \& /etc/openafs/server/KeyFile \-rw????\-\-\- \& /etc/openafs/server/UserList \-rw?????\-\- \& /var/lib/openafs/local drwx???\-\-\- \& /var/log/openafs drwxr?xr\-x .Ve .PP If the mode bits do not comply, the \s-1BOS\s0 Server writes the following warning to the \fIBosLog\fR file: .PP .Vb 1 \& Bosserver reports inappropriate access on server directories .Ve .PP However, the \s-1BOS\s0 Server does not reset the mode bits, so the administrator can set them to alternate values if desired (with the understanding that the warning message then appears at startup). .PP This command does not use the syntax conventions of the \s-1AFS\s0 command suites. Provide the command name and all option names in full. .SH "OPTIONS" .IX Header "OPTIONS" .IP "\fB\-noauth\fR" 4 .IX Item "-noauth" Turns off all authorization checks, and allows all connecting users to act as administrators, even unauthenticated users. The use of this option is inherently insecure, and should only be used in controlled environments for experimental or debug purposes. See \fBNoAuth\fR\|(5). .IP "\fB\-log\fR" 4 .IX Item "-log" Records in the \fI/var/log/openafs/BosLog\fR file the names of all users who successfully issue a privileged \fBbos\fR command (one that requires being listed in the \fI/etc/openafs/server/UserList\fR file). .IP "\fB\-cores=\fRnone|<\fIpath\fR>" 4 .IX Item "-cores=none|" The argument none turns off core file generation. Otherwise, the argument is a path where core files will be stored. .IP "\fB\-auditlog\fR <\fIlog path\fR>" 4 .IX Item "-auditlog " Turns on audit logging, and sets the path for the audit log. The audit log records information about \s-1RPC\s0 calls, including the name of the \s-1RPC\s0 call, the host that submitted the call, the authenticated entity (user) that issued the call, the parameters for the call, and if the call succeeded or failed. .IP "\fB\-audit\-interface\fR (file | sysvmq)" 4 .IX Item "-audit-interface (file | sysvmq)" Specifies what audit interface to use. Defaults to \f(CW\*(C`file\*(C'\fR. See \&\fBfileserver\fR\|(8) for an explanation of each interface. .IP "\fB\-enable_peer_stats\fR" 4 .IX Item "-enable_peer_stats" Activates the collection of Rx statistics and allocates memory for their storage. For each connection with a specific \s-1UDP\s0 port on another machine, a separate record is kept for each type of \s-1RPC\s0 (FetchFile, GetStatus, and so on) sent or received. To display or otherwise access the records, use the Rx Monitoring \s-1API.\s0 .IP "\fB\-enable_process_stats\fR" 4 .IX Item "-enable_process_stats" Activates the collection of Rx statistics and allocates memory for their storage. A separate record is kept for each type of \s-1RPC\s0 (FetchFile, GetStatus, and so on) sent or received, aggregated over all connections to other machines. To display or otherwise access the records, use the Rx Monitoring \s-1API.\s0 .IP "\fB\-allow\-dotted\-principals\fR" 4 .IX Item "-allow-dotted-principals" By default, the \s-1RXKAD\s0 security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid the confusion where principals user/admin and user.admin are both mapped to the user.admin \s-1PTS\s0 entry. Sites whose Kerberos realms don't have these collisions between principal names may disable this check by starting the server with this option. .IP "\fB\-restricted\fR" 4 .IX Item "-restricted" In normal operation, the bos server allows a super user to run any command. When the bos server is running in restricted mode (either due to this command line flag, or when configured by \fBbos_setrestricted\fR\|(8)) a number of commands are unavailable. Note that this flag persists across reboots. Once a server has been placed in restricted mode, it can only be opened up by sending the \s-1SIGFPE\s0 signal. .IP "\fB\-rxmaxmtu\fR <\fIbytes\fR>" 4 .IX Item "-rxmaxmtu " Sets the maximum transmission unit for the \s-1RX\s0 protocol. .IP "\fB\-rxbind\fR" 4 .IX Item "-rxbind" Bind the Rx socket to the primary interface only. If not specified, the Rx socket will listen on all interfaces. .IP "\fB\-syslog\fR[=<\fIfacility\fR>]>" 4 .IX Item "-syslog[=]>" Specifies that logging output should go to syslog instead of the normal log file. \fB\-syslog\fR=\fIfacility\fR can be used to specify to which facility the log message should be sent. .IP "\fB\-transarc\-logs\fR" 4 .IX Item "-transarc-logs" Use Transarc style logging features. Rename the existing log file \&\fI/var/log/openafs/BosLog\fR to \fI/var/log/openafs/BosLog.old\fR when the bos server is restarted. This option is provided for compatibility with older versions. .IP "\fB\-pidfiles\fR[=<\fIpath\fR>]" 4 .IX Item "-pidfiles[=]" Create a one-line file containing the process id (pid) for each non-cron process started by the \s-1BOS\s0 Server. This file is removed by the \s-1BOS\s0 Server when the process exits. The optional <\fIpath\fR> argument specifies the path where the pid files are to be created. The default location is \f(CW\*(C`/var/lib/openafs/local\*(C'\fR. .Sp The name of the pid files for \f(CW\*(C`simple\*(C'\fR \s-1BOS\s0 Server process types are the \s-1BOS\s0 Server instance name followed by \f(CW\*(C`.pid\*(C'\fR. .Sp The name of the pid files for \f(CW\*(C`fs\*(C'\fR and \f(CW\*(C`dafs\*(C'\fR \s-1BOS\s0 Server process types are the \s-1BOS\s0 Server type name, \f(CW\*(C`fs\*(C'\fR or \f(CW\*(C`dafs\*(C'\fR, followed by the \s-1BOS\s0 Server core name of the process, followed by \f(CW\*(C`.pid\*(C'\fR. The pid file name for the \&\f(CW\*(C`fileserver\*(C'\fR process is \f(CW\*(C`fs.file.pid\*(C'\fR. The pid file name for the \f(CW\*(C`volserver\*(C'\fR is \f(CW\*(C`fs.vol.pid\*(C'\fR. .Sp \&\s-1BOS\s0 Server instance names are specfied using the \fBbos create\fR command. See bos_create for a description of the \s-1BOS\s0 Server process types and instance names. .IP "\fB\-nofork\fR" 4 .IX Item "-nofork" Run the \s-1BOS\s0 Server in the foreground. By default, the \s-1BOS\s0 Server process will fork and detach the stdio, stderr, and stdin streams. .IP "\fB\-help\fR" 4 .IX Item "-help" Prints the online help for this command. All other valid options are ignored. .SH "EXAMPLES" .IX Header "EXAMPLES" The following command initializes the \s-1BOS\s0 Server and logs the names of users who issue privileged \fBbos\fR commands. .PP .Vb 1 \& % bosserver \-log .Ve .SH "PRIVILEGE REQUIRED" .IX Header "PRIVILEGE REQUIRED" The issuer most be logged onto a file server machine as the local superuser \f(CW\*(C`root\*(C'\fR. .SH "SEE ALSO" .IX Header "SEE ALSO" \&\fBBosConfig\fR\|(5), \&\fBBosLog\fR\|(5), \&\fBbos\fR\|(8), \&\fBbos_create\fR\|(8), \&\fBbos_exec\fR\|(8), \&\fBbos_getlog\fR\|(8), \&\fBbos_getrestart\fR\|(8), \&\fBbos_restart\fR\|(8), \&\fBbos_setrestricted\fR\|(8), \&\fBbos_shutdown\fR\|(8), \&\fBbos_start\fR\|(8), \&\fBbos_startup\fR\|(8), \&\fBbos_status\fR\|(8), \&\fBbos_stop\fR\|(8) .SH "COPYRIGHT" .IX Header "COPYRIGHT" \&\s-1IBM\s0 Corporation 2000. All Rights Reserved. .PP This documentation is covered by the \s-1IBM\s0 Public License Version 1.0. It was converted from \s-1HTML\s0 to \s-1POD\s0 by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.