.\" .\" $Id: rootd.1,v 1.3 2005/03/21 21:42:21 rdm Exp $ .\" .TH ROOTD 1 "Version 4" "ROOT" .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection .\" other parms are allowed: see man(7), man(1) .SH NAME rootd \- The ROOT file server daemon .SH SYNOPSIS .B rootd .I "[options]" .SH "DESCRIPTION" This manual page documents briefly the .BR rootd program. .PP .B rootd is a .B ROOT remote file server daemon. .PP This small server is started either by \fIinetd\fR(8) (or \fIxinetd\fR(8)) when a client requests a connection to a \fIrootd\fR server or by hand (i.e. from the command line). The \fIrootd\fR server works with the \fBROOT\fR \fITNetFile\fR, \fITFTP\fR and \fITNetSystem\fR classes. It allows access to remote directories and \fBROOT\fR files in either read or write mode from any \fBROOT\fR interactive session. By default \fRrootd\fR listens on port 1094, assigned to it by IANA. .SH "STARTING VIA (X)INETD" To run \fIrootd\fR via \fIinetd\fR(8) or \fIxinetd\fR(8) the port 1094 must be assigned to \fIrootd\fR in \fI/etc/services\fR; the following line should be added, if not present: .sp 1 .RS .nf rootd 1094/tcp .fi .RE .sp 1 If the system uses inetd, add the following line to \fI/etc/inetd.conf\fR: .sp 1 .RS .nf rootd stream tcp nowait root <\fIbindir\fR>/rootd rootd \-i .fi .RE .sp 1 where <\fIbindir\fR> is the directory you have installed \fIrootd\fR in. .PP The \fIinetd\fR(8) daemon must re-read its configuration file to become aware of the new service. This can be done either by killing and restarting it manually .sp 1 .RS .nf kill \-HUP .fi .RE .sp 1 or, if \fBSYSV\fR \fIinit\fR(8) scripts are used, by restarting it, e.g. .sp 1 .RS .nf /etc/init.d/inetd restart .fi .RE .sp 1 .PP If the system uses \fIxinetd\fR(8) instead, a file named 'rootd' should be created under \fI/etc/xinetd.d\fR with content: .RS .nf # default: off # description: The rootd daemon # service rootd { disable = no flags = REUSE socket_type = stream wait = no user = root server = <\fIbindir\fR>/rootd server_args = \-i } .fi .RE .sp 1 where, again, <\fIbindir\fR> is the directory you have installed \fIrootd\fR in. .PP The \fIxinetd\fR(8) daemon must be restarted: .sp 1 .RS .nf /sbin/service xinetd restart .fi .RE .PP If you installed \fBROOT\fR using some pre-compiled package (for example a \fBRedhat Linux\fR or a \fBDebian GNU/Linux\fR package), this may already be done for you. .PP The above configuration examples start the daemon with superuser privileges. Please refer to the \fIinetd\fR(8) or \fIxinetd\fR(8) documentation for ways of limiting the privileges. .SH "STARTING BY HAND" You can also start \fIrootd\fR by hand running directly under your private account (no root system privileges needed). For example to start \fIrootd\fR listening on port 5151 just type: .sp 1 .RS .nf rootd \-p 5151 .fi .RE .sp 1 \fBNotice\fR: no & is needed \fIrootd\fR will go in background by itself. .SH "ANONYMOUS LOGINS" \fIrootd\fR can also be configured for anonymous usage (like anonymous ftp). To setup \fIrootd\fR to accept anonymous logins do the following (while being logged in as root): .IP 1 Add the following line to /etc/passwd: .sp 1 .RS 10 .nf rootd:*:71:72:Anonymous rootd:/var/spool/rootd:/bin/false .fi .RE .IP where you may modify the uid, gid (71, 72) and the home directory to suite your system. .IP 2 Add the following line to /etc/group: .sp 1 .RS 10 .nf rootd:*:72:rootd .fi .RE .IP where the gid must match the gid in .I /etc/passwd .IP 3 Create the directories: .sp 1 .RS 10 .nf /var/spool/rootd mkdir /var/spool/rootd/tmp chmod 777 /var/spool/rootd/tmp .fi .RE .IP Where .I /var/spool/rootd must match the .B rootd home directory as specified in the .B rootd .I /etc/passwd entry. .IP 4 To make writable directories for anonymous do, for example: .sp 1 .RS 10 .nf mkdir /var/spool/rootd/pub chown rootd:rootd /var/spool/rootd/pub .fi .RE .sp 1 .IP That's all. .PP If you installed \fBROOT\fR using some pre-compiled package (for example a \fBRedhat Linux\fR or a \fBDebian GNU/Linux\fR package), this may already be done for you. .PP Several remarks: .TP .B * You can login to an anonymous server either with the names .I anonymous or .I rootd. .TP .B * The passwd should be of type .I user@host.domain Only the @ is enforced for the time being. .TP .B * In anonymous mode the top of the file tree is set to the .B rootd home directory, therefore only files below the home directory can be accessed. .TP .B * Anonymous mode only works when the server is started via \fRinetd(8)\fR or \fRxinetd(8)\fR. .SH "ABOUT PASSWORD AUTHENTICATION" In system using shadow passwords, full access to the password field of the user information structure requires special privileges; this is typically granted if \fRrootd\fR is started by \fIinetd(8)\fR or \fIxinetd(8)\fR, as the in above examples. If the daemon is started in unprivileged mode, either from a regular account or by (x)inetd with reduced privileges, password-based authentication require users to create a file $HOME/.rootdpass containing an encrypted password (using \fIcrypt\fR(3)). The system tests the existence of this file before checking the system password files. An encrypted password can be created in the following way: .sp 1 .RS .nf perl \-e '$pw = crypt("","salt"); print "$pw\n"' .fi .RE .sp 1 storing the output string in $HOME/.rootdpass . .PP If the $HOME/.rootdpass does not exists and the system password file cannot be accessed, rootd attempts to run the authentication via an \fIsshd\fR(8) daemon. .SH OPTIONS .\" .TP .\" \fB-?\fR .\" Show summary of options. .TP \fB-b\fR <\fItcpwindowsize\fR> specifies the tcp window size in bytes (e.g. see http://www.psc.edu/networking/perf_tune.html). Default is 65535. Only change default for pipes with a high bandwidth*delay product. .TP \fB-d\fR <\fIlevel\fR> level of debug info written to syslogd 0 = no debug (default), 1 = minimum, 2 = medium, 3 = maximum. .TP \fB-D\fR <\fIrootdaemonrc\fR> read access rules from file . By default /system.rootdaemonrc is used for access rules; for privately started daemons $HOME/.rootdaemonrc (if present) is read first. .TP \fB-f\fR run in the foreground (output on the window); useful for debugging purposes. .TP \fB-i\fR indicates that \fIrootd\fR was started by \fIinetd\fR(8) or \fIxinetd\fR(8). .TP \fB-noauth\fR do not require client authentication .TP \fB-p\fR <\fIport#\fR>[-<\fIport2#\fR>] specifies the port number to listen on. Use port-port2 to find the first available port in the indicated range. Use 0-N for range relative to default service port. .TP \fB-r\fR files can only be opened in read-only mode .TP \fB-s\fR <\fIsshd_port#\fR> specifies the port number for the sshd daemon used for authentication (default is 22). .TP \fB-T\fR <\fItmpdir\fR> specifies the directory path to be used to place temporary files; default is /usr/tmp. Useful when running with limited privileges. .TP \fB-w\fR do not check /etc/hosts.equiv, $HOME/.rhosts for password-based authentication; by default these files are checked first by calling ruserok(...); if this option is specified a password is always required. .SH "SEE ALSO" \fIroot\fR(1), \fIproofd\fR(1), \fIsystem.rootdaemonrc\fR(1) .PP For more information on the \fBROOT\fR system, please refer to .UR http://root.cern.ch/ .I http://root.cern.ch .UE .SH "ORIGINAL AUTHORS" The ROOT team (see web page above): .RS .B Rene Brun and .B Fons Rademakers .RE .SH "COPYRIGHT" This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. .P This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. .P You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA .SH AUTHOR This manual page was originally written by Christian Holm Christensen , for the Debian GNU/Linux system and ROOT version 3. It has been modified by G. Ganis to document new features included in ROOT version 4. .\" .\" $Log: rootd.1,v $ .\" Revision 1.3 2005/03/21 21:42:21 rdm .\" From Christian Holm Christensen: .\" * New Debian and RedHat rpm packaging scripts. .\" * Added a description to `build/package/debian/README.Debian' on .\" how to add a new package. It's not that complicated so it .\" should be a simple thing to add a new package, even for some .\" with little or no experience with RPMs or DEBs. .\" * When searching for the Oracle client libraries, I added the .\" directories `/usr/lib/oracle/*/client/lib' and .\" `/usr/include/oracle/*/client' - as these are the paths that the .\" RPMs install into. .\" * I added the packages `root-plugin-krb5' and .\" `root-plugin-oracle'. .\" * The library `libXMLIO' is in `libroot'. .\" * The package `root-plugin-xml' contains the XML parser. .\" * I fixed an cosmetic error in `build/misc/root.m4'. The .\" definition of `ROOT_PATH' should be quoted, otherwise aclocal .\" will complain. .\" * In the top-level `Makefile' I pass an additional argument to .\" `makecintdlls' - namely `$(ROOTCINTTMP)'. In `makecintdlls' I .\" use that argument to make the various dictionaries for .\" `lib...Dict.so'. Originally, the script used plain `rootcint'. .\" However, as `rootcint' may not be in the path yet, or the one in .\" the path may be old, this failed. Hence, I use what we know is .\" there - namely the newly build `rootcint_tmp'. BTW, what are .\" these shared libraries, and where do they belong? I guess they .\" are specific to ROOT, and not used by plain `CINT'. For now, I .\" put them in `libroot'. .\" * Made the two `virtual' packages `root-db-client' - provided the .\" DB plugins, and `root-fitter' provided by `root-plugin-minuit' .\" and `root-plugin-fumili'. Note, the virtual package .\" `root-file-server' provided by `root-rootd' and `root-xrootd' .\" already existed in the previous patch. .\" * Note, I added the directory `build/package/debian/po' which is .\" for translations of DebConf templates. DebConf is Debians very .\" advanced package configuration interface. It presents the user .\" with a set of questions in some sort of `GUI' based on how much .\" the user would like to change. These `dialogs' can be .\" translated quite easily. As an example, I translated the .\" questions used by the `ttf-root-installer' package into Danish. .\" I'm sure someone can translate them into German, French, .\" Italien, Spanish, and so on. .\" .\" Revision 1.2 2004/12/15 12:37:43 rdm .\" From Gerri: .\" 1) New files: .\" .1 build/package/rpm/root-rootd.spec.in .\" .\" skeleton for the rootd RPM specs file .\" .\" .2 build/package/common/root-rootd.dscr .\" .\" short and long descriptions used in the previous file .\" .\" .3 config/rootd.in .\" .\" Skeleton for the startup script to be created under etc; the .\" variable which depends on the configuration directives is .\" the location of the executable to run (i.e the installation .\" prefix). This file is to be moved to /etc/rc.d/init.d/ on RH .\" (or equivalent position on other versions of Linux). .\" .\" .4 man/man1/system.rootdaemonrc.1 .\" .\" man page for system.rootdaemonrc and related files .\" .\" .\" 2) Patched files: .\" .\" .1 Makefile .\" .\" add new target 'rootdrpm' with the rules to create the specs file .\" .\" .2 configure .\" .\" add creation of etc/rootd from the skeleton in config/rootd.in .\" .\" .3 config/Makefile.in .\" .\" add variable ROOTDRPMREL with the RPM release version (default 1); .\" this can be changed on command line whn creating the spec file .\" .\" .4 config/rootdaemonrc.in .\" .\" update fir 'sockd' and correct a few typos .\" .\" .5 man/man1/rootd.1 .\" .\" significant updates; typo corrections .\" .\" Revision 1.1 2001/08/15 13:30:48 rdm .\" move man files to new subdir man1. This makes it possible to add .\" $ROOTSYS/man to MANPATH and have "man root" work. .\" .\" Revision 1.1 2000/12/08 17:41:01 rdm .\" man pages of all ROOT executables provided by Christian Holm. .\" .\"