NAME¶
rootd - The ROOT file server daemon
SYNOPSIS¶
rootd [options]
DESCRIPTION¶
This manual page documents briefly the
rootd program.
rootd is a
ROOT remote file server daemon.
This small server is started either by
inetd(8) (or
xinetd(8))
when a client requests a connection to a
rootd server or by hand (i.e.
from the command line). The
rootd server works with the
ROOT
TNetFile,
TFTP and
TNetSystem classes. It allows access
to remote directories and
ROOT files in either read or write mode from
any
ROOT interactive session. By default rootd listens on port 1094,
assigned to it by IANA.
STARTING VIA (X)INETD¶
To run
rootd via
inetd(8) or
xinetd(8) the port 1094 must
be assigned to
rootd in
/etc/services; the following line should
be added, if not present:
If the system uses inetd, add the following line to
/etc/inetd.conf:
rootd stream tcp nowait root < bindir>/rootd rootd -i
where <
bindir> is the directory you have installed
rootd
in.
The
inetd(8) daemon must re-read its configuration file to become aware
of the new service. This can be done either by killing and restarting it
manually
or, if
SYSV init(8) scripts are used, by restarting it, e.g.
/etc/init.d/inetd restart
If the system uses
xinetd(8) instead, a file named 'rootd' should be
created under
/etc/xinetd.d with content:
# default: off
# description: The rootd daemon
#
service rootd
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = < bindir>/rootd
server_args = -i
}
where, again, <
bindir> is the directory you have installed
rootd in.
The
xinetd(8) daemon must be restarted:
/sbin/service xinetd restart
If you installed
ROOT using some pre-compiled package (for example a
Redhat Linux or a
Debian GNU/Linux package), this may already be
done for you.
The above configuration examples start the daemon with superuser privileges.
Please refer to the
inetd(8) or
xinetd(8) documentation for ways
of limiting the privileges.
STARTING BY HAND¶
You can also start
rootd by hand running directly under your private
account (no root system privileges needed). For example to start
rootd
listening on port 5151 just type:
Notice: no & is needed
rootd will go in background by itself.
ANONYMOUS LOGINS¶
rootd can also be configured for anonymous usage (like anonymous ftp). To
setup
rootd to accept anonymous logins do the following (while being
logged in as root):
- 1
- Add the following line to /etc/passwd:
rootd:*:71:72:Anonymous rootd:/var/spool/rootd:/bin/false
- where you may modify the uid, gid (71, 72) and the home
directory to suite your system.
- 2
- Add the following line to /etc/group:
- where the gid must match the gid in /etc/passwd
- 3
-
Create the directories:
/var/spool/rootd
mkdir /var/spool/rootd/tmp
chmod 777 /var/spool/rootd/tmp
- Where /var/spool/rootd must match the rootd
home directory as specified in the rootd /etc/passwd
entry.
- 4
- To make writable directories for anonymous do, for example:
mkdir /var/spool/rootd/pub
chown rootd:rootd /var/spool/rootd/pub
- That's all.
If you installed
ROOT using some pre-compiled package (for example a
Redhat Linux or a
Debian GNU/Linux package), this may already be
done for you.
Several remarks:
- *
- You can login to an anonymous server either with the names
anonymous or rootd.
- *
- The passwd should be of type user@host.domain Only
the @ is enforced for the time being.
- *
- In anonymous mode the top of the file tree is set to the
rootd home directory, therefore only files below the home directory
can be accessed.
- *
- Anonymous mode only works when the server is started via
inetd(8) or xinetd(8).
ABOUT PASSWORD AUTHENTICATION¶
In system using shadow passwords, full access to the password field of the user
information structure requires special privileges; this is typically granted
if rootd is started by
inetd(8) or
xinetd(8), as the in above
examples. If the daemon is started in unprivileged mode, either from a regular
account or by (x)inetd with reduced privileges, password-based authentication
require users to create a file $HOME/.rootdpass containing an encrypted
password (using
crypt(3)). The system tests the existence of this file
before checking the system password files. An encrypted password can be
created in the following way:
perl -e '$pw = crypt("<secretpasswd>","salt"); print "$pw0'
storing the output string in $HOME/.rootdpass .
If the $HOME/.rootdpass does not exists and the system password file cannot be
accessed, rootd attempts to run the authentication via an
sshd(8)
daemon.
OPTIONS¶
- -b <tcpwindowsize>
- specifies the tcp window size in bytes (e.g. see
http://www.psc.edu/networking/perf_tune.html). Default is 65535. Only
change default for pipes with a high bandwidth*delay product.
- -d <level>
- level of debug info written to syslogd 0 = no debug
(default), 1 = minimum, 2 = medium, 3 = maximum.
- -D <rootdaemonrc>
- read access rules from file <rootdaemonrc>. By
default <root_etc_dir>/system.rootdaemonrc is used for access rules;
for privately started daemons $HOME/.rootdaemonrc (if present) is read
first.
- -f
- run in the foreground (output on the window); useful for
debugging purposes.
- -i
- indicates that rootd was started by inetd(8)
or xinetd(8).
- -noauth
- do not require client authentication
- -p <port#>[-<port2#>]
- specifies the port number to listen on. Use port-port2 to
find the first available port in the indicated range. Use 0-N for range
relative to default service port.
- -r
- files can only be opened in read-only mode
- -s <sshd_port#>
- specifies the port number for the sshd daemon used for
authentication (default is 22).
- -T <tmpdir>
- specifies the directory path to be used to place temporary
files; default is /usr/tmp. Useful when running with limited
privileges.
- -w
- do not check /etc/hosts.equiv, $HOME/.rhosts for
password-based authentication; by default these files are checked first by
calling ruserok(...); if this option is specified a password is always
required.
SEE ALSO¶
root(1),
proofd(1),
system.rootdaemonrc(1)
For more information on the
ROOT system, please refer to
http://root.cern.ch
ORIGINAL AUTHORS¶
The ROOT team (see web page above):
Rene Brun and Fons
Rademakers
COPYRIGHT¶
This library is free software; you can redistribute it and/or modify it under
the terms of the GNU Lesser General Public License as published by the Free
Software Foundation; either version 2.1 of the License, or (at your option)
any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
details.
You should have received a copy of the GNU Lesser General Public License along
with this library; if not, write to the Free Software Foundation, Inc., 51
Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
AUTHOR¶
This manual page was originally written by Christian Holm Christensen
<cholm@nbi.dk>, for the Debian GNU/Linux system and ROOT version 3. It
has been modified by G. Ganis <g.ganis@cern.ch> to document new features
included in ROOT version 4.