Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
BOSSERVER(8)		     AFS Command Reference		  BOSSERVER(8)

NAME
       bosserver - Initializes the BOS Server

SYNOPSIS
       bosserver
	   [-noauth]
	   [-log]
	   [-enable_peer_stats]
	   [-auditlog <log path>]
	   [-audit-interface ( file | sysvmq )]
	   [-enable_process_stats]
	   [-allow-dotted-principals]
	   [-cores[=none|<path>]]
	   [-restricted]
	   [-rxmaxmtu <bytes>]
	   [-rxbind]
	   [-syslog[=<facility>]>]
	   [-pidfiles[=<path>]]
	   [-nofork]
	   [-help]

DESCRIPTION
       The bosserver command initializes the Basic OverSeer (BOS) Server
       (bosserver process). In the conventional	configuration, the binary file
       is located in the /usr/local/libexec/openafs directory on a file	server
       machine.

       The BOS Server must run on every	file server machine and	helps to
       automate	file server administration by performing the following tasks:

       o   Monitors the	other AFS server processes on the local	machine, to
	   make	sure they are running correctly.

       o   Automatically restarts failed processes, without contacting a human
	   operator. When restarting multiple server processes simultaneously,
	   the BOS Server takes	interdependencies into account and initiates
	   restarts in the correct order.

       o   Processes commands from the bos suite that administrators issue to
	   verify the status of	server processes, install and start new
	   processes, stop processes either temporarily	or permanently,	and
	   restart halted processes.

       o   Manages system configuration	information: the files that list the
	   cell's server encryption keys, database server machines, and	users
	   privileged to issue commands	from the bos and vos suites.

       The BOS Server is configured via	the BosConfig configuration file.
       Normally, this file is managed via the bos command suite	rather than
       edited directly.	 See the BosConfig(5) man page for the syntax of this
       file.

       The BOS Server will rewrite BosConfig when shutting down, so changes
       made manually to	it will	be discarded.  Instead,	to change the BOS
       Server configuration only for the next restart of bosserver, create a
       file named /usr/local/etc/openafs/BosConfig.new.	 If BosConfig.new
       exists when bosserver starts, it	is renamed to
       /usr/local/etc/openafs/BosConfig, removing any existing file by that
       name, before bosserver reads its	configuration.

       The BOS Server logs a default set of important events in	the file
       /var/openafs/logs/BosLog. To record the name of any user	who performs a
       privileged bos command (one that	requires being listed in the
       /usr/local/etc/openafs/server/UserList file), add the -log flag.	To
       display the contents of the BosLog file,	use the	bos getlog command.

       The first time that the BOS Server initializes on a server machine, it
       creates several files and subdirectories	in the local /usr/afs
       directory, and sets their mode bits to protect them from	unauthorized
       access. Each time it restarts, it checks	that the mode bits still
       comply with the settings	listed in the following	chart. A question mark
       indicates that the BOS Server initially turns off the bit (sets it to
       the hyphen), but	does not check it at restart.

	  /usr/afs		drwxr?xr-x
	  /var/openafs/backup	    drwx???---
	  /usr/local/libexec/openafs	      drwxr?xr-x
	  /var/openafs/db	    drwx???---
	  /usr/local/etc/openafs/server		 drwxr?xr-x
	  /usr/local/etc/openafs/server/KeyFile	 -rw????---
	  /usr/local/etc/openafs/server/UserList -rw?????--
	  /var/openafs	      drwx???---
	  /var/openafs/logs	    drwxr?xr-x

       If the mode bits	do not comply, the BOS Server writes the following
       warning to the BosLog file:

	  Bosserver reports inappropriate access on server directories

       However,	the BOS	Server does not	reset the mode bits, so	the
       administrator can set them to alternate values if desired (with the
       understanding that the warning message then appears at startup).

       This command does not use the syntax conventions	of the AFS command
       suites. Provide the command name	and all	option names in	full.

OPTIONS
       -noauth
	   Assigns the unprivileged identity "anonymous" to the	issuer,	which
	   is useful only when authorization checking is disabled on the
	   server machine (for instance, during	the installation of a file
	   server machine.)

       -log
	   Records in the /var/openafs/logs/BosLog file	the names of all users
	   who successfully issue a privileged bos command (one	that requires
	   being listed	in the /usr/local/etc/openafs/server/UserList file).

       -cores=none|<path>
	   The argument	none turns off core file generation. Otherwise,	the
	   argument is a path where core files will be stored.

       -auditlog <log path>
	   Turns on audit logging, and sets the	path for the audit log.	 The
	   audit log records information about RPC calls, including the	name
	   of the RPC call, the	host that submitted the	call, the
	   authenticated entity	(user) that issued the call, the parameters
	   for the call, and if	the call succeeded or failed.

       -audit-interface	(file |	sysvmq)
	   Specifies what audit	interface to use. Defaults to "file". See
	   fileserver(8) for an	explanation of each interface.

       -enable_peer_stats
	   Activates the collection of Rx statistics and allocates memory for
	   their storage. For each connection with a specific UDP port on
	   another machine, a separate record is kept for each type of RPC
	   (FetchFile, GetStatus, and so on) sent or received. To display or
	   otherwise access the	records, use the Rx Monitoring API.

       -enable_process_stats
	   Activates the collection of Rx statistics and allocates memory for
	   their storage. A separate record is kept for	each type of RPC
	   (FetchFile, GetStatus, and so on) sent or received, aggregated over
	   all connections to other machines. To display or otherwise access
	   the records,	use the	Rx Monitoring API.

       -allow-dotted-principals
	   By default, the RXKAD security layer	will disallow access by
	   Kerberos principals with a dot in the first component of their
	   name. This is to avoid the confusion	where principals user/admin
	   and user.admin are both mapped to the user.admin PTS	entry. Sites
	   whose Kerberos realms don't have these collisions between principal
	   names may disable this check	by starting the	server with this
	   option.

       -restricted
	   In normal operation,	the bos	server allows a	super user to run any
	   command.  When the bos server is running in restricted mode (either
	   due to this command line flag, or when configured by
	   bos_setrestricted(8)) a number of commands are unavailable. Note
	   that	this flag persists across reboots.  Once a server has been
	   placed in restricted	mode, it can only be opened up by sending the
	   SIGFPE signal.

       -rxmaxmtu <bytes>
	   Sets	the maximum transmission unit for the RX protocol.

       -rxbind
	   Bind	the Rx socket to the primary interface only.  If not
	   specified, the Rx socket will listen	on all interfaces.

       -syslog[=<facility>]>
	   Specifies that logging output should	go to syslog instead of	the
	   normal log file.  -syslog=facility can be used to specify to	which
	   facility the	log message should be sent.

       -pidfiles[=<path>]
	   Create a one-line file containing the process id (pid) for each
	   non-cron process started by the BOS Server.	This file is removed
	   by the BOS Server when the process exits.  The optional <path>
	   argument specifies the path where the pid files are to be created.
	   The default location	is "/var/openafs".

	   The name of the pid files for "simple" BOS Server process types are
	   the BOS Server instance name	followed by ".pid".

	   The name of the pid files for "fs" and "dafs" BOS Server process
	   types are the BOS Server type name, "fs" or "dafs", followed	by the
	   BOS Server core name	of the process,	followed by ".pid".  The pid
	   file	name for the "fileserver" process is "fs.file.pid". The	pid
	   file	name for the "volserver" is "fs.vol.pid".

	   BOS Server instance names are specfied using	the bos	create
	   command.  See bos_create for	a description of the BOS Server
	   process types and instance names.

       -nofork
	   Run the BOS Server in the foreground. By default, the BOS Server
	   process will	fork and detach	the stdio, stderr, and stdin streams.

       -help
	   Prints the online help for this command. All	other valid options
	   are ignored.

EXAMPLES
       The following command initializes the BOS Server	and logs the names of
       users who issue privileged bos commands.

	  % bosserver -log

PRIVILEGE REQUIRED
       The issuer most be logged onto a	file server machine as the local
       superuser "root".

SEE ALSO
       BosConfig(5), BosLog(5),	bos(8),	bos_create(8), bos_exec(8),
       bos_getlog(8), bos_getrestart(8), bos_restart(8), bos_setrestricted(8),
       bos_shutdown(8),	bos_start(8), bos_startup(8), bos_status(8),
       bos_stop(8)

COPYRIGHT
       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-14			  BOSSERVER(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | PRIVILEGE REQUIRED | SEE ALSO | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=bosserver&sektion=8&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help