Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
sac(1M)			System Administration Commands		       sac(1M)

NAME
       sac - service access controller

SYNOPSIS
       sac -t sanity_interval

       /usr/lib/saf/sac

DESCRIPTION
       The  Service  Access Controller (SAC) is	the overseer of	the server ma-
       chine. It is started when the server machine enters multiuser mode. The
       SAC performs several important functions	as explained below.

   Customizing the SAC Environment
       When  sac  is  invoked, it first	looks for the per-system configuration
       script /etc/saf/_sysconfig. sac interprets _sysconfig to	customize  its
       own  environment.  The  modifications  made  to	the SAC	environment by
       _sysconfig are inherited	by all the children of the SAC.	This inherited
       environment may be modified by the children.

   Starting Port Monitors
	After it has interpreted the _sysconfig	file, the sac reads its	admin-
       istrative file /etc/saf/_sactab.	_sactab	specifies which	port  monitors
       are  to	be  started.  For each port monitor to be started, sac forks a
       child (see fork(2)) and creates a utmpx entry with the type  field  set
       to  LOGIN_PROCESS. Each child then interprets its per-port monitor con-
       figuration script /etc/saf/pmtag/_config	, if the  file	exists.	 These
       modifications  to  the environment  affect the port monitor and will be
       inherited by all	its children. Finally, the  child  process  execs  the
       port  monitor,  using  the  command  found  in the _sactab entry.  (See
       sacadm; this is the command given with the -c option when the port mon-
       itor is added to	the system.)

   Polling Port	Monitors to Detect Failure
       The -t option sets the frequency	with which sac polls the port monitors
       on the system. This time	may also be thought of as half of the  maximum
       latency	required to detect that	a port monitor has failed and that re-
       covery action is	necessary.

   Administrative functions
       The Service Access Controller represents	the  administrative  point  of
       control	for  port monitors. Its	administrative tasks are explained be-
       low.

       When queried (sacadm with either	-l or -L),  the	 Service  Access  Con-
       troller	returns	 the  status   of  the	port monitors specified, which
       sacadm prints on	the standard output. A port monitor may	be in  one  of
       six states:

       ENABLED
	     The  port	monitor	 is currently running and is accepting connec-
	     tions. See	sacadm(1M) with	the -e option.

       DISABLED
	     The port monitor is currently running and is not  accepting  con-
	     nections.	See sacadm with	the -d option, and see NOTRUNNING, be-
	     low.

       STARTING
	     The port monitor is in the	process	of starting up.	STARTING is an
	     intermediate state	 on the	way to ENABLED or DISABLED.

       FAILED
	     The port monitor was unable to start and remain running.

       STOPPING
	     The  port	monitor	 has been manually terminated but has not com-
	     pleted its	shutdown procedure. STOPPING is	an intermediate	 state
	     on	the way	to NOTRUNNING.

       NOTRUNNING
	     The  port monitor is not currently	running. (See sacadm with -k.)
	     This is the normal	"not running" state. When a  port  monitor  is
	     killed,  all ports	it was monitoring are inaccessible.  It	is not
	     possible for an external user to tell whether a port is not being
	     monitored	or  the	 system	 is  down.  If the port	monitor	is not
	     killed but	is in the DISABLED state, it may be possible  (depend-
	     ing on the	port monitor being used) to write a message on the in-
	     accessible	port telling the user who is trying to access the port
	     that  it  is disabled. This is the	advantage of having a DISABLED
	     state as well as the NOTRUNNING state.

       When a port monitor terminates, the SAC removes	the  utmpx  entry  for
       that port monitor.

       The  SAC	 receives all requests to enable, disable, start, or stop port
       monitors	and  takes the appropriate action.

       The SAC is responsible for restarting  port  monitors  that  terminate.
       Whether or not the SAC will restart a given port	monitor	depends	on two
       things:

	  o  The restart count specified for the port monitor  when  the  port
	     monitor  was  added  by  sacadm;  this information	is included in
	     /etc/saf/pmtag/_sactab.

	  o  The number	of times the port monitor has already been restarted.

SECURITY
       sac uses	pam(3PAM) for session management.  The PAM configuration  pol-
       icy,  listed  through  /etc/pam.conf,  specifies	the session management
       module to be used for sac. Here is a partial pam.conf file with entries
       for sac using the UNIX session management module.

       sac  session   required	 pam_unix_session.so.1

       If  there  are no entries for the sac service, then the entries for the
       "other" service will be used.

OPTIONS
       -t sanity_interval
	     Sets the frequency	(sanity_interval) with	which  sac  polls  the
	     port monitors on the system.

FILES
       /etc/saf/_sactab

       /etc/saf/_sysconfig

       /var/adm/utmpx

       /var/saf/_log

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE	TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWcsu			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       pmadm(1M),  sacadm(1M),	fork(2)	pam(3PAM), pam.conf(4),	attributes(5),
       pam_authtok_check(5),	 pam_authtok_get(5),	 pam_authtok_store(5),
       pam_dhkeys(5),  pam_passwd_auth(5),  pam_unix(5),  pam_unix_account(5),
       pam_unix_auth(5), pam_unix_session(5)

NOTES
       The pam_unix(5) module might not	be supported in	a future release. Sim-
       ilar  functionality  is	provided  by  pam_authtok_check(5),  pam_auth-
       tok_get(5),  pam_authtok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5),
       pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.9			  11 Dec 2001			       sac(1M)

NAME | SYNOPSIS | DESCRIPTION | SECURITY | OPTIONS | FILES | ATTRIBUTES | SEE ALSO | NOTES

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=sac&sektion=1m&manpath=SunOS+5.9>

home | help