NAME

bosserver - Initializes the BOS Server

SYNOPSIS

bosserver [-noauth] [-enable_peer_stats] [-auditlog [<log path> | yes | on]] [-audit-interface ( file | syslog | sysvmq )] [-enable_process_stats] [-allow-dotted-principals] [-cores[=none|<path>]] [-coreonkill] [-gcoreonshutdown] [-restricted] [-restricted_query (anyuser | admin)] [-rxmaxmtu <bytes>] [-rxwindow <packets>] [-rxbind] [-syslog[=<facility>]>] [-pidfiles[=<path>]] [-nofork] [-verbose] [-config <configuration file>] [-help]

DESCRIPTION

The bosserver command initializes the Basic OverSeer (BOS) Server (bosserver process). In the conventional configuration, the binary file is located in the /usr/local/libexec/yfs directory on a file server machine.

The BOS Server must run on every file server machine and helps to automate file server administration by performing the following tasks:

The BOS Server is configured via the BosConfig configuration file. Normally, this file is managed via the bos command suite rather than edited directly. See the BosConfig(5) man page for the syntax of this file.

The BOS Server will rewrite BosConfig when shutting down, so changes made manually to it will be discarded. Instead, to change the BOS Server configuration only for the next restart of bosserver, create a file named /etc/yfs/server/BosConfig.new. If BosConfig.new exists when bosserver starts, it is renamed to /etc/yfs/server/BosConfig, removing any existing file by that name, before bosserver reads its configuration.

The BOS Server logs a default set of important events in the file /var/log/yfs/BosLog. To display the contents of the BosLog file, use the bos getlog command.

The first time that the BOS Server initializes on a server machine, it creates several files and subdirectories in the local /usr/afs directory, and sets their mode bits to protect them from unauthorized access. Each time it restarts, it checks that the mode bits still comply with the settings listed in the following chart. A question mark indicates that the BOS Server initially turns off the bit (sets it to the hyphen), but does not check it at restart.

   /usr/afs              drwxr?xr-x
   /Library/Auristor/Tools/var/yfs/backup       drwx???---
   /usr/local/libexec/yfs          drwxr?xr-x
   /etc/yfs           drwx???---
   /etc/yfs/server          drwxr?xr-x
   /etc/yfs/server/KeyFileExt  -rw????---
   /etc/yfs/server/UserListExt -rw?????--
   /var/yfs        drwx???---
   /var/log/yfs         drwxr?xr-x

If the mode bits do not comply, the BOS Server writes the following warning to the BosLog file:

   Bosserver reports inappropriate access on server directories

However, the BOS Server does not reset the mode bits, so the administrator can set them to alternate values if desired (with the understanding that the warning message then appears at startup).

This command does not use the syntax conventions of the AFS command suites. Provide the command name and all option names in full.

OPTIONS

-noauth

Turns off all authorization checks, and allows all connecting users to act as administrators, even unauthenticated users. The use of this option is inherently insecure, and should only be used in controlled environments for experimental or debug purposes. See NoAuth(5).

-cores=none|<path>

The argument none turns off core file generation. Otherwise, the argument is a path where core files will be stored.

-auditlog [<log path> | yes | on]

Turns on audit logging, and optionally sets the path for the audit log. The audit log records information about RPC calls, including the name of the RPC call, the host that submitted the call, the authenticated entity (user) that issued the call, the parameters for the call, and if the call succeeded or failed. If no path is specified, /var/log/yfs/BosAuditLog is used.

-audit-interface (file | syslog | sysvmq)

Specifies what audit interface to use. Defaults to file. See fileserver(8) for an explanation of each interface.

-enable_peer_stats

Activates the collection of Rx statistics and allocates memory for their storage. For each connection with a specific UDP port on another machine, a separate record is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or received. To display or otherwise access the records, use the Rx Monitoring API.

-enable_process_stats

Activates the collection of Rx statistics and allocates memory for their storage. A separate record is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or received, aggregated over all connections to other machines. To display or otherwise access the records, use the Rx Monitoring API.

-allow-dotted-principals

By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the first component of their name. This is to avoid the confusion where principals user/admin and user.admin are both mapped to the user.admin PTS entry. Sites whose Kerberos realms don't have these collisions between principal names may disable this check by starting the server with this option.

-restricted

In normal operation, the bos server allows a super user to run any command. When the bos server is running in restricted mode (either due to this command line flag, or when configured by bos_setrestricted(8)) a number of commands are unavailable. Note that this flag persists across reboots. Once a server has been placed in restricted mode, it can only be opened up by sending the SIGFPE signal.

-restricted_query (anyuser | admin)

Restrict certain RPCs that query information to a specific group of users. You can use admin to restrict to AFS administrators and users listed on the ReaderList(5). The anyuser option doesn't restrict the RPCs and leaves them available for all users including unauthenticated users. The default is admin.

-rxmaxmtu <bytes>

Specify the maximum transmission unit (MTU) value. The value must be between the minimum (520) and maximum (16384) Rx packet sizes.

It artificially limits the maximum Rx data packet size that will be transmitted. It can be used when the maximum size that can be successfully transmitted is smaller than the reported network interface MTU.

-rxwindow <packets>

Specify the maximum sliding window size that RX may use on the wire. Larger windows improve performance on networks with a high latency, at the expense of higher memory usage. The value specified must be less than the maximum RX window size of 65535.

-rxbind

Bind the Rx socket to the primary interface only. If not specified, the Rx socket will listen on all interfaces.

-coreonkill

If a bnode does not shut down in a timely fashion, kill with SIGABRT rather than SIGKILL to provide debug information in order for AuriStor to perform diagnostics.

-gcoreonshutdown

If a bnode does not shut down in a timely fashion, generate a core file with gcore in order to not rely on the process being able to handle a a SIGABRT signal, to provide debug information in order for AuriStor to perform diagnostics.

-syslog[=<facility>]>

Specifies that logging output should go to syslog instead of the normal log file. -syslog=facility can be used to specify to which facility the log message should be sent.

-pidfiles[=<path>]

Create a one-line file containing the process id (pid) for each non-cron process started by the BOS Server. This file is removed by the BOS Server when the process exits. The optional <path> argument specifies the path where the pid files are to be created. The default location is /var/yfs.

The name of the pid files for simple BOS Server process types are the BOS Server instance name followed by .pid.

The name of the pid files for dafs BOS Server process types are the BOS Server type name, dafs, followed by the BOS Server core name of the process, followed by .pid. The pid file name for the fileserver process is dafs.file.pid. The pid file name for the volserver is dafs.vol.pid. The pid file name for the salvageserver is dafs.salsrv.pid.

BOS Server instance names are specfied using the bos create command. See bos_create for a description of the BOS Server process types and instance names.

-nofork

Run the BOS Server in the foreground. By default, the BOS Server process will fork and detach the stdio, stderr, and stdin streams.

-config <configuration file

Sets an alternate location for the configuration file that will be parsed for options for this service. If this option is not specified, /etc/yfs/server/yfs-server.conf will be used.

-help

Prints the online help for this command. All other valid options are ignored.

PRIVILEGE REQUIRED

The issuer most be logged onto a file server machine as the local superuser root.

SEE ALSO

BosConfig(5), BosLog(5), bos(8), bos_create(8), bos_exec(8), bos_getlog(8), bos_getrestart(8), bos_restart(8), bos_setrestricted(8), bos_shutdown(8), bos_start(8), bos_startup(8), bos_status(8), bos_stop(8)

COPYRIGHT

IBM Corporation 2000. http://www.ibm.com/ All Rights Reserved.

This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

ACKNOWLEDGEMENTS

"AFS" is a registered mark of International Business Machines Corporation, used under license. (USPTO Registration 1598389)

"OpenAFS" is a registered mark of International Business Machines Corporation. (USPTO Registration 4577045)

The "AuriStor" name, log 'S' brand mark, and icon are registered marks of AuriStor, Inc. (USPTO Registrations 4849419, 4849421, and 4928460) (EUIPO Registration 015539653).

"Your File System" is a registered mark of AuriStor, Inc. (USPTO Registrations 4801402 and 4849418).

"YFS" and "AuriStor File System" are trademarks of AuriStor, Inc.