sfssd_config(5)

NAME

sfssd_config - meta-server configuration

DESCRIPTION

sfssd_config configures sfssd, the server that accepts
connections for sfsrwsd and sfsauthd. sfssd_config can be used
to run multiple ``virtual servers'', or to run several versions
of the server software for compatibility with old clients.
Directives are:
BindAddr ip-addr [port]: Explicitly specifies the IP address and port on which; sfssd should listen for TCP connections. To listen on

INADDR_ANY

specified, sfssd will use the value of the SFS_PORT environment variable, if it exists and is non-zero, or else fall back to the
default port number of 4.
It is important to note the difference between speci
fying a port number with the SFS_PORT environment variable, and
with a BindAddr directive. See the description of the SFS_PORT
environment variable in the sfs_environ man page for more infor
mation.
When no BindAddr directive is specified, sfssd at
tempts to figure out the appropriate port number(s) to bind to
automatically. It does so by looking for DNS SRV records for the
current hostname (or SFS_HOSTNAME environment variable). This is
quite different from specifying BindAddr 0.0.0.0 0, which would
always bind port 4 or whatever is specified with the SFS_PORT en
vironment variable.
RevocationDir path: Specifies the directory in which sfssd should search; for revocation/redirection certificates when clients connect to; unknown (potentially revoked) self-certifying pathnames. The de; fault value is /var/sfs/srvrevoke. Use the command sfskey; revokegen to generate revocation certificates.
HashCost bits: Specifies that clients must pay for connections by; burning CPU time. This can help reduce the effectiveness of de; nial-of-service attacks. The default value is 0. The maximum; value is 22.
Server {* | @Location[,HostID]}: Specifies a section of the file that applies connec; tion requests for the self-certifying pathname @Location,HostID.; If ,HostID is omitted, then the following lines apply to any con; nection that does not match an explicit HostID in another Server.; The argument * applies to all clients who do not have a better; match for either Location or HostID.
Release {* | sfs-version}: Begins a section of the file that applies to clients; running SFS release sfs-version or older. * signifies arbitrari; ly large SFS release numbers. The Release directive does not do; anything on its own, but applies to all subsequent Service direc; tives until the next Release or Server directive.
Extensions ext1 [ext2 ...]: Specifies that subsequent Service directives apply on; ly to clients that supply all of the listed extension strings; (ext1, ...). Extensions applies until the next Extensions,

Release

Service srvno daemon [arg ...]: Specifies the daemon that should handle clients seek; ing service number srvno. SFS defines the following values of; srvno:; 1. File server 2. Authentication server 3. Remote exe
cution 4. SFS/HTTP (not yet released)
Service srvno -u path
Operates as the above syntax of Service, only instead
of spawning a daemon, connects to the unix-domain socket speci
fied by path to communicate with an already running daemon. This
option may be useful when debugging SFS servers, as the server
for a particular service on a particular self-certifying pathname
can be run under the debugger and receive connections on the usu
al SFS port without interfering with other servers on the same
machine.
Service srvno -t host [port]
Specifies that sfssd should act as a ``TCP proxy'' for
this particular service, relaying any incoming connections to TCP
port port on host. If unspecified, port is the default SFS TCP
port 4.
This syntax is useful in a NATted environment. For
instance, suppose you have two SFS servers with addresses
10.0.0.2 and 10.0.0.3 on a private network, and one machine
10.0.0.1 with an externally visible interface 4.3.2.1. You can
use this proxy syntax to export the internal file systems. The
easiest way is to pick two DNS names for the new servers, but
point them at your outside server. For example:: server-a.mydomain.com. IN A 4.3.2.1
server-b.mydomain.com. IN A 4.3.2.1; Then, on your outside machine, you might have the fol
lowing sfssd_config file:: Server server-a.mydomain.com
Release *
Service 1 -t 10.0.0.2
Service 2 -t 10.0.0.2
Service 3 -t 10.0.0.2
Server server-b.mydomain.com Release * Service 1 -t 10.0.0.3 Service 2 -t 10.0.0.3 Service 3 -t 10.0.0.3
Then on each of the internal machines, be sure to
specify Hostname server-A.mydomain.com and Hostname
server-B.mydomain.com in sfsrwsd_config.
The default contents of sfssd_config is:: Server *
Release *
Service 1 sfsrwsd
Service 2 sfsauthd
Service 3 rexd
To disable the file server, you can copy this file to
/etc/sfs/sfssd_config and comment out the line Service 1 sfsrwsd.
To disable the remote login server, comment out the line for
rexd.
To run an SFS read-only service, you could specify the
lines:: Server *
Release *
Service 1 sfsrosd
Note that you may have only one program per service number
within a Release clause. For instance, you cannot run both
sfsrosd and sfsrwsd unless the programs appear in separate claus
es such as:: Server *
Release *
Service 1 sfsrwsd
Service 2 sfsauthd
Service 3 rexd
Server @snafu.lcs.mit.edu,xzfeqjnareyn2dhqxc
cd7wrk5m847rh2 Release * Service 1 sfsrosd
To run a different server for sfs-0.6 and older clients,
you could add the lines:: Release 0.6
Service 1 /usr/local/lib/sfs-0.6/sfsrwsd

FILES

/etc/sfs/sfssd_config
/usr/local/share/sfs/sfssd_config: meta-server configuration
(Files in /etc/sfs supersede default versions in
/usr/local/share/sfs.)

AUTHOR

sfsdev@redlab.lcs.mit.edu
SFS 0.8pre 2006-07-20

docs.sk

komplexný repozitár dokumentácie

Pozri tiež

sfssd_config(5)

NAME

DESCRIPTION

INADDR_ANY

Release

FILES

SEE ALSO

AUTHOR