\begindata{text,538322772}
\textdsversion{12}
\template{default}
\define{global
}
\chapter{1	Administering Non-Unix Clients}


\section{1.1	Guardian Startup Switches}


Once you have built and installed support for non-Unix clients  there are 
several ways in which you may modify the services provided by the guardian and 
its servers.  All of these modifications are done via command line arguments 
when the guardian is started.


Guardian can be started without switches, and switches can be set in any 
order.  The following switches are available:


\typewriter{-r  }This switch allows guardian to accept requests from remote 
systems.


\typewriter{-R}     This switch only allows requests from the local 
workstation.


\typewriter{-D}     This switch is used in conjunction with a debugging code 
to turn on various levels of debugging.  The debugging code number is placed 
right after the switch, for example \typewriter{-D1}.  The following debuggin 
codes are available:

\leftindent{1		Don't fork to become demon

2		Debug SetAddress

4		Debug NextRequest

8		Debug CheckServers

16		Debug fuseki

32		Set SNAP_debugmask to a large #

64		Debug ForkServerHead

128		Debug authenticate

256		Debug ServerDied

512		Debug count

1024		Debug ExecuteRequest

2048	Debug BindtoPort

4096	Debug GetServerRequest

8192		Debug SameHost

16384	Debug Token unpacking}


\typewriter{-a }This switch allows the administrator to set a reboot time for 
the local machine.  Guardian will reboot the server machine at the indicated 
time.  For example, the switch \typewriter{-a04:00} causes guardian to reboot 
the server at 4am.


\typewriter{-l  }This switch indicates that guardian will not try to perform 
vice authentication for users.


\typewriter{-p}     This switch allows the administrator to restrict which 
users can make requests to the guardian daemon.  The switch is followed by the 
name of a user permits file, that contains a list of the login ids, for 
example, \typewriter{-p/etc/server.permits}.  If no file is specified, 
guardian will use the file \typewriter{/etc/user.permits}. The user permits 
file must contain one id per line, and end with a newline.  The file must not 
contain blanks (spaces or tabs) or comments.  If the users are coming from an 
AFS system, then the format of each line is userid/cell.


\typewriter{-s}     This switch tells guardian to use a guardian services 
file.  The switch may be followed by the name of a guardian services file, for 
example \typewriter{-s/etc/my.guardian.svc}.   If no file is specifies, 
guardian will use /etc/guardian.svc.  For more information on the guardian.svc 
file, see the section below on adding services to the guardian, and also 
consult the installation document for non-Unix clients.


\typewriter{-u  }This switch causes the owner of the guardian to be the 
current user instead of root.  This may be useful during testing.


\typewriter{-v}    This switch causes guardian to run in verbose mode.  It 
reports all when connections are established or broken, and it also reports 
errors.


\typewriter{-q}     This switch specifies that guardian will keep a log of all 
guardian transactions.  It is followed by the name of the file in which log 
records will be written, for example\typewriter{ 
-q/usr/adm/tovice/guardian.records} .


\typewriter{-n  }This switch specifies the maximum number of servers that can 
be started by guardian on the server machine.  For example,\typewriter{ -n20}. 
 If you are running a load averaging server, then this switch should have two 
values seperated by a comma, for example \typewriter{-n20,15}.  The higher 
value indicates the maximum number of servers that can be started by the 
guardian.  The lower value indicates the number of servers that the guardian 
will start before it tells the loadav server that it cannot start any more.


\section{1.2	Adding Services to the Guardian}


At some time you may want to run additional services on your message server 
machine.  For each additional service that is to be run, an entry must be 
added to the guardian services file.  The default location for this file is 
\typewriter{/etc/guardian.svc}.  The file should be located on the local disk 
of the machine.


Each line in the guardian services file describes a server.  The server can be 
a message server,  pcserver, a loadav server, a snaptest server, or some other 
homegrown server.  Each line in \typewriter{guardian.svc} contains five 
fields, seperated by a space:


\indent{1. The first field contains the name of the server.  For instance, if 
you are running only the loadav server, the first field in 
\typewriter{guardian.svc} for this server would be\typewriter{ LOADAV}.


2. The second field defines the type of connections that this server can 
handle.  Possible values are \typewriter{AUTH_ONLY}, \typewriter{UNAUTH_ONLY}, 
 and \typewriter{BOTH}.  \typewriter{AUTH_ONLY} specifies that the server can 
be run only by an  who have AFS authentication.  \typewriter{UNAUTH_ONLY} 
specifies that the server can be run only by an owner who does not have AFS 
authentication.  \typewriter{BOTH} specifies that the server can be run by 
either an authenticated owner, or a non-authenticated owner.

}
\indent{3. The third field specifies whether the server process should be run 
setuid to the user who requested it.  Possible values are \typewriter{TRUE} 
and \typewriter{FALSE}.  \typewriter{TRUE}  specifies that guardian should 
setuid the server to the user.  \typewriter{FALSE} specifies that the server 
should run as root.


4. The fourth field specifies the maximum number of clients that can be 
serviced by each server.  When the maximum number of clients is reached, 
guardian will start a new server to handle the next request.  The  value of 
this field is an integer greater than 0.


5. The fifth field specifes the full path location of the server.  This string 
will be used by the guardian to start the server.}


\begindata{bp,537558784}
\enddata{bp,537558784}
\view{bpv,537558784,1454,0,0}
Copyright 1992 Carnegie Mellon University and IBM.  All rights reserved.

\smaller{\smaller{$Disclaimer: 

Permission to use, copy, modify, and distribute this software and its 

documentation for any purpose is hereby granted without fee, 

provided that the above copyright notice appear in all copies and that 

both that copyright notice, this permission notice, and the following 

disclaimer appear in supporting documentation, and that the names of 

IBM, Carnegie Mellon University, and other copyright holders, not be 

used in advertising or publicity pertaining to distribution of the software 

without specific, written prior permission.



IBM, CARNEGIE MELLON UNIVERSITY, AND THE OTHER COPYRIGHT HOLDERS 

DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING 

ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT 

SHALL IBM, CARNEGIE MELLON UNIVERSITY, OR ANY OTHER COPYRIGHT HOLDER 

BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY 

DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 

WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 

ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE 

OF THIS SOFTWARE.

 $

}}\enddata{text,538322772}