\begindata{text,538322772} \textdsversion{12} \template{default} \define{global } \chapter{1 Administering Non-Unix Clients} \section{1.1 Guardian Startup Switches} Once you have built and installed support for non-Unix clients there are several ways in which you may modify the services provided by the guardian and its servers. All of these modifications are done via command line arguments when the guardian is started. Guardian can be started without switches, and switches can be set in any order. The following switches are available: \typewriter{-r }This switch allows guardian to accept requests from remote systems. \typewriter{-R} This switch only allows requests from the local workstation. \typewriter{-D} This switch is used in conjunction with a debugging code to turn on various levels of debugging. The debugging code number is placed right after the switch, for example \typewriter{-D1}. The following debuggin codes are available: \leftindent{1 Don't fork to become demon 2 Debug SetAddress 4 Debug NextRequest 8 Debug CheckServers 16 Debug fuseki 32 Set SNAP_debugmask to a large # 64 Debug ForkServerHead 128 Debug authenticate 256 Debug ServerDied 512 Debug count 1024 Debug ExecuteRequest 2048 Debug BindtoPort 4096 Debug GetServerRequest 8192 Debug SameHost 16384 Debug Token unpacking} \typewriter{-a }This switch allows the administrator to set a reboot time for the local machine. Guardian will reboot the server machine at the indicated time. For example, the switch \typewriter{-a04:00} causes guardian to reboot the server at 4am. \typewriter{-l }This switch indicates that guardian will not try to perform vice authentication for users. \typewriter{-p} This switch allows the administrator to restrict which users can make requests to the guardian daemon. The switch is followed by the name of a user permits file, that contains a list of the login ids, for example, \typewriter{-p/etc/server.permits}. If no file is specified, guardian will use the file \typewriter{/etc/user.permits}. The user permits file must contain one id per line, and end with a newline. The file must not contain blanks (spaces or tabs) or comments. If the users are coming from an AFS system, then the format of each line is userid/cell. \typewriter{-s} This switch tells guardian to use a guardian services file. The switch may be followed by the name of a guardian services file, for example \typewriter{-s/etc/my.guardian.svc}. If no file is specifies, guardian will use /etc/guardian.svc. For more information on the guardian.svc file, see the section below on adding services to the guardian, and also consult the installation document for non-Unix clients. \typewriter{-u }This switch causes the owner of the guardian to be the current user instead of root. This may be useful during testing. \typewriter{-v} This switch causes guardian to run in verbose mode. It reports all when connections are established or broken, and it also reports errors. \typewriter{-q} This switch specifies that guardian will keep a log of all guardian transactions. It is followed by the name of the file in which log records will be written, for example\typewriter{ -q/usr/adm/tovice/guardian.records} . \typewriter{-n }This switch specifies the maximum number of servers that can be started by guardian on the server machine. For example,\typewriter{ -n20}. If you are running a load averaging server, then this switch should have two values seperated by a comma, for example \typewriter{-n20,15}. The higher value indicates the maximum number of servers that can be started by the guardian. The lower value indicates the number of servers that the guardian will start before it tells the loadav server that it cannot start any more. \section{1.2 Adding Services to the Guardian} At some time you may want to run additional services on your message server machine. For each additional service that is to be run, an entry must be added to the guardian services file. The default location for this file is \typewriter{/etc/guardian.svc}. The file should be located on the local disk of the machine. Each line in the guardian services file describes a server. The server can be a message server, pcserver, a loadav server, a snaptest server, or some other homegrown server. Each line in \typewriter{guardian.svc} contains five fields, seperated by a space: \indent{1. The first field contains the name of the server. For instance, if you are running only the loadav server, the first field in \typewriter{guardian.svc} for this server would be\typewriter{ LOADAV}. 2. The second field defines the type of connections that this server can handle. Possible values are \typewriter{AUTH_ONLY}, \typewriter{UNAUTH_ONLY}, and \typewriter{BOTH}. \typewriter{AUTH_ONLY} specifies that the server can be run only by an who have AFS authentication. \typewriter{UNAUTH_ONLY} specifies that the server can be run only by an owner who does not have AFS authentication. \typewriter{BOTH} specifies that the server can be run by either an authenticated owner, or a non-authenticated owner. } \indent{3. The third field specifies whether the server process should be run setuid to the user who requested it. Possible values are \typewriter{TRUE} and \typewriter{FALSE}. \typewriter{TRUE} specifies that guardian should setuid the server to the user. \typewriter{FALSE} specifies that the server should run as root. 4. The fourth field specifies the maximum number of clients that can be serviced by each server. When the maximum number of clients is reached, guardian will start a new server to handle the next request. The value of this field is an integer greater than 0. 5. The fifth field specifes the full path location of the server. This string will be used by the guardian to start the server.} \begindata{bp,537558784} \enddata{bp,537558784} \view{bpv,537558784,1454,0,0} Copyright 1992 Carnegie Mellon University and IBM. All rights reserved. \smaller{\smaller{$Disclaimer: Permission to use, copy, modify, and distribute this software and its documentation for any purpose is hereby granted without fee, provided that the above copyright notice appear in all copies and that both that copyright notice, this permission notice, and the following disclaimer appear in supporting documentation, and that the names of IBM, Carnegie Mellon University, and other copyright holders, not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. IBM, CARNEGIE MELLON UNIVERSITY, AND THE OTHER COPYRIGHT HOLDERS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL IBM, CARNEGIE MELLON UNIVERSITY, OR ANY OTHER COPYRIGHT HOLDER BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. $ }}\enddata{text,538322772}