bosserver - Initializes the BOS Server
[-auditlog <log path>]
[-audit-interface ( file | sysvmq )]
The bosserver command initializes the Basic OverSeer (BOS) Server
(bosserver process). In the conventional configuration, the binary file
is located in the /usr/lib/openafs directory on a file server machine.
The BOS Server must run on every file server machine and helps to
automate file server administration by performing the following tasks:
· Monitors the other AFS server processes on the local machine, to
make sure they are running correctly.
· Automatically restarts failed processes, without contacting a human
operator. When restarting multiple server processes simultaneously,
the BOS Server takes interdependencies into account and initiates
restarts in the correct order.
· Processes commands from the bos suite that administrators issue to
verify the status of server processes, install and start new
processes, stop processes either temporarily or permanently, and
restart halted processes.
· Manages system configuration information: the files that list the
cell's server encryption keys, database server machines, and users
privileged to issue commands from the bos and vos suites.
The BOS Server is configured via the BosConfig configuration file.
Normally, this file is managed via the bos command suite rather than
edited directly. See the BosConfig(5) man page for the syntax of this
The BOS Server will rewrite BosConfig when shutting down, so changes
made manually to it will be discarded. Instead, to change the BOS
Server configuration only for the next restart of bosserver, create a
file named /etc/openafs/BosConfig.new. If BosConfig.new exists when
bosserver starts, it is renamed to /etc/openafs/BosConfig, removing any
existing file by that name, before bosserver reads its configuration.
The BOS Server logs a default set of important events in the file
/var/log/openafs/BosLog. To record the name of any user who performs a
privileged bos command (one that requires being listed in the
/etc/openafs/server/UserList file), add the -log flag. To display the
contents of the BosLog file, use the bos getlog command.
The first time that the BOS Server initializes on a server machine, it
creates several files and subdirectories in the local /usr/afs
directory, and sets their mode bits to protect them from unauthorized
access. Each time it restarts, it checks that the mode bits still
comply with the settings listed in the following chart. A question mark
indicates that the BOS Server initially turns off the bit (sets it to
the hyphen), but does not check it at restart.
If the mode bits do not comply, the BOS Server writes the following
warning to the BosLog file:
Bosserver reports inappropriate access on server directories
However, the BOS Server does not reset the mode bits, so the
administrator can set them to alternate values if desired (with the
understanding that the warning message then appears at startup).
This command does not use the syntax conventions of the AFS command
suites. Provide the command name and all option names in full.
Assigns the unprivileged identity "anonymous" to the issuer, which
is useful only when authorization checking is disabled on the
server machine (for instance, during the installation of a file
Records in the /var/log/openafs/BosLog file the names of all users
who successfully issue a privileged bos command (one that requires
being listed in the /etc/openafs/server/UserList file).
The argument none turns off core file generation. Otherwise, the
argument is a path where core files will be stored.
-auditlog <log path>
Turns on audit logging, and sets the path for the audit log. The
audit log records information about RPC calls, including the name
of the RPC call, the host that submitted the call, the
authenticated entity (user) that issued the call, the parameters
for the call, and if the call succeeded or failed.
-audit-interface (file | sysvmq)
Specifies what audit interface to use. Defaults to "file". See
fileserver(8) for an explanation of each interface.
Activates the collection of Rx statistics and allocates memory for
their storage. For each connection with a specific UDP port on
another machine, a separate record is kept for each type of RPC
(FetchFile, GetStatus, and so on) sent or received. To display or
otherwise access the records, use the Rx Monitoring API.
Activates the collection of Rx statistics and allocates memory for
their storage. A separate record is kept for each type of RPC
(FetchFile, GetStatus, and so on) sent or received, aggregated over
all connections to other machines. To display or otherwise access
the records, use the Rx Monitoring API.
By default, the RXKAD security layer will disallow access by
Kerberos principals with a dot in the first component of their
name. This is to avoid the confusion where principals user/admin
and user.admin are both mapped to the user.admin PTS entry. Sites
whose Kerberos realms don't have these collisions between principal
names may disable this check by starting the server with this
In normal operation, the bos server allows a super user to run any
command. When the bos server is running in restricted mode (either
due to this command line flag, or when configured by
bos_setrestricted(8)) a number of commands are unavailable. Note
that this flag persists across reboots. Once a server has been
placed in restricted mode, it can only be opened up by sending the
Sets the maximum transmission unit for the RX protocol.
Bind the Rx socket to the primary interface only. If not
specified, the Rx socket will listen on all interfaces.
Specifies that logging output should go to syslog instead of the
normal log file. -syslog=facility can be used to specify to which
facility the log message should be sent.
Create a one-line file containing the process id (pid) for each
non-cron process started by the BOS Server. This file is removed
by the BOS Server when the process exits. The optional <path>
argument specifies the path where the pid files are to be created.
The default location is "/var/lib/openafs/local".
The name of the pid files for "simple" BOS Server process types are
the BOS Server instance name followed by ".pid".
The name of the pid files for "fs" and "dafs" BOS Server process
types are the BOS Server type name, "fs" or "dafs", followed by the
BOS Server core name of the process, followed by ".pid". The pid
file name for the "fileserver" process is "fs.file.pid". The pid
file name for the "volserver" is "fs.vol.pid".
BOS Server instance names are specfied using the bos create
command. See bos_create for a description of the BOS Server
process types and instance names.
Run the BOS Server in the foreground. By default, the BOS Server
process will fork and detach the stdio, stderr, and stdin streams.
Prints the online help for this command. All other valid options
The following command initializes the BOS Server and logs the names of
users who issue privileged bos commands.
% bosserver -log
The issuer most be logged onto a file server machine as the local
BosConfig(5), BosLog(5), bos(8), bos_create(8), bos_exec(8),
bos_getlog(8), bos_getrestart(8), bos_restart(8), bos_setrestricted(8),
bos_shutdown(8), bos_start(8), bos_startup(8), bos_status(8),
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0.
It was converted from HTML to POD by software written by Chas Williams
and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.