Manpage of CONSERVER


Section: Maintenance Commands (8)
Updated: Local
Return to Main Contents


conserver - console server daemon  


conserver [-7dDhinouvV] [-a type] [-m max] [-M addr] [-p port] [-b port] [-C config] [-P passwd] [-L logfile] [-O min]  


Conserver is the daemon that manages remote access to system consoles by multiple users via the console(1) client program and logs all console output. It can connect to consoles via local serial ports or terminal servers that allow network access, or to any external program.

When started, conserver reads its file for details of each console it should manage, including serial port or network parameters and logging options. (Also, in environments where multiple servers share a cf file, any server is able to refer clients to the particular server managing a requested console, so that the client need not have knowledge of the distribution of consoles among servers.) Conserver forks a child for each group of consoles it must manage and assigns each process a port number to listen on. The maximum number of consoles managed by each child process is set using -m option. The console(1) client program communicates with the master console server process to find the port (and host, in a multi-server configuration) on which the appropriate child is listening. The master conserver process forks a new process to handle each incoming client connection (which should be very short-lived, since it's duty is to redirect the client to a child). Conserver restricts connections from clients based on the host access section of its and authenticates users against its conserver.passwd(5) file. Conserver can also restrict clients using the tcp-wrappers package (enabled using --with-libwrap). This authentication is done before consulting the access list.

Conserver completely controls any connection to a controlled host. All escape sequences given by the user to console are passed to the server without interpretation. The server recognizes and processes all escape sequences, except the suspend sequence, which is recognized by the server and sent as a TCP out-of-band command from the server to the client.

The conserver parent process will automatically respawn any child process that dies. The following signals are propagated by the parent process to its children.

close all connections and exit.
reread the configuration file. new consoles are managed by forking off new childen, deleted consoles (and their clients) are dropped, and changes to consoles are done "in place", resetting the console port (bringing it down and up) only when necessary. the console name is used to determine when consoles have been added/removed/changed. all console logfiles are closed and reopened and, if in daemon mode (-d option), the error logfile (see the -L option).
try to connect to any consoles marked as down. This can come in handy if you had a terminal server (or more) that wasn't accepting connections at startup and you want conserver to try to reconnect to all those downed ports.

Slave hosts which have no current console(1) connection might produce important error messages. With the -u option, these unloved errors are labeled with a machine name and output on stdout (or, in daemon mode, to the logfile). This allows a live operator or an automated log scanner to find otherwise unseen errors by watching in a single location.

Conserver must be run as root if it is to bind to a port under 1024 or if it must read a shadow passwd file for authentication (see conserver.passwd(5)). Otherwise, it may be run by any user, with -p used to specify a port above 1024.  


Options may be given as separate arguments (e.g., -n -d) or clustered (e.g., -nd). Options and their arguments may be separated by optional white space. Option arguments containing spaces or other characters special to the shell must be quoted.

Strip the high bit off of all data received, whether from the console client or from the console device, before any processing occurs.
Set the default access type for incoming connections from console clients: `r' for refused (the default), `a' for allowed, or `t' for trusted. This applies to hosts for which no matching entry is found in the access section of
Set the base port for children to listen on. Each child starts looking for free ports at port and working upward, trying a maximum number of ports equal to twice the maximum number of groups. If no free ports are available in that range, conserver exits. By default, conserver lets the operating system choose a free port.
Read configuration information from the file config. The default config may be changed at compile time using the --with-cffile option.
Become a daemon. Disconnects from the controlling terminal and sends all output to the logfile (see -L).
Enable debugging output, sent to stderr. Multiple -D options increases debug output.
Output a brief help message.
Initiate console connections on demand (and close them when not used).
Log errors and informational messages to logfile after startup in daemon mode (-d). This option does not apply when not running in daemon mode. The default logfile may be changed at compile time using the --with-logfile option.
Set the maximum consoles managed per process. The default max may be changed at compile time using the --with-maxmemb option.
Set the address to listen on. This allows conserver to bind to a particular IP address (like `') instead of all interfaces. The default is to bind to all addresses.
Obsolete (now a no-op); see -u.
Normally, a client connecting to a ``downed'' console does just that. Using this flag, the server will automatically attempt to open (``bring up'') the console when the client connects.
Enable periodic attempts (every min minutes) to open (``bring up'') all downed consoles (similar to sending a SIGUSR1).
Set the TCP port for the master process to listen on. This may be either a port number or a service name. The default port, ``conserver'' (typically 782), may be changed at compile time using the --with-port option.
Read the table of authorized user data from the file passwd. The default passwd may be changed at compile time using the --with-pwdfile option.
Send unloved console output to conserver's stdout (which, in daemon mode, is redirected to the logfile). This applies to all consoles to which no user is attached, independent of whether logging of individual consoles is enabled via entries.
Echo the configuration as it is being read (be verbose).
Output the version number and settings of the conserver program and then exit.


The following default file locations may be overridden at compile time or by the command-line options described above. Run conserver -V (with no other options) to see the defaults set at compile time.

description of console terminal lines and client host access levels; see
users allowed to access consoles; see conserver.passwd(5).
the master conserver process ID
log of errors and informational messages

Additionally, output from individual consoles may be logged to separate files specified in  


All client/server traffic (including root and user passwords) is passed ``in the clear''. Extreme care should be taken to insure no one is ``snooping'' this private data. One day the traffic will be encrypted.  


Thomas A. Fine, Ohio State Computer Science
Kevin S Braunsdorf, Purdue University Computing Center
Bryan Stansell,  


console(1),, conserver.passwd(5)




This document was created by man2html, using the manual pages.
Time: 21:46:24 GMT, March 03, 2024