Manpages

Manpage of CONSERVER

CONSERVER

Section: Maintenance Commands (8)
Updated: Local
Index
Return to Main Contents
 

NAME

conserver - console server daemon  

SYNOPSIS

conserver [-7dDhinouvV] [-a type] [-m max] [-M addr] [-p port] [-b port] [-C config] [-P passwd] [-L logfile] [-O min]  

DESCRIPTION

Conserver is the daemon that manages remote access to system consoles by multiple users via the console(1) client program and logs all console output. It can connect to consoles via local serial ports or terminal servers that allow network access, or to any external program.

When started, conserver reads its conserver.cf(5) file for details of each console it should manage, including serial port or network parameters and logging options. (Also, in environments where multiple servers share a cf file, any server is able to refer clients to the particular server managing a requested console, so that the client need not have knowledge of the distribution of consoles among servers.) Conserver forks a child for each group of consoles it must manage and assigns each process a port number to listen on. The maximum number of consoles managed by each child process is set using -m option. The console(1) client program communicates with the master console server process to find the port (and host, in a multi-server configuration) on which the appropriate child is listening. The master conserver process forks a new process to handle each incoming client connection (which should be very short-lived, since it's duty is to redirect the client to a child). Conserver restricts connections from clients based on the host access section of its conserver.cf(5) and authenticates users against its conserver.passwd(5) file. Conserver can also restrict clients using the tcp-wrappers package (enabled using --with-libwrap). This authentication is done before consulting the conserver.cf(5) access list.

Conserver completely controls any connection to a controlled host. All escape sequences given by the user to console are passed to the server without interpretation. The server recognizes and processes all escape sequences, except the suspend sequence, which is recognized by the server and sent as a TCP out-of-band command from the server to the client.

The conserver parent process will automatically respawn any child process that dies. The following signals are propagated by the parent process to its children.

SIGTERM
close all connections and exit.
SIGHUP
reread the configuration file. new consoles are managed by forking off new childen, deleted consoles (and their clients) are dropped, and changes to consoles are done "in place", resetting the console port (bringing it down and up) only when necessary. the console name is used to determine when consoles have been added/removed/changed. all console logfiles are closed and reopened and, if in daemon mode (-d option), the error logfile (see the -L option).
SIGUSR1
try to connect to any consoles marked as down. This can come in handy if you had a terminal server (or more) that wasn't accepting connections at startup and you want conserver to try to reconnect to all those downed ports.

Slave hosts which have no current console(1) connection might produce important error messages. With the -u option, these unloved errors are labeled with a machine name and output on stdout (or, in daemon mode, to the logfile). This allows a live operator or an automated log scanner to find otherwise unseen errors by watching in a single location.

Conserver must be run as root if it is to bind to a port under 1024 or if it must read a shadow passwd file for authentication (see conserver.passwd(5)). Otherwise, it may be run by any user, with -p used to specify a port above 1024.  

OPTIONS

Options may be given as separate arguments (e.g., -n -d) or clustered (e.g., -nd). Options and their arguments may be separated by optional white space. Option arguments containing spaces or other characters special to the shell must be quoted.

-7
Strip the high bit off of all data received, whether from the console client or from the console device, before any processing occurs.
-atype
Set the default access type for incoming connections from console clients: `r' for refused (the default), `a' for allowed, or `t' for trusted. This applies to hosts for which no matching entry is found in the access section of conserver.cf(5).
-bport
Set the base port for children to listen on. Each child starts looking for free ports at port and working upward, trying a maximum number of ports equal to twice the maximum number of groups. If no free ports are available in that range, conserver exits. By default, conserver lets the operating system choose a free port.
-Cconfig
Read configuration information from the file config. The default config may be changed at compile time using the --with-cffile option.
-d
Become a daemon. Disconnects from the controlling terminal and sends all output to the logfile (see -L).
-D
Enable debugging output, sent to stderr. Multiple -D options increases debug output.
-h
Output a brief help message.
-i
Initiate console connections on demand (and close them when not used).
-Llogfile
Log errors and informational messages to logfile after startup in daemon mode (-d). This option does not apply when not running in daemon mode. The default logfile may be changed at compile time using the --with-logfile option.
-mmax
Set the maximum consoles managed per process. The default max may be changed at compile time using the --with-maxmemb option.
-Maddr
Set the address to listen on. This allows conserver to bind to a particular IP address (like `127.0.0.1') instead of all interfaces. The default is to bind to all addresses.
-n
Obsolete (now a no-op); see -u.
-o
Normally, a client connecting to a ``downed'' console does just that. Using this flag, the server will automatically attempt to open (``bring up'') the console when the client connects.
-Omin
Enable periodic attempts (every min minutes) to open (``bring up'') all downed consoles (similar to sending a SIGUSR1).
-pport
Set the TCP port for the master process to listen on. This may be either a port number or a service name. The default port, ``conserver'' (typically 782), may be changed at compile time using the --with-port option.
-Ppasswd
Read the table of authorized user data from the file passwd. The default passwd may be changed at compile time using the --with-pwdfile option.
-u
Send unloved console output to conserver's stdout (which, in daemon mode, is redirected to the logfile). This applies to all consoles to which no user is attached, independent of whether logging of individual consoles is enabled via conserver.cf entries.
-v
Echo the configuration as it is being read (be verbose).
-V
Output the version number and settings of the conserver program and then exit.
 

FILES

The following default file locations may be overridden at compile time or by the command-line options described above. Run conserver -V (with no other options) to see the defaults set at compile time.

/etc/conserver.cf
description of console terminal lines and client host access levels; see conserver.cf(5).
/etc/conserver.passwd
users allowed to access consoles; see conserver.passwd(5).
/var/run/conserver.pid
the master conserver process ID
/var/log/conserver
log of errors and informational messages

Additionally, output from individual consoles may be logged to separate files specified in conserver.cf(5).  

BUGS

All client/server traffic (including root and user passwords) is passed ``in the clear''. Extreme care should be taken to insure no one is ``snooping'' this private data. One day the traffic will be encrypted.  

AUTHORS

Thomas A. Fine, Ohio State Computer Science
Kevin S Braunsdorf, Purdue University Computing Center
Bryan Stansell, conserver.com  

SEE ALSO

console(1), conserver.cf(5), conserver.passwd(5)


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
FILES
BUGS
AUTHORS
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 15:49:18 GMT, December 05, 2024