Annotation of fam/man/fam.1m.in, Revision 1.1
1.1 ! trev 1: .\"## fam.1m.in
! 2: .\"##
! 3: .\"## When configure.in generates fam.1m, lines starting with .\"##
! 4: .\"## should be removed; when building on IRIX, lines starting with
! 5: .\"## .\"IRIX should have that part removed (uncommenting the rest
! 6: .\"## of the line).
! 7: .\"##
! 8: .\"## In retrospect, I'm not sure this was better than maintaining two
! 9: .\"## separate files.
! 10: .\"##
! 11: .nr X
! 12: .if \nX=0 .ds x} fam 1M "Silicon Graphics" "\&"
! 13: .TH \*(x}
! 14: .SH NAME
! 15: fam \- file alteration monitor
! 16: .SH SYNOPSIS
! 17: .nf
! 18: \f3/usr/etc/fam\f1 [ \f3\-f\f1 | \f3\-v\f1 | \f3\-d\f1 ] [ \f3\-l\f1 | \c
! 19: \f3\-t\f1 \f2NFS_polling_interval\f1 ]
! 20: [ \f3\-T\f1 \f2idle_timeout\f1 ] [ \f3\-p\f1 \c
! 21: \f2program\f3.\f2version\f1 ] [ \f3\-L\f1 ] [ \f3-C\f1 ]
! 22: [ \f3-c\f1 \f2config_file\f1 ]
! 23: .fi
! 24: .SH DESCRIPTION
! 25: \f2fam\f1 is a server that tracks changes to the filesystem and
! 26: relays these changes to interested applications.
! 27: Applications such as
! 28: \f2fm\f1(1G) and \f2mailbox\f1(1) present an up-to-date view of the filesystem.
! 29: In the absence of \f2fam\f1, these applications and others like them
! 30: are forced to poll the filesystem to detect changes.
! 31: \f2fam\f1 is
! 32: more efficient.
! 33: .P
! 34: Applications can request \f2fam\f1 to monitor any files or directories in
! 35: any filesystem.
! 36: When \f2fam\f1 detects changes to monitored files, it notifies
! 37: the appropriate application.
! 38: The FAM API provides a programmatic interface to \f2fam\f1; see
! 39: .IR fam (3X).
! 40: .P
! 41: \f2fam\f1 is informed of filesystem changes as they happen by the
! 42: kernel through the \f2imon\f1(7M) pseudo device driver.
! 43: If asked to
! 44: monitor files on an NFS mounted filesystem, \f2fam\f1 tries to use
! 45: \f2fam\f1 on the NFS server to monitor files.
! 46: If \f2fam\f1 cannot
! 47: contact a remote \f2fam\f1, it polls the files instead.
! 48: \f2fam\f1 also polls special files.
! 49: .P
! 50: Normally, \f2fam\f1 is started by \f2inetd\f1(1M).
! 51: It is registered with
! 52: \f2portmap\f1(1M) as performing the sgi_fam service.
! 53: .SH OPTIONS
! 54: .TP 26
! 55: \f3\-l\f1
! 56: Disable polling of NFS
! 57: files.
! 58: It does not disable use of remote \f2fam\f1 on NFS servers,
! 59: nor does it disable polling of local files.
! 60: .TP
! 61: \f3\-t\f1 \f2NFS_polling_interval\f1
! 62: Set the interval for polling files to \f2NFS_polling_interval\f1 seconds.
! 63: The default
! 64: is six seconds.
! 65: .TP
! 66: \f3\-T\f1 \f2idle_timeout\f1
! 67: Set the idle timeout interval to \f2idle_timeout\f1.
! 68: fam exits \f2idle_timeout\f1 seconds after its
! 69: last client disconnects.
! 70: A value of 0 causes fam to wait indefinitely for new connections.
! 71: The default is five seconds.
! 72: .TP
! 73: \f3\-f\f1
! 74: Remain in the foreground instead of spawning a child and exiting.
! 75: This option is ignored if \f2fam\f1 is started by \f2inetd\f1.
! 76: .TP
! 77: \f3\-v\f1
! 78: Turn on verbose messages.
! 79: .TP
! 80: \f3\-d\f1
! 81: Enable verbose messages and debug messages.
! 82: .TP
! 83: \f3\-p\f1 \f2program\f3.\f2version\f1
! 84: Use the specified RPC program and version numbers.
! 85: .TP
! 86: \f3\-L\f1
! 87: Local-only mode. \f2fam\f1 will only accept requests from clients running on the
! 88: local machine. This overrides the \f2local_only\f1 flag in the configuration
! 89: file. This option is ignored if \f2fam\f1 is started by \f2inetd\f1.
! 90: .TP
! 91: \f3\-C\f1
! 92: Compatibility mode. This disables authentication and reduces access security
! 93: as described under SECURITY below. This overrides the
! 94: \f2insecure_compatibility\f1 flag in the configuration file.
! 95: .TP
! 96: \f3\-c\f1 \f2config_file\f1
! 97: Read configuration information from the given file rather than the default,
! 98: which is \f2XXX_FAM_CONF\f1.
! 99: .SH "CONFIGURATION FILE"
! 100: In addition to its command-line options, \f2fam\f1's behavior can also be
! 101: controlled through its configuration file. By default, this is
! 102: \f2XXX_FAM_CONF\f1; the \f3\-c\f1 command-line option can be used to specify
! 103: an alternate file. Configuration lines are in the format \f2option=value\f1.
! 104: Lines beginning with \f2#\f1 or \f2!\f1 are ignored.
! 105: \f2fam\f1 recognizes the following options:
! 106: .TP 26
! 107: \f3insecure_compatibility\f1
! 108: If set to \f2true\f1, this disables authentication and reduces access security
! 109: as described under SECURITY below. This is \f2false\f1 by default. Setting
! 110: this option to \f2true\f1 is the same as using the \f3\-C\f1 command-line
! 111: option.
! 112: .TP
! 113: \f3untrusted_user\f1
! 114: This is the user name or UID of the user account which \f2fam\f1 will use for
! 115: unauthenticated clients. If a file can't be \f2stat\f1'ed by this user,
! 116: \f2fam\f1 will not tell unauthenticated clients about the file's existence.
! 117: If an untrusted user is not given in the configuration file, \f2fam\f1 will
! 118: write an error message to the system log and terminate.
! 119: .TP
! 120: \f3local_only\f1
! 121: If set to \f2true\f1, \f2fam\f1 will ignore requests from remote \f2fam\f1s.
! 122: This is \f2false\f1 by default. Setting this option to \f2true\f1 is the same
! 123: as using the \f3\-L\f1 command-line option. This option is ignored if
! 124: \f2fam\f1 is started by \f2inetd\f1.
! 125: .TP
! 126: \f3idle_timeout\f1
! 127: This is the time in seconds that fam will wait before exiting after its last
! 128: client disconnects. The default is five seconds. This option is overridden
! 129: by the \f3-T\f1 command-line option.
! 130: .TP
! 131: \f3nfs_polling_interval\f1
! 132: This is the interval in seconds between polling files over an NFS filesystem.
! 133: The default is six seconds. This option is overridden by the \f3-t\f1
! 134: command-line option.
! 135: .TP
! 136: \f3xtab_verification\f1
! 137: If set to \f2true\f1, \f2fam\f1 will check the list of exported filesystems
! 138: when remote requests are received to verify that the requests fall on
! 139: filesystems which are exported to the requesting hosts. This is
! 140: \f2true\f1 by default. If this option is set to \f2false\f1, \f2fam\f1 will
! 141: service remote requests without attempting to perform the verification. If
! 142: the \f2local_only\f1 configuration option or \f3-L\f1 command-line option is
! 143: used, \f2xtab_verification\f1 has no effect.
! 144: .\"##
! 145: .\"## This stuff is removed because the MAC and SAT stuff isn't implemented.
! 146: .\"## If you put this back, add sysconf(1) to the SEE ALSO section.
! 147: .\"##
! 148: .\"##.TP
! 149: .\"##\f3disable_mac\f1
! 150: .\"##If set to \f2true\f1, \f2fam\f1 will ignore its clients' MAC labels. By
! 151: .\"##default, \f2fam\f1 will use MAC labels if MAC and IP_SECOPTS are
! 152: .\"##\f2sysconf\f1'd on, and will ignore this option if the system doesn't support
! 153: .\"##MAC and TSIX. The only use for this option is to disable MAC-label-setting on
! 154: .\"##a system which supports it, which is probably undesirable.
! 155: .\"##.TP
! 156: .\"##\f3disable_audit\f1
! 157: .\"##If set to \f2true\f1, \f2fam\f1 will not log auditing information. By
! 158: .\"##default, \f2fam\f1 will use SAT (security audit trail) if _SC_AUDIT is
! 159: .\"##\f2sysconf\f1'd on, and will ignore this option if the system doesn't support
! 160: .\"##SAT. The only use for this option is to disable auditing on a system which
! 161: .\"##supports it, which is probably undesirable.
! 162: .\"##
! 163: .\"## End of stuff to remove
! 164: .\"##
! 165: .SH SECURITY
! 166: For backward compatibility, the \f3\-C\f1 command-line option and
! 167: \f2insecure_compatibility\f1 configuration option can be used to disable
! 168: authentication. Configuring \f2fam\f1 this way opens a publically known
! 169: security weakness whereby a "rogue client" can obtain the names of all the
! 170: files and directories on the system.
! 171: .\"IRIX .P
! 172: .\"IRIX You might want to configure \f2fam\f1 this way if you have a client
! 173: .\"IRIX program which is statically linked to an older version of libfam.a
! 174: .\"IRIX which does not perform authentication; see COMPATIBILITY below.
! 175: .P
! 176: \f2Note that fam never opens the files it's monitoring\f1, and cannot
! 177: be used by a rogue client to read the contents of any file on the system.
! 178: \f2fam\f1 only gives out the names of monitored files, and only monitors files
! 179: which the client can
! 180: .IR stat (1M).
! 181: Users can stat a file without having read permission on it as long as
! 182: they have search permission on the directory containing it.
! 183: .\"IRIX .SH COMPATIBILITY
! 184: .\"IRIX If you have an existing FAM client which isn't seeing files which
! 185: .\"IRIX you think it should be able to see, or which doesn't seem to be
! 186: .\"IRIX responding to file operations, try running \f2fam\f1 with the
! 187: .\"IRIX \f3-C\f1 flag and restarting the client. If that appears to fix the
! 188: .\"IRIX problem, the client is probably statically linked with a
! 189: .\"IRIX non-authenticating version of libfam. (libfam on IRIX prior to
! 190: .\"IRIX 6.5.8 does not perform authentication.)
! 191: .\"IRIX .P
! 192: .\"IRIX The best way to fix this is to recompile your program with a current
! 193: .\"IRIX version of libfam.
! 194: .\"##.\"IRIX (Unfortunately, you can't simply install a new
! 195: .\"##.\"IRIX DSO, because libfam on IRIX prior to 6.5.8 has been a static
! 196: .\"##.\"IRIX archive.)
! 197: .\"##.\"IRIX .P
! 198: .\"IRIX If recompiling isn't an option, and the client only monitors a few
! 199: .\"IRIX known files, you might add a user account named "fammable" (for
! 200: .\"IRIX example), add that account to a group which can
! 201: .\"IRIX .IR stat (1M)
! 202: .\"IRIX those files, and change the \f2untrusted_user\f1 option in the
! 203: .\"IRIX configuration file to make \f2fam\f1 use that account for requests
! 204: .\"IRIX from unauthenticated clients.
! 205: .SH FILES
! 206: XXX_FAM_CONF
! 207: .SH "SEE ALSO"
! 208: .\"IRIX fm(1G),
! 209: inetd(1M),
! 210: .\"IRIX mailbox(1),
! 211: portmap(1M),
! 212: fam(3X),
! 213: imon(7M),
! 214: stat(1M).
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to fam.1m.in CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [Development] / fam / man