Provided by: sfs-server_0.8-0+pre20060720.1-1.1_i386 bug

NAME

       sfssd_config - meta-server configuration

DESCRIPTION

       sfssd_config configures sfssd, the server that accepts connections for
       sfsrwsd and sfsauthd.  sfssd_config can be used to run multiple
       ‘‘virtual servers’’, or to run several versions of the server software
       for compatibility with old clients.

       Directives are:

       BindAddr ip-addr [port]
           Explicitly specifies the IP address and port on which sfssd should
           listen for TCP connections.  To listen on INADDR_ANY, use the value
           0.0.0.0 for ip-addr.  If port is not specified, sfssd will use the
           value of the SFS_PORT environment variable, if it exists and is
           non-zero, or else fall back to the default port number of 4.

           It is important to note the difference between specifying a port
           number with the SFS_PORT environment variable, and with a BindAddr
           directive.  See the description of the SFS_PORT environment
           variable in the sfs_environ man page for more information.

           When no BindAddr directive is specified, sfssd attempts to figure
           out the appropriate port number(s) to bind to automatically.  It
           does so by looking for DNS SRV records for the current hostname (or
           SFS_HOSTNAME environment variable).  This is quite different from
           specifying BindAddr 0.0.0.0 0, which would always bind port 4 or
           whatever is specified with the SFS_PORT environment variable.

       RevocationDir path
           Specifies the directory in which sfssd should search for
           revocation/redirection certificates when clients connect to unknown
           (potentially revoked) self-certifying pathnames.  The default value
           is /var/sfs/srvrevoke.  Use the command sfskey revokegen to
           generate revocation certificates.

       HashCost bits
           Specifies that clients must pay for connections by burning CPU
           time.  This can help reduce the effectiveness of denial-of-service
           attacks.  The default value is 0.  The maximum value is 22.

       Server {* | @Location[,HostID]}
           Specifies a section of the file that applies connection requests
           for the self-certifying pathname @Location,HostID.  If ,HostID is
           omitted, then the following lines apply to any connection that does
           not match an explicit HostID in another Server.  The argument *
           applies to all clients who do not have a better match for either
           Location or HostID.

       Release {* | sfs-version}
           Begins a section of the file that applies to clients running SFS
           release sfs-version or older.  * signifies arbitrarily large SFS
           release numbers.  The Release directive does not do anything on its
           own, but applies to all subsequent Service directives until the
           next Release or Server directive.

       Extensions ext1 [ext2 ...]
           Specifies that subsequent Service directives apply only to clients
           that supply all of the listed extension strings (ext1, ...).
           Extensions applies until the next Extensions, Release or Server
           directive

       Service srvno daemon [arg ...]
           Specifies the daemon that should handle clients seeking service
           number srvno.  SFS defines the following values of srvno:

           1. File server 2. Authentication server 3. Remote execution 4.
           SFS/HTTP (not yet released)

       Service srvno -u path
           Operates as the above syntax of Service, only instead of spawning a
           daemon, connects to the unix-domain socket specified by path to
           communicate with an already running daemon.  This option may be
           useful when debugging SFS servers, as the server for a particular
           service on a particular self-certifying pathname can be run under
           the debugger and receive connections on the usual SFS port without
           interfering with other servers on the same machine.

       Service srvno -t host [port]
           Specifies that sfssd should act as a ‘‘TCP proxy’’ for this
           particular service, relaying any incoming connections to TCP port
           port on host.  If unspecified, port is the default SFS TCP port 4.

           This syntax is useful in a NATted environment.  For instance,
           suppose you have two SFS servers with addresses 10.0.0.2 and
           10.0.0.3 on a private network, and one machine 10.0.0.1 with an
           externally visible interface 4.3.2.1.  You can use this proxy
           syntax to export the internal file systems.  The easiest way is to
           pick two DNS names for the new servers, but point them at your
           outside server.  For example:

             server-a.mydomain.com.  IN A    4.3.2.1
             server-b.mydomain.com.  IN A    4.3.2.1

           Then, on your outside machine, you might have the following
           sfssd_config file:

             Server server-a.mydomain.com
               Release *
                   Service 1 -t 10.0.0.2
                   Service 2 -t 10.0.0.2
                   Service 3 -t 10.0.0.2
             Server server-b.mydomain.com
               Release *
                   Service 1 -t 10.0.0.3
                   Service 2 -t 10.0.0.3
                   Service 3 -t 10.0.0.3

           Then on each of the internal machines, be sure to specify Hostname
           server-A.mydomain.com and Hostname server-B.mydomain.com in
           sfsrwsd_config.

       The default contents of sfssd_config is:

         Server *
           Release *
               Service 1 sfsrwsd
               Service 2 sfsauthd
               Service 3 rexd

       To disable the file server, you can copy this file to
       /etc/sfs/sfssd_config and comment out the line Service 1 sfsrwsd.  To
       disable the remote login server, comment out the line for rexd.

       To run an SFS read-only service, you could specify the lines:

         Server *
           Release *
             Service 1 sfsrosd

       Note that you may have only one program per service number within a
       Release clause.  For instance, you cannot run both sfsrosd and sfsrwsd
       unless the programs appear in separate clauses such as:

         Server *
           Release *
               Service 1 sfsrwsd
               Service 2 sfsauthd
               Service 3 rexd

         Server @snafu.lcs.mit.edu,xzfeqjnareyn2dhqxccd7wrk5m847rh2
           Release *
             Service 1 sfsrosd

       To run a different server for sfs-0.6 and older clients, you could add
       the lines:

           Release 0.6
             Service 1 /usr/local/lib/sfs-0.6/sfsrwsd

FILES

       /etc/sfs/sfssd_config
       /usr/local/share/sfs/sfssd_config
           meta-server configuration

       (Files in /etc/sfs supersede default versions in /usr/local/share/sfs.)

SEE ALSO

       dirsearch(1), newaid(1), rex(1), sfsagent(1), sfskey(1), ssu(1),
       sfs_config(5), sfs_hosts(5), sfs_srp_params(5), sfs_users(5),
       sfsauthd_config(5), sfscd_config(5), sfsrosd_config(5),
       sfsrwsd_config(5), sfs_environ(7), funmount(8), nfsmounter(8),
       sfsauthd(8), sfscd(8), sfsrosd(8), sfsrwcd(8), sfsrwsd(8), sfssd(8),
       vidb(8)

       The full documentation for SFS is maintained as a Texinfo manual.  If
       the info and SFS programs are properly installed at your site, the
       command info SFS should give you access to the complete manual.

       For updates, documentation, and software distribution, please see the
       SFS website at http://www.fs.net/.

AUTHOR

       sfsdev@redlab.lcs.mit.edu