Provided by: dicod_2.4-1_amd64 
DESCRIPTION
dicod.conf is the configuration file for dicod(8).
NOTE
This manpage is a short description of the dicod.conf configuration file. For a detailed discussion,
including examples and usage recommendations, refer to the GNU Dico Manual available in texinfo format.
If the info reader and GNU Dico documentation are properly installed on your system, the command
info dico
should give you access to the complete manual.
You can also view the manual using the info mode in emacs(1), or find it in various formats online at
http://www.gnu.org.ua/software/dico/manual
If any discrepancies occur between this manpage and the GNU Dico Manual, the later shall be considered
the authoritative source.
LEXICAL STRUCTURE
There are three classes of lexical tokens: words, quoted strings, and separators. Blanks, tabs, newlines
and comments, collectively called white space are ignored except as they serve to separate tokens. Some
white space is required to separate otherwise adjacent keywords and values.
Words
A word is a sequence of letters, digits, and any of the following characters: _, -, ., /, @, *, :, [, ].
Strings
A quoted string is any sequence of characters enclosed in double-quotes ("). A backslash appearing
within a quoted string introduces an escape sequence, which is replaced with a single character according
to the following rules:
Sequence Expansion ASCII
\\ \ 134
\" " 042
\a audible bell 007
\b backspace 010
\f form-feed 014
\n new line 012
\r charriage return 015
\t horizontal tabulation 011
\v vertical tabulation 013
In addition, the sequence \newline is removed from the string. This allows to split long strings over
several physical lines, e.g.:
"a long string may be\
split over several lines"
If the character following a backslash is not one of those specified above, the backslash is ignored and
a warning is issued.
Two or more adjacent quoted strings are concatenated, which gives another way to split long strings over
several lines to improve readability. The following fragment produces the same result as the example
above:
"a long string may be"
" split over several lines"
A here-document is a special construct that allows to introduce strings of text containing embedded
newlines.
The <<word construct instructs the parser to read all the following lines up to the line containing only
word, with possible trailing blanks. Any lines thus read are concatenated together into a single string.
For example:
<<EOT
A multiline
string
EOT
The body of a here-document is interpreted the same way as a double-quoted string, unless word is
preceded by a backslash (e.g. <<\EOT) or enclosed in double-quotes, in which case the text is read as
is, without interpretation of escape sequences.
If word is prefixed with - (a dash), then all leading tab characters are stripped from input lines and
the line containing word. Furthermore, - is followed by a single space, all leading whitespace is
stripped from them. This allows to indent here-documents in a natural fashion. For example:
<<- TEXT
The leading whitespace will be
ignored when reading these lines.
TEXT
It is important that the terminating delimiter be the only token on its line. The only exception to this
rule is allowed if a here-document appears as the last element of a statement. In this case a semicolon
can be placed on the same line with its terminating delimiter, as in:
help-text <<-EOT
A sample help text.
EOT;
Comments
The usual comment styles are supported:
C style: /* */
C++ style: // to end of line
Unix style: # to end of line
Pragmatic comments are similar to the usual single-line comments, except that they cause some changes in
the way the configuration is parsed. Pragmatic comments begin with a # sign and end with the next
physical newline character.
#include <FILE>
#include FILE
Include the contents of the file file. Both forms are equivalent. The FILE must be an absolute
file name.
#include_once <FILE>
#include_once FILE
Same as #include, except that, if the FILE has already been included, it will not be included
again.
#line num
#line num "FILE"
This line causes the parser to believe, for purposes of error diagnostics, that the line number of
the next source line is given by num and the current input file is named by FILE. If the latter is
absent, the remembered file name does not change.
# num "FILE"
This is a special form of the #line statement, understood for compatibility with the C
preprocessor.
STATEMENTS
A simple statement consists of a keyword and value separated by any amount of whitespace. Some
statements take more than one value. Simple statement is terminated with a semicolon (;).
The following is a simple statement:
pidfile /var/run/direvent.pid;
See below for a list of valid simple statements.
A value can be one of the following:
number A number is a sequence of decimal digits.
boolean
A boolean value is one of the following: yes, true, t or 1, meaning true, and no, false, nil, 0
meaning false.
word
quoted string
list A comma-separated list of values, enclosed in parentheses.
Block Statement
A block statement introduces a logical group of statements. It consists of a keyword, followed by an
optional value, called a tag, and a sequence of statements enclosed in curly braces, as shown in the
example below:
acl global {
allow all from 198.51.100.0/24;
deny all;
}
The closing curly brace may be followed by a semicolon, although this is not required.
SERVER SETTINGS
user NAME
Run with the privileges of this user. The argument is either a user name, or UID prefixed with a
plus sign.
group LIST
If the user statement is present, dicod will drop all supplementary groups and switch to the
principal group of that user. Sometimes, however, it may be necessary to retain one or more
supplementary groups. For example, this might be necessary to access dictionary databases. The
group statement retains the supplementary groups listed in LIST. Each group can be specified
either by its name or by its GID number, prefixed with @samp{+}, e.g.:
user nobody;
group (man, dict +88);
This statement is ignored if no user statement is present or if dicod is running in inetd mode.
mode daemon|inetd
Sets server operation mode.
listen LIST
Specify the IP addresses and ports to listen on in daemon mode. By default, dicod will listen on
port 2628 on all existing interfaces.
Elements of LIST can have the following forms:
HOST:PORT
Specifies an IP (version 4 or 6) socket to listen on. The HOST part is either an IPv4 in
``dotted-quad'' notation, or an IPv6 address in square brackets, or a host name. In the
latter case, dicod will listen on all IP addresses corresponding to its A and AAAA DNS
records.
The PORT part is either a numeric port number or a symbolic service name from the
/etc/services file.
Either of the two parts may be omitted. If HOST is omitted, the server will listen on all
interfaces. If PORT is omitted, the default port 2628 will be used.
inet://HOST:PORT, inet4://HOST:PORT
Listen on IPv4 socket. HOST is either an IP address or a host name. In the latter case,
dicod will start listening on all IP addresses from the A records for this host.
Either HOST or PORT (but not both) can be omitted. Missing HOST defaults to IPv4 addresses
on all available network interfaces, and missing PORT defaults to 2628.
inet6://HOST:PORT
Listen on IPv6 socket. HOST is either an IPv6 address in square brackets, or a host name.
In the latter case, dicod will start listening on all IP addresses from the AAAA records
for this host.
Either HOST or PORT (but not both) can be omitted. Missing HOSTfdefaults to IPv6 addresses
on all available network interfaces, and missing PORT defaults to 2628.
FILENAME, unix://FILENAME
Specifies the name of a UNIX socket to listen on. FILENAME must be an absolute file name
of the socket.
pidfile STRING
Store PID of the master process in this file. Default is /var/run/dicod.pid.
max-children NUMBER
Sets maximum number of subprocesses that can run simultaneously. This is equivalent to the number
of clients that can simultaneously use the server. The default is 64.
inactivity-timeout NUMBER
Sets inactivity timeout to the NUMBER of seconds. The server disconnects automatically if the
remote client has not sent any command within this number of seconds. Setting timeout to 0
disables inactivity timeout (the default).
This statement along with max-children allows you to control the server load.
shutdown-timeout NUMBER
When the master server is shutting down, wait this number of seconds for all children to
terminate. Default is 5 seconds.
identity-check BOOLEAN
Enable identification check using AUTH protocol (RFC 1413). The received user name or UID can be
shown in access log using the %l conversion (see below).
ident-keyfile STRING
Use encryption keys from the named file to decrypt AUTH replies encrypted using DES.
ident-timeout NUMBER
Set timeout for AUTH input/output operation to NUMBER of seconds. Default timeout is 3 seconds.
AUTHENTICATION SETTINGS
The authentication database is defined as:
user-db URL {
# Additional configuration options.
options STRING;
# Name of the password resource.
password-resource RESOURCE;
# Name of the resource returning user group information.
group-resource RESOURCE;
}
The URL consists of the following parts (square brackets denoting optional ones):
TYPE://[[USER[:PASSWORD]@]HOST]/PATH[PARAMS]
where:
TYPE Database type. Two types are supported: text and ldap.
USER User name, if necessary to access the database.
PASSWORD
User password, if necessary to access the database.
HOST Domain name or IP address of a machine running the database.
PATH A path to the database. The exact meaning of this element depends on the database protocol. See
the texinfo documentation.
PARAMS A list of protocol-dependent parameters. Each parameter is of the form KEYWORD=NAME, multiple
parameters are separated with semicolons.
The following statements can appear within the user-db block:
options STRING
Pass additional options to the underlying mechanism. The argument is treated as an opaque string
and passed to the authentication open procedure verbatim. Its exact meaning depends on the type
of the database.
password-resource ARG
A database resource which returns the user's password.
group-resource ARG
A database resource which returns the list of groups this user is member of.
The exact semantics of the database resource depends on the type of database being used. For flat text
databases, it means the name of a text file that contains these data, for LDAP databases, the resource is
the filter string, etc. Please refer to the GNU Dico Manual, subsection 4.3.3 Authentication for a
detailed discussion.
SASL AUTHENTICATION
The SASL authentication is available if the server was compiled with GNU SASL. It is configured using
the following statement:
sasl {
# Disable SASL mechanisms listed in MECH.
disable-mechanism MECH;
# Enable SASL mechanisms listed in MECH.
enable-mechanism MECH;
# Set service name for GSSAPI and Kerberos.
service NAME;
# Set realm name for GSSAPI and Kerberos.
realm NAME;
# Define groups for anonymous users.
anon-group GROUPS;
}
disable-mechanism MECH
Disable SASL mechanisms listed in MECH, which is a list of names.
enable-mechanism MECH
Enable SASL mechanisms listed in MECH, which is a list of names.
service NAME
Sets the service name for GSSAPI and Kerberos mechanisms.
realm NAME
Sets the realm name.
anon-group LIST
Declares the list of user groups considered anonymous.
ACCESS CONTROL LISTS
Define an ACL:
acl NAME {
DEFINITION...
}
The parameter NAME assigns a unique name to that ACL. This name will be used by another configuration
statements to refer to that ACL (see SECURITY SETTINGS, and Database Visibility).
Each DEFINITION is:
allow|deny [all|authenticated|group GROUPLIST] [acl NAME] [from ADDRLIST]
A definition starting with allow allows access to the resource, and the one starting with deny denies it.
The next part controls what users have access to the resource:
all All users (the default).
authenticated
Only authenticated users.
group GROUPLIST
Authenticated users which are members of at least one of the groups listed in GROUPLIST.
The acl part refers to an already defined ACL.
The from keyword declares that the client IP must be within the ADDRLIST in order for the definition to
apply. Elements of ADDRLIST are:
any Matches any client address.
IP address
Matches if the request comes from the given IP (both IPv4 and IPv6 are allowed).
ADDR/NETLEN
Matches if first NETLEN bits from the client IP address equal to ADDR. The network mask length,
NETLEN must be an integer number between 0 and 32 for IPv4, and between 0 and 128 for IPv6. The
address part, ADDR, is as described above.
ADDR/NETMASK
The specifier matches if the result of logical AND between the client IP address and NETMASK
equals to ADDR. The network mask must be specified in a IP address (either IPv4 or IPv6)
notation.
SECURITY SETTINGS
connection-acl NAME
Use ACL NAME to control incoming connections. The ACL itself must be defined before this
statement. Using the group clause in this ACL makes no sense, because the authentication itself
is performed only after the connection have been established.
show-sys-info NAME
Controls whether to show system information in reply to SHOW SERVER command. The information will
be shown only if ACL NAME allows it.
visibility-acl NAME
Sets name of the ACL that controls visibility of all databases.
LOGGING AND DEBUGGING
log-tag STRING
Prefix syslog messages with this string. By default, the program name is used.
log-facility STRING
Sets the syslog facility to use. Allowed values are: user, daemon, auth, authpriv, mail, cron,
local0 through local7 (case-insensitive), or a decimal facility number.
log-print-severity BOOLEAN
Prefix diagnostics messages with a string identifying their severity.
transcript BOOLEAN
Controls the transcript of user sessions.
ACCESS LOG
GNU Dico provides a feature similar to Apache's CustomLog, which keeps a log of MATCH and DEFINE
requests.
access-log-file STRING
Sets access log file name.
access-log-format STRING
Defines the format string. Its argument can contain literal characters, which are copied into the
log file verbatim, and format specifiers, i.e. special sequences beginning with %, which are
replaced in the log file as shown in the table below:
%% The percent sign.
%a Remote IP address.
%A Local IP address.
%B Size of response in bytes.
%b Size of response in bytes in CLF format, i.e. a dash rather than a 0 when no bytes are
sent.
%C Remote client (from the CLIENT command).
%D The time taken to serve the request, in microseconds.
%d Request command verb in abbreviated form, suitable for use in URLs, i.e. d for DEFINE, and
m for MATCH.
%h Remote host.
%H Request command verb (DEFINE or MATCH).
%l Remote logname (from identd(1), if supplied). This will return a dash unless
identity-check statement is set to true.
%m The search strategy.
%p The canonical port of the server serving the request.
%P The PID of the child that served the request.
%q The database from the request.
%r Full request.
%{N}R The Nth token from the request (N is 0-based).
%s Reply status. For multiple replies, the form %s returns the status of the first reply,
while %>s returns that of the last reply.
%t Time the request was received in the standard Apache format, e.g.:
[04/Jun/2008:11:05:22 +0300]
%{FORMAT}t
The time, in the form given by FORMAT, which should be a valid strftime(3) format string.
The standard %t format is equivalent to
[%d/%b/%Y:%H:%M:%S %z]
%T The time taken to serve the request, in seconds.
%u Remote user from AUTH command.
%v The host name of the server serving the request.
%V Actual host name of the server (in case it was overridden in configuration).
%W The word from the request.
The absence of access-log-format statement is equivalent to the following:
access-log-format "%h %l %u %t \"%r\" %>s %b";
GENERAL SETTINGS
initial-banner-text TEXT
Display TEXT in the textual part of the initial server reply.
hostname STRING
Sets the hostname. By default it is determined automatically.
The server hostname is used, among others, in the initial reply after the 220 and may also be
displayed in the access log file using the %v escape (see ACCESS LOG).
server-info TEXT
Sets the server description to be shown in reply to the SHOW SERVER command.
It is common for TEXT to use the here-document syntax, e.g.:
server-info <<EOT
Welcome to the FOO dictionary service.
Contact <dict@foo.example.org> if you have questions or
suggestions.
EOT;
help-text TEXT
Sets the text to be displayed in reply to the HELP command.
The default reply displays a list of commands understood by the server with a short description of
each.
If TEXT begins with a plus sign, it will be appended to the default reply.
default-strategy NAME
Sets the name of the default matching strategy (*note MATCH::). By default, Levenshtein matching
is used, which is equivalent to default-strategy lev;
CAPABILITIES
capability LIST
Requests additional capabilities from the LIST.
Capabilities are certain server features that can be enabled or disabled at the system administrator's
will. The following capabilities are defined:
auth The AUTH command is supported. See the section AUTHENTICATION, for its configuration.
mime The OPTION MIME command is supported. Notice that RFC 2229 requires all servers to support that
command, so you should always specify this capability.
xversion
The XVERSION command is supported. It is a GNU extension that displays the dicod implementation
and version number.
xlev The XLEV command is supported. This command allows the remote party to set and query maximal
Levenshtein distance for the lev matching strategy.
The capabilities set using this directive are displayed in the initial server reply, and their
descriptions are added to the HELP command output (unless specified otherwise by the help-text
statement).
DATABASE MODULES
A database module is an external piece of software designed to handle a particular format of dictionary
databases. This piece of software is built as a shared library that `dicod' loads at run time.
A handler is an instance of the database module loaded by dicod and configured for a specific database or
a set of databases.
Database handlers are defined using the following block statement:
load-module NAME {
command CMD;
}
The load-module statement creates an instance of a database module. The NAME argument specifies a unique
name which will be used by subsequent parts of the configuration to refer to this handler. The command
line for this handler is supplied with the command statement. It must begin with the name of the module
(without the library suffix) and can contain any additional arguments. If the module name is not an
absolute file name, the module will be searched in the module load path.
For example:
load-module dict {
command "dictorg dbdir=/var/dicodb";
}
A simplified form of this statement:
load-module NAME;
is equivalent to:
load-module NAME {
command NAME;
}
A module load path is an internal list of directories which dicod scans in order to find a loadable file
name specified in the command statement. By default the search order is as follows:
1. Optional prefix search directories specified in the prepend-load-path statement (see below);
2. GNU Dico module directory /usr/lib/x86_64-linux-gnu/dico;
3. Additional search directories specified in the module-load-path statement (see below);
4. The value of the environment variable LTDL_LIBRARY_PATH;
5. The system dependent library search path (e.g. on GNU/Linux it is defined by the file
/etc/ld.so.conf and the environment variable LD_LIBRARY_PATH).
The value of LTDL_LIBRARY_PATH and LD_LIBRARY_PATH must be a colon-separated list of absolute directory
names.
In each of these directories, dicod first attempts to find and load the given filename. If this fails,
it tries to append the following suffixes to it:
1. the libtool archive suffix .la;
2. the suffix used for native dynamic libraries on the host platform, e.g., .so, .sl, etc.
module-load-path LIST
Add directories from LIST to the end of the module load path.
prepend-load-path LIST
Add directories from LIST to the beginning of the module load path.
DATABASES
database {
name WORD;
description STRING;
info TEXT;
languages-from LANGLIST;
languages-to LANGLIST;
handler NAME;
visibility-acl NAME;
mime-headers TEXT;
}
name STRING
Sets the name of this database (a single word). This name will be used to identify this database
in DICT commands.
handler STRING
Specifies the handler name for this database and optional arguments for it. This handler must be
previously defined using the load-module statement (see above).
description STRING
Supplies a short description, to be shown in reply to the SHOW DB command. The STRING may not
contain newlines.
info STRING
Defines a full description of the database. This description is shown in reply to the SHOW INFO
command. It is usually a multi-line text, so it is common to use here-document syntax.
content-type STRING
Sets the content type of the reply (for use in MIME headers).
content-transfer-encoding VALUE
Sets transfer encoding to use when sending MIME replies for this database. VALUE is one of:
base64, quoted-printable.
visibility-acl NAME
Sets name of the ACL that controls that database visibility.
STRATEGIES AND SEARCHES
A default search is a MATCH request with * or ! as the database argument. The former means search in all
available databases, and the latter means search in all databases until a match is found.
Default searches cabd be quite expensive and can cause considerable strain on the server. For example,
the command MATCH * priefix "" returns all entries from all available databases, which would consume a
lot of resources both on the server and on the client side.
To minimize harmful effects from such potentially dangerous requests, the following statement makes it
possible to limit the use of certain strategies in default searches:
strategy NAME {
deny-all BOOL;
deny-word CONDLIST;
deny-length-lt NUMBER;
deny-length-le NUMBER;
deny-length-gt NUMBER;
deny-length-ge NUMBER;
deny-length-eq NUMBER;
deny-length-ne NUMBER;
}
deny-all BOOL
Unconditionally deny the use of this strategy in default searches.
deny-word LIST
Deny this strategy if the search word matches one of the words from LIST.
deny-length-lt NUMBER
Deny if length of the search word is less than NUMBER.
deny-length-le NUMBER
Deny if length of the search word is less than or equal to NUMBER.
deny-length-gt NUMBER
Deny if length of the search word is greater than NUMBER.
deny-length-ge NUMBER
Deny if length of the search word is greater than or equal to NUMBER.
deny-length-eq NUMBER
Deny if length of the search word is equal to NUMBER.
deny-length-ne NUMBER
Deny if length of the search word is not equal to NUMBER.
For example, the following statement denies the use of prefix strategy in default searches if its
argument is an empty string:
strategy prefix {
deny-length-eq 0;
}
TUNING
While tuning your server, it is often necessary to get timing information which shows how much time is
spent serving certain requests. This can be achieved using the following configuration directive:
timing BOOLEAN
Provide timing information after successful completion of an operation.
This information is displayed after replies to the following requests: MATCH, DEFINE, and QUIT. The
format is:
[d/m/c = ND/NM/NC RTr UTu STs]
where:
ND Number of processed define requests.
NM Number of processed match requests.
NC Number of comparisons made. This value may be inaccurate if the underlying database module does
not provide such information.
RT Real time spent serving the request.
UT Time in user space spent serving the request.
ST Time in kernel space spent serving the request.
You can also add timing information to your access log files. See the %T conversuion in section ACCESS
LOG.
COMMAND ALIASES
Aliases allow a string to be substituted for a word when it is used as the first word of a command. The
daemon maintains a list of aliases that are created using the alias configuration file statement:
alias WORD COMMAND
Creates a new alias.
Aliases may be recursive, i.e. the first word of COMMAND may refer to another alias. To prevent endless
loops, recursive expansion is stopped if the first word of the replacement text is identical to an alias
expanded earlier.
Aliases are useful to facilitate manual interaction with the server, as they allow the administrator to
create abbreviations for some frequently typed commands. For example, the following alias creates new
command d which is equivalent to DEFINE *:
alias d DEFINE "*";
SEE ALSO
dicod(1), RFC 2229. Complete GNU Dico manual: run info dico or use emacs(1) info mode to read it. Online copies of GNU Dico documentation in various formats can be found at: http://www.gnu.org.ua/software/dico/manual
AUTHORS
Sergey Poznyakoff
BUG REPORTS
Report bugs to <bug-dico@gnu.org.ua>.
COPYRIGHT
Copyright © 2008-2014 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent
permitted by law.