Provided by: openafs-fileserver_1.8.8.1-3ubuntu2_amd64 bug


       bosserver - Initializes the BOS Server


           [-auditlog <log path>]
           [-audit-interface ( file | sysvmq )]
           [-rxmaxmtu <bytes>]


       The bosserver command initializes the Basic OverSeer (BOS) Server (bosserver process). In
       the conventional configuration, the binary file is located in the /usr/lib/openafs
       directory on a file server machine.

       The BOS Server must run on every file server machine and helps to automate file server
       administration by performing the following tasks:

       •   Monitors the other AFS server processes on the local machine, to make sure they are
           running correctly.

       •   Automatically restarts failed processes, without contacting a human operator. When
           restarting multiple server processes simultaneously, the BOS Server takes
           interdependencies into account and initiates restarts in the correct order.

       •   Processes commands from the bos suite that administrators issue to verify the status
           of server processes, install and start new processes, stop processes either
           temporarily or permanently, and restart halted processes.

       •   Manages system configuration information: the files that list the cell's server
           encryption keys, database server machines, and users privileged to issue commands from
           the bos and vos suites.

       The BOS Server is configured via the BosConfig configuration file.  Normally, this file is
       managed via the bos command suite rather than edited directly.  See the BosConfig(5) man
       page for the syntax of this file.

       The BOS Server will rewrite BosConfig when shutting down, so changes made manually to it
       will be discarded.  Instead, to change the BOS Server configuration only for the next
       restart of bosserver, create a file named /etc/openafs/  If
       exists when bosserver starts, it is renamed to /etc/openafs/BosConfig, removing any
       existing file by that name, before bosserver reads its configuration.

       The BOS Server logs a default set of important events in the file /var/log/openafs/BosLog.
       To record the name of any user who performs a privileged bos command (one that requires
       being listed in the /etc/openafs/server/UserList file), add the -log flag. To display the
       contents of the BosLog file, use the bos getlog command.

       The first time that the BOS Server initializes on a server machine, it creates several
       files and subdirectories in the local /usr/afs directory, and sets their mode bits to
       protect them from unauthorized access. Each time it restarts, it checks that the mode bits
       still comply with the settings listed in the following chart. A question mark indicates
       that the BOS Server initially turns off the bit (sets it to the hyphen), but does not
       check it at restart.

          /usr/afs              drwxr?xr-x
          /var/lib/openafs/backup       drwx???---
          /usr/lib/openafs          drwxr?xr-x
          /var/lib/openafs/db           drwx???---
          /etc/openafs/server          drwxr?xr-x
          /etc/openafs/server/KeyFile  -rw????---
          /etc/openafs/server/UserList -rw?????--
          /var/lib/openafs/local        drwx???---
          /var/log/openafs         drwxr?xr-x

       If the mode bits do not comply, the BOS Server writes the following warning to the BosLog

          Bosserver reports inappropriate access on server directories

       However, the BOS Server does not reset the mode bits, so the administrator can set them to
       alternate values if desired (with the understanding that the warning message then appears
       at startup).

       This command does not use the syntax conventions of the AFS command suites. Provide the
       command name and all option names in full.


           Turns off all authorization checks, and allows all connecting users to act as
           administrators, even unauthenticated users. The use of this option is inherently
           insecure, and should only be used in controlled environments for experimental or debug
           purposes. See NoAuth(5).

           Records in the /var/log/openafs/BosLog file the names of all users who successfully
           issue a privileged bos command (one that requires being listed in the
           /etc/openafs/server/UserList file).

           The argument none turns off core file generation. Otherwise, the argument is a path
           where core files will be stored.

       -auditlog <log path>
           Turns on audit logging, and sets the path for the audit log.  The audit log records
           information about RPC calls, including the name of the RPC call, the host that
           submitted the call, the authenticated entity (user) that issued the call, the
           parameters for the call, and if the call succeeded or failed.

       -audit-interface (file | sysvmq)
           Specifies what audit interface to use. Defaults to "file". See fileserver(8) for an
           explanation of each interface.

           Activates the collection of Rx statistics and allocates memory for their storage. For
           each connection with a specific UDP port on another machine, a separate record is kept
           for each type of RPC (FetchFile, GetStatus, and so on) sent or received. To display or
           otherwise access the records, use the Rx Monitoring API.

           Activates the collection of Rx statistics and allocates memory for their storage. A
           separate record is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or
           received, aggregated over all connections to other machines. To display or otherwise
           access the records, use the Rx Monitoring API.

           By default, the RXKAD security layer will disallow access by Kerberos principals with
           a dot in the first component of their name. This is to avoid the confusion where
           principals user/admin and user.admin are both mapped to the user.admin PTS entry.
           Sites whose Kerberos realms don't have these collisions between principal names may
           disable this check by starting the server with this option.

           In normal operation, the bos server allows a super user to run any command.  When the
           bos server is running in restricted mode (either due to this command line flag, or
           when configured by bos_setrestricted(8)) a number of commands are unavailable. Note
           that this flag persists across reboots.  Once a server has been placed in restricted
           mode, it can only be opened up by sending the SIGFPE signal.

       -rxmaxmtu <bytes>
           Sets the maximum transmission unit for the RX protocol.

           Bind the Rx socket to the primary interface only.  If not specified, the Rx socket
           will listen on all interfaces.

           Specifies that logging output should go to syslog instead of the normal log file.
           -syslog=facility can be used to specify to which facility the log message should be

           Use Transarc style logging features. Rename the existing log file
           /var/log/openafs/BosLog to /var/log/openafs/BosLog.old when the bos server is
           restarted.  This option is provided for compatibility with older versions.

           Create a one-line file containing the process id (pid) for each non-cron process
           started by the BOS Server.  This file is removed by the BOS Server when the process
           exits.  The optional <path> argument specifies the path where the pid files are to be
           created.  The default location is "/var/lib/openafs/local".

           The name of the pid files for "simple" BOS Server process types are the BOS Server
           instance name followed by ".pid".

           The name of the pid files for "fs" and "dafs" BOS Server process types are the BOS
           Server type name, "fs" or "dafs", followed by the BOS Server core name of the process,
           followed by ".pid".  The pid file name for the "fileserver" process is "".
           The pid file name for the "volserver" is "".

           BOS Server instance names are specfied using the bos create command.  See bos_create
           for a description of the BOS Server process types and instance names.

           Run the BOS Server in the foreground. By default, the BOS Server process will fork and
           detach the stdio, stderr, and stdin streams.

           Prints the online help for this command. All other valid options are ignored.


       The following command initializes the BOS Server and logs the names of users who issue
       privileged bos commands.

          % bosserver -log


       The issuer most be logged onto a file server machine as the local superuser "root".


       BosConfig(5), BosLog(5), bos(8), bos_create(8), bos_exec(8), bos_getlog(8),
       bos_getrestart(8), bos_restart(8), bos_setrestricted(8), bos_shutdown(8), bos_start(8),
       bos_startup(8), bos_status(8), bos_stop(8)


       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted
       from HTML to POD by software written by Chas Williams and Russ Allbery, based on work by
       Alf Wachsmann and Elizabeth Cassell.