Provided by: conserver-server_8.2.7-2_amd64 bug

NAME

       conserver.cf - console configuration file for conserver(8)

DESCRIPTION

       The  format  of  the  conserver.cf file is made up of named blocks of keyword/value pairs,
       comments, and optional whitespace for formatting flexibility.  The block types as well  as
       the  keywords  are  pre-defined  and  explained  in  the  BLOCKS section.  A comment is an
       unquoted pound-sign to a newline.  See the PARSER section for full details  on  whitespace
       and quoting.

       Let  me  first  show  you  a sample block with a couple of keyword/value pairs to make the
       description a bit simpler to understand.

              console simple { master localhost; type exec; rw *; }

       This is actually a fully functional conserver.cf file (if certain conditions are met...and
       if you can list those conditions, you can probably can skip to the BLOCKS section).

       Our  example  is  made  of up of a console-block named ``simple'' with three keyword/value
       pairs.  What this does is define a console named ``simple'',  makes  the  master  of  that
       console the host ``localhost'', makes the type an exec-style console, and gives every user
       read/write permission.  This is the generic format of the file:

              block-type block-name { keyword value; ... }

       To show the addition of comments and whitespace, here  is  the  example  reformatted  (but
       functionally equivalent):

              # define a console named "simple"
              console simple {
                  # setting all required values...
                  master localhost;
                  type exec;  # exec-style console
                  rw *;       # allow any username
              }

PARSER

       The  parser has six characters that it considers special.  These are: ``{'', ``}'', ``;'',
       ``#'', ``\'', and ``"''.  The first three (hereby called tokens) define the format of  the
       configuration  blocks  and are used as word separators, the next is the comment character,
       and the last two are quoting characters.

       Word separation occurs when the parser encounters an unquoted token and, in certain cases,
       whitespace.   Whitespace is only used as a word separator when the parser is looking for a
       block-type or keyword.  When it's looking for a block-name or value,  whitespace  is  like
       any other character, which allows you to embed whitespace in a block-name or value without
       having to quote it.  Here is an example:

              default my defs { rw *; include other defs  ; }

       The block-type is ``default'', the block-name is  ``my  defs'',  and  the  value  for  the
       keyword  ``include''  is  ``other defs''.  Whitespace around tokens are ignored so you get
       ``other defs'' instead of ``other defs  '' as the value.

       The only way to use one of the special characters as part of a block-name or value  is  to
       quote it.

       Quoting  is  a  simple  matter  of prefixing a character with a backslash or surrounding a
       group of characters with double-quotes.  If a character is prefixed by  a  backslash,  the
       next  character  is  a  literal (so ``\\'' produces a ``\'', ``\"'' produces ``"'', ``\{''
       produces a ``{'', etc.).  For double-quoted strings, all characters are literal except for
       ``\"'', which embeds a double-quote.

       Adding a variety of quotes to our example without changing the meaning of things, we have:

              "defa"ult my\ defs { rw *; in\clude "other defs"  ; }

       There  is  one special line the parser recognizes: a ``#include'' statement.  It is of the
       form:

              #include filename

       Any whitespace around filename is ignored, but whitespace embedded  inside  is  preserved.
       Everything  in  filename is taken literally, so none of the normal parser quoting applies.
       The #include must begin in ``column 0'' - no whitespace is  allowed  between  it  and  the
       start  of  the  physical  line.   There  is  an  include file depth limit of 10 to prevent
       infinite recursion.

BLOCKS

       access hostname|ipaddr
              Define an access block for the host named hostname or using the address ipaddr.  If
              the  value  of  ``*''  is  used,  the access block will be applied to all conserver
              hosts.  Access lists are used in a first match fashion  (top  down),  so  order  is
              important.

              admin [!]username[,...]|""
                     Define  a list of users making up the admin list for the console server.  If
                     username matches a  previously  defined  group  name,  all  members  of  the
                     previous  group  are  applied  to  the  admin  list (with access reversed if
                     prefixed with a `!').  If username doesn't match a previously defined  group
                     and  username  begins  with `@', the name (minus the `@') is checked against
                     the host's group database.  All users found in the group will be granted (or
                     denied,  if prefixed with `!') access.  If username doesn't match a previous
                     group and doesn't begin with `@', the users will be granted (or  denied,  if
                     prefixed  with  `!') access.  If the null string (``""'') is used, any users
                     previously defined for the console servers's admin list are removed.

              allowed hostname[,...]
                     The list of hostnames are  added  to  the  ``allowed''  list,  which  grants
                     connections from the hosts but requires username authentication.

              include accessgroup
                     The  access  lists  defined  using  the  name accessgroup are applied to the
                     current access block.  The included access block must be previously defined.

              limited [!]username[,...]|""
                     Define a list of users with limited functionality  on  the  console  server.
                     These  users  will  not  be  allowed  to  suspend their connection, shift to
                     another console, or attach to  a  local  command.   If  username  matches  a
                     previously defined group name, all members of the previous group are applied
                     to the admin list (with  access  reversed  if  prefixed  with  a  `!').   If
                     username  doesn't  match a previously defined group and username begins with
                     `@', the name (minus the `@') is checked against the host's group  database.
                     All  users  found  in the group will be granted (or denied, if prefixed with
                     `!') access.  If username doesn't match a previous group and  doesn't  begin
                     with  `@',  the  users  will  be  granted  (or denied, if prefixed with `!')
                     access.  If the null string (``""'') is used, any users  previously  defined
                     for the console server's limited list are removed.

              rejected hostname[,...]
                     The  list  of  hostnames  are  added to the ``rejected'' list, which rejects
                     connections from the hosts.

              trusted hostname[,...]
                     The list of hostnames are  added  to  the  ``trusted''  list,  which  grants
                     connections from the hosts without username authentication.

       break n
              Define  a break sequence where (1 <= n <= 9) or (a <= n <= z).  Break sequences are
              accessed via the ``^Ecln'' client escape sequence.

              confirm yes|true|on|no|false|off
                     Set whether or not to ask the client for  confirmation  before  sending  the
                     break sequence.  The default is ``no''.

              delay n
                     Set  the time delay for the \d sequence to n milliseconds.  The default time
                     delay is 250ms.

              string breakseq
                     Assign the string breakseq to the specified slot n.  A break sequence  is  a
                     simple character string with the exception of `\' and `^':

                            \a    alert
                            \b    backspace
                            \d    delay specified by the delay option.
                            \f    form-feed
                            \n    newline
                            \r    carriage-return
                            \t    tab
                            \v    vertical-tab
                            \z    serial break
                            \\    backslash
                            \^    circumflex
                            \ooo  octal  representation of a character (where ooo is one to three
                                  octal digits)
                            \c    character c
                            ^?    delete
                            ^c    control character (c is ``and''ed with 0x1f)

       config hostname|ipaddr
              Define a configuration block for the host  named  hostname  or  using  the  address
              ipaddr.   If the value of ``*'' is used, the configuration block will be applied to
              all conserver hosts.

              autocomplete yes|true|on|no|false|off
                     Turn the console name autocompletion feature on or off.   If  autocompletion
                     is  on,  a  client can use any unique leading portion of a console name when
                     connecting to a console.  Autocompletion is on by default.

              defaultaccess rejected|trusted|allowed
                     Set the default access permission for all hosts not  matched  by  an  access
                     list (see the -a command-line flag).

              daemonmode yes|true|on|no|false|off
                     Set  whether  or  not  to  become a daemon when run (see the -d command-line
                     flag).

              initdelay number
                     Set the number of seconds between  console  initializations.   All  consoles
                     with  the same host value will be throttled as a group (those without a host
                     value are their own group).  In other words, each  console  within  a  group
                     will  only  be  initialized  after  number  seconds passes from the previous
                     initialization of a console in that group.  Different  throttle  groups  are
                     initialized  simultaneously.   One  warning: since consoles are split up and
                     managed by seperate conserver processes, it's possible  for  more  than  one
                     conserver process to have a throttle group based on a particular host value.
                     If  this  happens,  each  conserver  process  will  throttle  their   groups
                     independently  of  the  other  conserver  processes, which results in a more
                     rapid initialization (per host value) than one might otherwise  expect.   If
                     number is zero, all consoles are initialized without delay.

              logfile filename
                     Set  the  logfile  to  write to when in daemon mode (see the -L command-line
                     flag).

              passwdfile filename
                     Set the password file location used for authentication (see the -P  command-
                     line flag).

              primaryport number|name
                     Set  the  port used by the master conserver process (see the -p command-line
                     flag).

              redirect yes|true|on|no|false|off
                     Turn redirection on or off (see the -R command-line flag).

              reinitcheck number
                     Set the number of minutes used between reinitialization checks (see  the  -O
                     command-line flag).

              secondaryport number|name
                     Set  the  base  port number used by child processes (see the -b command-line
                     flag).

              setproctitle yes|true|on|no|false|off
                     Set whether or not the process title  shows  master/group  functionality  as
                     well as the port number the process is listening on and how many consoles it
                     is managing.  The operating system must support the setproctitle() call.

              sslcredentials filename
                     Set the SSL credentials file location (see the -c command-line flag).

              sslcacertificatefile filename
                     Load the valid CA certificates for the SSL connection from the  PEM  encoded
                     file.  This option overrides the global CA list.

              sslreqclientcert yes|true|on|no|false|off
                     Set  whether or not a certificate is required by the client to connect.  The
                     default is ``no''.

              sslrequired yes|true|on|no|false|off
                     Set whether or not encryption is required when talking to clients  (see  the
                     -E command-line flag).

              unifiedlog filename
                     Set  the  location  of the unified log to filename.  See the -U command-line
                     flag for details.

       console name
              Define a console identified as name.  The keywords are  the  same  as  the  default
              block with the following addition.

              aliases name[,...]|""
                     Define  a list of console aliases.  If the null string (``""'') is used, any
                     aliases previously defined for the console are removed.

       default name
              Define a block of defaults identified as name.  If name is ``*'', the automatically
              applied default block is defined (basically all consoles have an implicit ``include
              "*";'' at the beginning of their definition).

              baud 300|600|1800|2400|4800|9600|19200|38400|57600|115200|..|4000000
                     Assign the baud rate to the console.  Only consoles of type ``device''  will
                     use this value.

              break n
                     Assign the break sequence n as the default for the console, which is used by
                     the ``^Ecl0'' client escape sequence.

              breaklist n[,...]|""
                     Associate a list of break sequences referenced by n with  the  console.   If
                     ``*''  is used (the default), all defined break sequences will be available.
                     If the null string (``""'') is used, no sequences will be available.

              device filename
                     Assign the serial device filename as the path to the console.  Only consoles
                     of type ``device'' will use this value.

              devicesubst c=t[n]f[,...]|""
                     Perform   character   substitutions  on  the  device  value.   A  series  of
                     replacements can be defined by specifying a comma-separated list of  c=t[n]f
                     sequences  where  c  is any printable character, t specifies the replacement
                     value, n is a field length (optional), and f is the format string.  t can be
                     one  of  the  characters  below,  catagorized  as  a string replacement or a
                     numeric replacement, which dictates the use of the n and f fields.

                            String Replacement
                            c      console name
                            h      host value
                            r      replstring value

                            Numeric Replacement
                            b      baud value
                            p      config port value
                            P      calculated port value

                     For string replacements, if the replacement isn't at least n characters,  it
                     will  be  padded  with  space  characters  on the left.  f must be `s'.  For
                     numeric replacements, the value will be formatted to at least n  characters,
                     padded with 0s if n begins with a 0, and space characters otherwise.  f must
                     be either `d', `x', `X',  `a',  or  `A',  specifying  a  decimal,  lowercase
                     hexadecimal (0-9a-f), uppercase hexadecimal (0-9A-F), lowercase alphanumeric
                     (0-9a-z), or uppercase alphanumeric (0-9A-Z) conversion.  If the null string
                     (``""'') is used, no replacements will be done.

              exec command|""
                     Assign  the  string command as the command to access the console.  Conserver
                     will run the command by invoking ``/bin/sh -ce  "command"''.   If  the  null
                     string  (``""'') is used or no exec keyword is specified, conserver will use
                     the command ``/bin/sh -i''.  Only consoles of type ``exec''  will  use  this
                     value.

              execrunas [user][:group]|""
                     By  default,  the command invoked by exec is run with the same privileges as
                     the server.  If the server is running  with  root  privileges,  this  option
                     resets  the  user  and/or  group  of  the  invoked process to user and group
                     respectively.  user may be a username or numeric uid  and  group  may  be  a
                     group  name  or  numeric gid.  Either one is optional.  If the server is not
                     running with root privileges, these values are not used.  If the null string
                     (``""'')  is  specified,  the default of running with the same privileges as
                     the server is restored.

              execsubst c=t[n]f[,...]|""
                     Perform character substitutions on the  exec  value.   See  the  devicesubst
                     option for an explanation of the format string.  If the null string (``""'')
                     is used, no replacements will be done.

              host hostname
                     Assign hostname as the host to connect to for accessing  the  console.   You
                     must also set the port option for consoles of type ``host''.  Normally, only
                     consoles of type ``host'' and ``ipmi'' will use this value, however  if  the
                     devicesubst,  execsubst, or initsubst keywords are used in any console type,
                     this value is used.

              idlestring string|""
                     Assign the string that is sent to the console once the console is  idle  for
                     an  idletimeout  amount  of  time.  If the null string (``""'') is used, the
                     string is unset and the default is used.  The string is interpreted just  as
                     a  break  string  is  interpreted  (see  the  break  configuration items for
                     details) where all delays specified (via ``\d'') use the default delay time.
                     The default string is ``\n''.

              idletimeout number[s|m|h]
                     Set  the  idle timeout of the console to number seconds.  If an `s', `m', or
                     `h' is used after number, the specified  time  is  interpreted  as  seconds,
                     minutes, or hours.  Set the timeout to zero to disable the idle timeout (the
                     default).

              ipmiciphersuite number
                     Set the IPMI cipher suite.  Syntactically valid values are -1 (the  default)
                     and greater.  Check the FreeIPMI documentation for usable values.

              ipmikg string|""
                     Set  the  BMC  authentication  key  K_g  to string.  A K_g value is a simple
                     character string with the exception of `\':

                            \\    backslash
                            \ooo  octal representation of a character (where ooo is one to  three
                                  octal digits)
                            \c    character c

                     The  resulting  value  must  be no more than 20 characters.  The null string
                     (``""'') is the default.

              ipmiworkaround [!]option[,...]|""
                     You can turn off a workaround by prefixing it with a ``!''  character.   So,
                     to  turn  off  the  integrity  workaround,  you  would  use !integrity.  The
                     following are valid options and their mapping to FreeIPMI settings:

                     activation-status    SKIP_SOL_ACTIVATION_STATUS
                     auth-capabilites     AUTHENTICATION_CAPABILITIES
                     channel-payload      SKIP_CHANNEL_PAYLOAD_SUPPORT
                     checksum             NO_CHECKSUM_CHECK
                     default              DEFAULT
                     ignore-payload-size  IGNORE_SOL_PAYLOAD_SIZE
                     ignore-port          IGNORE_SOL_PORT
                     integrity            NON_EMPTY_INTEGRITY_CHECK_VALUE
                     intel-session        INTEL_2_0_SESSION
                     packet-sequence      INCREMENT_SOL_PACKET_SEQUENCE
                     privilege            OPEN_SESSION_PRIVILEGE
                     serial-alerts        SERIAL_ALERTS_DEFERRED
                     sun-session          SUN_2_0_SESSION
                     supermicro-session   SUPERMICRO_2_0_SESSION

                     If no ipmiworkaround is specified, the ``default'' workaround will be  used.
                     The null string (``""'') unsets all workarounds, including ``default''.  See
                     the FreeIPMI documentation for details on what workarounds affect.

              ipmiprivlevel user|operator|admin
                     Set the privilege level for the username used  during  IPMI  authentication.
                     The default privilege level is ``admin''.

              include default
                     The  default  block defined using the name default is applied to the current
                     console or default block.  The included default  block  must  be  previously
                     defined.

              initcmd command|""
                     Invoke command as soon as the console is brought up, redirecting the console
                     to stdin, stdout, and stderr of  command.   The  command  is  passed  as  an
                     argument  to  ``/bin/sh  -ce''.   If  the  null string (``""'') is used, the
                     command is unset and nothing is invoked.

              initrunas [user][:group]|""
                     By default, the command invoked by initcmd is run with the  same  privileges
                     as  the  server.  If the server is running with root privileges, this option
                     resets the user and/or group of  the  invoked  process  to  user  and  group
                     respectively.   user  may  be  a  username or numeric uid and group may be a
                     group name or numeric gid.  Either one is optional.  If the  server  is  not
                     running with root privileges, these values are not used.  If the null string
                     (``""'') is specified, the default of running with the  same  privileges  as
                     the server is restored.

              initspinmax n|""
                     Set the maximum number of ``spins'' allowed for the console to n, where 0 <=
                     n <= 254.  A console is determined to  be  ``spinning''  if  an  attempt  to
                     initialize  the  console  occurs  in  under  initspintimer  seconds from its
                     previous initialization and this  quick  initialization  occurs  initspinmax
                     times  in  a  row.   If,  at  any point, the time between initializations is
                     greater than initspintimer, the counter for reaching initspinmax  resets  to
                     zero.   When  a  console is determined to be ``spinning'' it is forced down.
                     If the null string (``""'') is specified, the default of 5 is used.

              initspintimer t|""
                     Set the number of seconds a console must be  ``up''  to  not  be  considered
                     ``spinning''  to  t,  where  0  <=  t  <=  254.   See initspinmax for a full
                     description of  console  ``spinning.''   If  the  null  string  (``""'')  is
                     specified, the default of 1 is used.

              initsubst c=t[n]f[,...]|""
                     Perform  character  substitutions on the initcmd value.  See the devicesubst
                     option for an explanation of the format string.  If the null string (``""'')
                     is used, no replacements will be done.

              logfile filename|""
                     Assign  the logfile specified by filename to the console.  Any occurrence of
                     ``&'' in filename will be replaced with the name of  the  console.   If  the
                     null  string (``""'') is used, the logfile name is unset and no logging will
                     occur.

              logfilemax number[k|m]
                     Enable automatic rotation of logfile once its  size  exceeds  number  bytes.
                     Specifying  k or m interpret number as kilobytes and megabytes.  number must
                     be at least 2048 bytes.  A value of zero will turn off automatic rotation of
                     logfile.   The  logfile  filename  will be renamed filename-YYYYMMDD-HHMMSS,
                     where the extension is the current GMT year, month, day, hour,  minute,  and
                     second  (to  prevent  issues  with clock rollbacks).  File sizes are checked
                     every 5 minutes with an additional initial pseudo-random delay of up to  one
                     minute (to help prevent all processes checking all consoles simultaneously).
                     2.5% (minimum 100 bytes, maximum 4000 bytes) of the old logfile is read from
                     the  end of the file.  All data past the first newline is moved (not copied)
                     to the new logfile so that a replay of the console works  and  starts  on  a
                     line boundary.

              master hostname|ipaddr
                     Define  which conserver host manages the console.  The host may be specified
                     by hostname or using the address ipaddr.

              motd message|""
                     Set the "message of  the  day"  for  the  console  to  message,  which  gets
                     displayed  when  a  client  attaches  to  the  console.   If the null string
                     (``""'') is used, the MOTD is unset and no message will occur.

              options [!]option[,...]|""
                     You can negate the option by prefixing it with a ``!''  character.   So,  to
                     turn  off  the  hupcl  flag,  you would use !hupcl.  The following are valid
                     options:

                     ixon        Enable XON/XOFF flow control on output.  Only consoles  of  type
                                 ``device'' or ``exec'' will use this value.  Default is ixon.
                     ixany       Enable  any  character to restart output.  Only consoles of type
                                 ``device'' or ``exec'' will use this value.  Default is !ixany.
                     ixoff       Enable XON/XOFF flow control on input.  Only  consoles  of  type
                                 ``device''  or  ``exec''  will use this value.  Default is ixoff
                                 for consoles of type ``device'' and !ixoff for consoles of  type
                                 ``exec''.
                     crtscts     Enable  RTS/CTS  (hardware) flow control.  Only consoles of type
                                 ``device'' will use this value.  Default is !crtscts.
                     cstopb      Set two stop bits, rather  than  one.   Only  consoles  of  type
                                 ``device'' will use this value.  Default is !cstopb.
                     hupcl       Lower  modem  control lines after last process closes the device
                                 (hang up).  Only consoles  of  type  ``device''  will  use  this
                                 value.  Default is !hupcl.
                     ondemand    Initialize  the  console  when a client requests a connection to
                                 the console.  When no clients are connected, bring  the  console
                                 down.   The  conserver  option  -i  will  set  this flag for all
                                 consoles.  Default is !ondemand.
                     striphigh   Strip the high bit off all data coming from this console and all
                                 clients connected to this console before processing occurs.  The
                                 conserver option  -7  will  set  this  flag  for  all  consoles.
                                 Default is !striphigh.
                     reinitoncc  Automatically  reinitialize (``bring up'') a downed console when
                                 a client connects.   Without  this  option,  a  client  will  be
                                 attached  to  the  downed  console  and  will  need  to manually
                                 reinitialize the console with an escape sequence.  The conserver
                                 option  -o  will  set  this  flag  for all consoles.  Default is
                                 !reinitoncc.
                     autoreinit  Allow this console  to  be  automatically  reinitialized  if  it
                                 unexpectedly goes down.  If the console doesn't come back up, it
                                 is retried every minute.  A console of type ``exec'' that  exits
                                 with   a   zero   exit  status  is  automatically  reinitialized
                                 regardless of this setting.  The conserver option -F will  unset
                                 this flag for all consoles.  Default is autoreinit.
                     unloved     Enable  the  sending of this console's output (prefixed with its
                                 name) to the daemon's stdout (or the logfile if in daemon  mode)
                                 when  no  clients  are  connected to the console.  The conserver
                                 option -u will set this  flag  for  all  consoles.   Default  is
                                 !unloved.
                     login       Allow  users  to  log  into  this  console.   If  logins are not
                                 allowed, conserver will send a generic  message  to  the  client
                                 saying  so  and  terminate the connection.  You can override the
                                 generic message by setting the motd message.  Default is login.

              parity even|mark|none|odd|space
                     Set the parity option for the console.  Only  consoles  of  type  ``device''
                     will use this value.

              password password|""
                     Use  password  during  IPMI  authentication.  If the null string (``""'') is
                     used (the default), no password will be used.

              port number|name
                     Set the port used to access the console.  The port may  be  specified  as  a
                     number  or a name.  A name will cause a getservbyname(3) call to look up the
                     port number.  The port,  portbase,  and  portinc  values  are  all  used  to
                     calculate  the  final  port  number  to  connect  to.   The  formula used is
                     finalport = portbase + portinc *  port.   By  using  proper  values  in  the
                     formula,  you  can  reference  ports  on a terminal server by their physical
                     numbering of 0..n or 1..n (depending on if you like zero-based or  one-based
                     numbering).   Warning:  you can generate a -1 value with this formula, which
                     will become a very high numbered positive value  (since  things  are  stored
                     unsigned).   You  must  also  set  the  host option as well.  Normally, only
                     consoles of type ``host'' will use this value, however if  the  devicesubst,
                     execsubst, or initsubst keywords are used in any console type, this value is
                     used.

              portbase number
                     Set the base value for the port calculation formula.  number must  be  0  or
                     greater.  The default is zero.  See port for the details of the formula.

              portinc number
                     Set  the increment value for the port calculation formula.  number must be 0
                     or greater.  The default is one.  See port for the details of the formula.

              protocol telnet|raw
                     Set the protocol used to send and receive data from the console.  If raw  is
                     used, all data is sent ``as is'', unprotected by any protocol specification.
                     If telnet is used (which is the default), data is encapsulated in the telnet
                     protocol.   The  striphigh console option still applies when data is read by
                     the server, and if enabled, can impact the encapsulation process.

              replstring string
                     A generic replacement string that can be used by the devicesubst, execsubst,
                     and initsubst keywords.

              ro [!]username[,...]|""
                     Define  a list of users making up the read-only access list for the console.
                     If username matches a previously defined group  name,  all  members  of  the
                     previous  group  are  applied  to  the  read-only  access  list (with access
                     reversed if prefixed with a `!').  If username doesn't  match  a  previously
                     defined  group  and  username  begins  with `@', the name (minus the `@') is
                     checked against the host's group database.  All users  found  in  the  group
                     will  be  granted  (or  denied,  if prefixed with `!') read-only access.  If
                     username doesn't match a previous group and  doesn't  begin  with  `@',  the
                     users  will  be  granted (or denied, if prefixed with `!') read-only access.
                     If the null string (``""'') is used, any users previously  defined  for  the
                     console's read-only list are removed.

              rw [!]username[,...]|""
                     Define a list of users making up the read-write access list for the console.
                     If username matches a previously defined group  name,  all  members  of  the
                     previous  group  are  applied  to  the  read-write  access list (with access
                     reversed if prefixed with a `!').  If username doesn't  match  a  previously
                     defined  group  and  username  begins  with `@', the name (minus the `@') is
                     checked against the host's group database.  All users  found  in  the  group
                     will  be  granted  (or  denied, if prefixed with `!') read-write access.  If
                     username doesn't match a previous group and  doesn't  begin  with  `@',  the
                     users  will  be granted (or denied, if prefixed with `!') read-write access.
                     If the null string (``""'') is used, any users previously  defined  for  the
                     console's read-write list are removed.

              tasklist c[,...]|""
                     Associate  a  list  of  tasks referenced by c with the console.  If ``*'' is
                     used (the default), all defined tasks will be available.  If the null string
                     (``""'') is used, no tasks will be available.

              timestamp [number[m|h|d|l]][a][b]|""
                     Specifies  the  time  between timestamps applied to the console log file and
                     whether to log read/write connection  actions.   The  timestamps  look  like
                     ``[--  MARK  --  Mon  Jan  25  14:46:56 1999]''.  The `m', `h', and `d' tags
                     specify ``minutes'' (the default), ``hours'', and  ``days''.   The  `l'  tag
                     specifies  ``lines''  and  will  cause  timestamps of the form ``[Mon Jan 25
                     14:46:56 PST 1999]'' to be placed every number lines  (a  newline  character
                     signifies  a  new  line).   So, ``5h'' specifies every five hours and ``2l''
                     specifies every two  lines.   An  `a'  can  be  specified  to  add  logs  of
                     ``attached'',  ``detached'',  and  ``bumped''  actions, including the user's
                     name and the host from which the client connection was made.  A `b'  can  be
                     specified to add logging of break sequences sent to the console.

              type device|ipmi|exec|host|noop|uds
                     Set  the  type  of  console.   A type of ``device'' should be used for local
                     serial ports (also set the device value).  A type of ``ipmi'' should be used
                     for  IPMI serial over LAN consoles (also set the host value and possibly the
                     username, password, and ipmi* values).  A type of ``exec''  should  be  used
                     for  command  invocations  (perhaps  also  set  the  exec value).  A type of
                     ``host'' should be used for terminal  servers  and  other  TCP  socket-based
                     interaction  (also set the host and port values).  A type of ``noop'' should
                     be used as a placeholder - it does nothing, ignores any  logfile  value  and
                     forces  the  !nologin  option  (so you might want to set the motd value).  A
                     type of ``uds'' should be used for Unix domain sockets  (also  set  the  uds
                     option).

              uds filename
                     Assign  the  Unix  domain  socket filename as the path to the console.  Only
                     consoles of type ``uds'' will use this value.

              udssubst c=t[n]f[,...]|""
                     Perform character substitutions on  the  uds  value.   See  the  devicesubst
                     option for an explanation of the format string.  If the null string (``""'')
                     is used, no replacements will be done.

              username username|""
                     Use username during IPMI authentication.  If the  null  string  (``""'')  is
                     used (the default), the ``null'' user will be used.

       group name
              Define a user group identified as name.

              users [!]username[,...]|""
                     Define  a  list  of  users  making up the group name.  If username matches a
                     previously defined group name, all members of the previous group are applied
                     to  the  current  group  (with  access reversed if prefixed with a `!').  If
                     username doesn't match a previously defined group and username  begins  with
                     `@',  the name (minus the `@') is checked against the host's group database.
                     All users found in the group will be recorded with (or without, if  prefixed
                     with  `!')  access.   If username doesn't match a previous group and doesn't
                     begin with `@', the users will be recorded with  (or  without,  if  prefixed
                     with `!') access.  If the null string (``""'') is used, any users previously
                     defined for this group are removed.

       task c
              Define a task where c is a lowercase alphanumeric (0-9a-z).  Tasks are invoked  via
              the ``^Ec!c'' client escape sequence.

              cmd command|""
                     Invoke  command  on  the  server  when  instructed  by the client.  All file
                     descriptors are closed, except for  stderr  (which  is  inherited  from  the
                     server).   The  command is passed as an argument to ``/bin/sh -ce'' and is a
                     ``fire and forget'' methodology (you need to check logs for any issues).  If
                     the null string (``""'') is used, the entire task definition is ignored.

              confirm yes|true|on|no|false|off
                     Set  whether  or  not to ask the client for confirmation before invoking the
                     task.  The default is ``no''.

              description string
                     Set a description for the task.  When a client lists tasks, string  will  be
                     printed  instead  of the command defined above.  If the null string (``""'')
                     is used, the command defined above will be printed.

              runas [user][:group]|""
                     By default, the command invoked by cmd is run with the  same  privileges  as
                     the  server.   If  the  server  is running with root privileges, this option
                     resets the user and/or group of  the  invoked  process  to  user  and  group
                     respectively.   user  may  be  a  username or numeric uid and group may be a
                     group name or numeric gid.  Either one is optional.  If the  server  is  not
                     running with root privileges, these values are not used.  If the null string
                     (``""'') is specified, the default of running with the  same  privileges  as
                     the server is restored.

              subst c=t[n]f[,...]|""
                     Perform  character  substitutions  on  the  cmd  value.  See the devicesubst
                     option for an explanation of the format string.  If the null string (``""'')
                     is used, no replacements will be done.

AUTHORS

       Bryan Stansell, conserver.com

SEE ALSO

       console(1), conserver.passwd(5), conserver(8)