1CONSERVER.CF(5)                    conserver                   CONSERVER.CF(5)
2
3
4

NAME

6       conserver.cf - console configuration file for conserver(8)
7

DESCRIPTION

9       The  format of the conserver.cf file is made up of named blocks of key‐
10       word/value pairs, comments,  and  optional  whitespace  for  formatting
11       flexibility.   The  block types as well as the keywords are pre-defined
12       and explained in the BLOCKS section.  A comment is an  unquoted  pound-
13       sign  to  a newline.  See the PARSER section for full details on white‐
14       space and quoting.
15
16       Let me first show you a sample block with  a  couple  of  keyword/value
17       pairs to make the description a bit simpler to understand.
18
19              console simple { master localhost; type exec; rw *; }
20
21       This  is actually a fully functional conserver.cf file (if certain con‐
22       ditions are met...and if you can list those conditions, you can  proba‐
23       bly can skip to the BLOCKS section).
24
25       Our  example  is  made  of  up of a console-block named ``simple'' with
26       three keyword/value pairs.  What this does is define  a  console  named
27       ``simple'',  makes  the  master of that console the host ``localhost'',
28       makes the type an exec-style console, and gives every  user  read/write
29       permission.  This is the generic format of the file:
30
31              block-type block-name { keyword value; ... }
32
33       To  show  the  addition of comments and whitespace, here is the example
34       reformatted (but functionally equivalent):
35
36              # define a console named "simple"
37              console simple {
38                  # setting all required values...
39                  master localhost;
40                  type exec;  # exec-style console
41                  rw *;       # allow any username
42              }
43

PARSER

45       The parser has six characters that it considers  special.   These  are:
46       ``{'',  ``}'', ``;'', ``#'', ``\'', and ``"''.  The first three (hereby
47       called tokens) define the format of the configuration  blocks  and  are
48       used  as  word  separators,  the next is the comment character, and the
49       last two are quoting characters.
50
51       Word separation occurs when the parser  encounters  an  unquoted  token
52       and,  in  certain cases, whitespace.  Whitespace is only used as a word
53       separator when the parser is looking for a block-type or keyword.  When
54       it's  looking  for  a block-name or value, whitespace is like any other
55       character, which allows you to embed  whitespace  in  a  block-name  or
56       value without having to quote it.  Here is an example:
57
58              default my defs { rw *; include other defs  ; }
59
60       The  block-type  is ``default'', the block-name is ``my defs'', and the
61       value for the keyword ``include'' is ``other defs''.  Whitespace around
62       tokens  are  ignored  so you get ``other defs'' instead of ``other defs
63       '' as the value.
64
65       The only way to use one of the special characters as part of  a  block-
66       name or value is to quote it.
67
68       Quoting is a simple matter of prefixing a character with a backslash or
69       surrounding a group of characters with double-quotes.  If  a  character
70       is  prefixed by a backslash, the next character is a literal (so ``\\''
71       produces a ``\'', ``\"''  produces  ``"'',  ``\{''  produces  a  ``{'',
72       etc.).   For  double-quoted  strings, all characters are literal except
73       for ``\"'', which embeds a double-quote.
74
75       Adding a variety of quotes to our example without changing the  meaning
76       of things, we have:
77
78              "defa"ult my\ defs { rw *; in\clude "other defs"  ; }
79
80       There  is one special line the parser recognizes: a ``#include'' state‐
81       ment.  It is of the form:
82
83              #include filename
84
85       Any whitespace around filename  is  ignored,  but  whitespace  embedded
86       inside  is  preserved.   Everything  in filename is taken literally, so
87       none of the normal parser quoting applies.  The #include must begin  in
88       ``column 0'' - no whitespace is allowed between it and the start of the
89       physical line.  There is an include file depth limit of 10  to  prevent
90       infinite recursion.
91

BLOCKS

93       access hostname|ipaddr
94              Define  an access block for the host named hostname or using the
95              address ipaddr.  If the value of ``*'' is used, the access block
96              will  be  applied to all conserver hosts.  Access lists are used
97              in a first match fashion (top down), so order is important.
98
99              admin [!]username[,...]|""
100                     Define a list of users making up the admin list  for  the
101                     console server.  If username matches a previously defined
102                     group name, all members of the previous group are applied
103                     to  the admin list (with access reversed if prefixed with
104                     a `!').  If username doesn't match a  previously  defined
105                     group  and  username begins with `@', the name (minus the
106                     `@') is checked against the host's group  database.   All
107                     users  found  in the group will be granted (or denied, if
108                     prefixed with `!') access.  If username doesn't  match  a
109                     previous group and doesn't begin with `@', the users will
110                     be granted (or denied, if prefixed with `!') access.   If
111                     the  null  string  (``""'') is used, any users previously
112                     defined for the console servers's admin list are removed.
113
114              allowed hostname[,...]
115                     The list of hostnames are added to the ``allowed''  list,
116                     which  grants  connections  from  the  hosts but requires
117                     username authentication.
118
119              include accessgroup
120                     The access lists defined using the name  accessgroup  are
121                     applied to the current access block.  The included access
122                     block must be previously defined.
123
124              limited [!]username[,...]|""
125                     Define a list of users with limited functionality on  the
126                     console  server.  These users will not be allowed to sus‐
127                     pend their  connection,  shift  to  another  console,  or
128                     attach  to a local command.  If username matches a previ‐
129                     ously defined group name, all  members  of  the  previous
130                     group are applied to the admin list (with access reversed
131                     if prefixed with a `!').  If  username  doesn't  match  a
132                     previously  defined  group  and username begins with `@',
133                     the name (minus the `@') is checked  against  the  host's
134                     group  database.   All  users  found in the group will be
135                     granted (or denied, if prefixed  with  `!')  access.   If
136                     username doesn't match a previous group and doesn't begin
137                     with `@', the users will be granted (or denied,  if  pre‐
138                     fixed  with  `!') access.  If the null string (``""'') is
139                     used,  any  users  previously  defined  for  the  console
140                     server's limited list are removed.
141
142              rejected hostname[,...]
143                     The list of hostnames are added to the ``rejected'' list,
144                     which rejects connections from the hosts.
145
146              trusted hostname[,...]
147                     The list of hostnames are added to the ``trusted''  list,
148                     which  grants connections from the hosts without username
149                     authentication.
150
151       break n
152              Define a break sequence where (1 <= n <= 9) or (a <=  n  <=  z).
153              Break  sequences  are  accessed  via the ``^Ecln'' client escape
154              sequence.
155
156              confirm yes|true|on|no|false|off
157                     Set whether or not to ask  the  client  for  confirmation
158                     before  sending  the  break  sequence.   The  default  is
159                     ``no''.
160
161              delay n
162                     Set the time delay for the \d sequence to n milliseconds.
163                     The default time delay is 250ms.
164
165              string breakseq
166                     Assign  the  string  breakseq to the specified slot n.  A
167                     break sequence is a  simple  character  string  with  the
168                     exception of `\' and `^':
169
170                            \a    alert
171                            \b    backspace
172                            \d    delay specified by the delay option.
173                            \f    form-feed
174                            \n    newline
175                            \r    carriage-return
176                            \t    tab
177                            \v    vertical-tab
178                            \z    serial break
179                            \\    backslash
180                            \^    circumflex
181                            \ooo  octal  representation  of a character (where
182                                  ooo is one to three octal digits)
183                            \c    character c
184                            ^?    delete
185                            ^c    control character (c is ``and''ed with 0x1f)
186
187       config hostname|ipaddr
188              Define a configuration block for  the  host  named  hostname  or
189              using  the  address  ipaddr.  If the value of ``*'' is used, the
190              configuration block will be applied to all conserver hosts.
191
192              autocomplete yes|true|on|no|false|off
193                     Turn the console name autocompletion feature on  or  off.
194                     If  autocompletion  is  on,  a  client can use any unique
195                     leading portion of a console name when  connecting  to  a
196                     console.  Autocompletion is on by default.
197
198              defaultaccess rejected|trusted|allowed
199                     Set  the  default  access  permission  for  all hosts not
200                     matched by an access list (see the -a command-line flag).
201
202              daemonmode yes|true|on|no|false|off
203                     Set whether or not to become a daemon when run  (see  the
204                     -d command-line flag).
205
206              initdelay number
207                     Set  the  number  of  seconds between console initializa‐
208                     tions.  All consoles with the same  host  value  will  be
209                     throttled  as  a  group  (those  without a host value are
210                     their own group).  In other words, each console within  a
211                     group  will  only  be  initialized  after  number seconds
212                     passes from the previous initialization of a  console  in
213                     that  group.   Different  throttle groups are initialized
214                     simultaneously.  One warning: since consoles are split up
215                     and  managed by seperate conserver processes, it's possi‐
216                     ble for more than one conserver process to have a  throt‐
217                     tle group based on a particular host value.  If this hap‐
218                     pens, each conserver process will throttle  their  groups
219                     independently  of  the  other  conserver processes, which
220                     results in a more rapid initialization (per  host  value)
221                     than  one might otherwise expect.  If number is zero, all
222                     consoles are initialized without delay.
223
224              logfile filename
225                     Set the logfile to write to when in daemon mode (see  the
226                     -L command-line flag).
227
228              passwdfile filename
229                     Set  the  password  file location used for authentication
230                     (see the -P command-line flag).
231
232              primaryport number|name
233                     Set the port used by the master  conserver  process  (see
234                     the -p command-line flag).
235
236              redirect yes|true|on|no|false|off
237                     Turn  redirection  on  or  off  (see  the -R command-line
238                     flag).
239
240              reinitcheck number
241                     Set the number of minutes used  between  reinitialization
242                     checks (see the -O command-line flag).
243
244              secondaryport number|name
245                     Set the base port number used by child processes (see the
246                     -b command-line flag).
247
248              setproctitle yes|true|on|no|false|off
249                     Set whether or not the process title  shows  master/group
250                     functionality  as  well as the port number the process is
251                     listening on and how many consoles it is  managing.   The
252                     operating system must support the setproctitle() call.
253
254              sslcredentials filename
255                     Set  the  SSL  credentials file location (see the -c com‐
256                     mand-line flag).
257
258              sslcacertificatefile filename
259                     Load the valid CA certificates  for  the  SSL  connection
260                     from  the  PEM  encoded  file.  This option overrides the
261                     global CA list.
262
263              sslreqclientcert yes|true|on|no|false|off
264                     Set whether or not  a  certificate  is  required  by  the
265                     client to connect.  The default is ``no''.
266
267              sslrequired yes|true|on|no|false|off
268                     Set whether or not encryption is required when talking to
269                     clients (see the -E command-line flag).
270
271              unifiedlog filename
272                     Set the location of the unified log to filename.  See the
273                     -U command-line flag for details.
274
275       console name
276              Define  a console identified as name.  The keywords are the same
277              as the default block with the following addition.
278
279              aliases name[,...]|""
280                     Define a list of console aliases.   If  the  null  string
281                     (``""'')  is used, any aliases previously defined for the
282                     console are removed.
283
284       default name
285              Define a block of defaults  identified  as  name.   If  name  is
286              ``*'', the automatically applied default block is defined (basi‐
287              cally all consoles have an  implicit  ``include  "*";''  at  the
288              beginning of their definition).
289
290              baud 300|600|1800|2400|4800|9600|19200|38400|57600|115200
291                     Assign  the  baud  rate to the console.  Only consoles of
292                     type ``device'' will use this value.
293
294              break n
295                     Assign the break sequence n as the default for  the  con‐
296                     sole,  which  is  used  by  the  ``^Ecl0''  client escape
297                     sequence.
298
299              breaklist n[,...]|""
300                     Associate a list of break sequences referenced by n  with
301                     the console.  If ``*'' is used (the default), all defined
302                     break sequences will be available.  If  the  null  string
303                     (``""'') is used, no sequences will be available.
304
305              device filename
306                     Assign the serial device filename as the path to the con‐
307                     sole.  Only consoles of type  ``device''  will  use  this
308                     value.
309
310              devicesubst c=t[n]f[,...]|""
311                     Perform  character  substitutions on the device value.  A
312                     series of replacements can be  defined  by  specifying  a
313                     comma-separated  list of c=t[n]f sequences where c is any
314                     printable character, t specifies the replacement value, n
315                     is a field length (optional), and f is the format string.
316                     t can be one of the characters below,  catagorized  as  a
317                     string  replacement  or a numeric replacement, which dic‐
318                     tates the use of the n and f fields.
319
320                            String Replacement
321                            c      console name
322                            h      host value
323                            r      replstring value
324
325                            Numeric Replacement
326                            p      config port value
327                            P      calculated port value
328
329                     For string replacements,  if  the  replacement  isn't  at
330                     least  n characters, it will be padded with space charac‐
331                     ters on the left.  f must be `s'.  For  numeric  replace‐
332                     ments,  the value will be formatted to at least n charac‐
333                     ters, padded with 0s if n begins  with  a  0,  and  space
334                     characters  otherwise.   f  must be either `d', `x', `X',
335                     `a', or `A', specifying a decimal, lowercase  hexadecimal
336                     (0-9a-f),   uppercase   hexadecimal  (0-9A-F),  lowercase
337                     alphanumeric (0-9a-z), or uppercase alphanumeric (0-9A-Z)
338                     conversion.   If  the  null  string  (``""'') is used, no
339                     replacements will be done.
340
341              exec command|""
342                     Assign the string command as the command  to  access  the
343                     console.   Conserver  will  run  the  command by invoking
344                     ``/bin/sh -ce "command"''.  If the null  string  (``""'')
345                     is  used  or no exec keyword is specified, conserver will
346                     use the command ``/bin/sh -i''.  Only  consoles  of  type
347                     ``exec'' will use this value.
348
349              execrunas [user][:group]|""
350                     By  default,  the command invoked by exec is run with the
351                     same privileges as the server.  If the server is  running
352                     with  root privileges, this option resets the user and/or
353                     group of the invoked process to user  and  group  respec‐
354                     tively.   user may be a username or numeric uid and group
355                     may be a group  name  or  numeric  gid.   Either  one  is
356                     optional.   If the server is not running with root privi‐
357                     leges, these values are not used.   If  the  null  string
358                     (``""'')  is  specified,  the default of running with the
359                     same privileges as the server is restored.
360
361              execsubst c=t[n]f[,...]|""
362                     Perform character substitutions on the exec  value.   See
363                     the  devicesubst  option for an explanation of the format
364                     string.  If the null string (``""'') is used, no replace‐
365                     ments will be done.
366
367              host hostname
368                     Assign  hostname  as the host to connect to for accessing
369                     the console.  You must also set the port option for  con‐
370                     soles  of type ``host''.  Normally, only consoles of type
371                     ``host'' and ``ipmi'' will use this value, however if the
372                     devicesubst, execsubst, or initsubst keywords are used in
373                     any console type, this value is used.
374
375              idlestring string|""
376                     Assign the string that is sent to the  console  once  the
377                     console  is  idle  for an idletimeout amount of time.  If
378                     the null string (``""'') is used, the string is unset and
379                     the default is used.  The string is interpreted just as a
380                     break string is interpreted (see the break  configuration
381                     items  for  details)  where  all  delays  specified  (via
382                     ``\d'') use the default delay time.  The  default  string
383                     is ``\n''.
384
385              idletimeout number[s|m|h]
386                     Set  the  idle  timeout of the console to number seconds.
387                     If an `s', `m', or `h' is used after number,  the  speci‐
388                     fied  time  is interpreted as seconds, minutes, or hours.
389                     Set the timeout to zero to disable the idle timeout  (the
390                     default).
391
392              ipmiciphersuite number
393                     Set  the  IPMI  cipher suite.  Syntactically valid values
394                     are -1 (the default) and  greater.   Check  the  FreeIPMI
395                     documentation for usable values.
396
397              ipmikg string|""
398                     Set  the  BMC  authentication  key  K_g to string.  A K_g
399                     value is a simple character string with the exception  of
400                     `\':
401
402                            \\    backslash
403                            \ooo  octal  representation  of a character (where
404                                  ooo is one to three octal digits)
405                            \c    character c
406
407                     The resulting value must be no more than  20  characters.
408                     The null string (``""'') is the default.
409
410              impiworkaround [!]option[,...]|""
411                     You  can  turn  off  a  workaround by prefixing it with a
412                     ``!''  character.  So, to turn off  the  integrity  work‐
413                     around,  you  would  use  !integrity.   The following are
414                     valid options and their mapping to FreeIPMI settings:
415
416                     activation-status    SKIP_SOL_ACTIVATION_STATUS
417                     auth-capabilites     AUTHENTICATION_CAPABILITIES
418                     channel-payload      SKIP_CHANNEL_PAYLOAD_SUPPORT
419                     checksum             NO_CHECKSUM_CHECK
420                     default              DEFAULT
421                     ignore-payload-size  IGNORE_SOL_PAYLOAD_SIZE
422                     ignore-port          IGNORE_SOL_PORT
423                     integrity            NON_EMPTY_INTEGRITY_CHECK_VALUE
424                     intel-session        INTEL_2_0_SESSION
425                     packet-sequence      INCREMENT_SOL_PACKET_SEQUENCE
426                     privilege            OPEN_SESSION_PRIVILEGE
427                     serial-alerts        SERIAL_ALERTS_DEFERRED
428                     sun-session          SUN_2_0_SESSION
429                     supermicro-session   SUPERMICRO_2_0_SESSION
430
431                     If no ipmiworkaround is specified, the ``default''  work‐
432                     around will be used.  The null string (``""'') unsets all
433                     workarounds, including  ``default''.   See  the  FreeIPMI
434                     documentation for details on what workarounds affect.
435
436              ipmiprivlevel user|operator|admin
437                     Set the privilege level for the username used during IPMI
438                     authentication.    The   default   privilege   level   is
439                     ``admin''.
440
441              include default
442                     The  default  block  defined  using  the  name default is
443                     applied to the current console  or  default  block.   The
444                     included default block must be previously defined.
445
446              initcmd command|""
447                     Invoke  command  as  soon  as  the console is brought up,
448                     redirecting the console to stdin, stdout, and  stderr  of
449                     command.   The  command  is  passed  as  an  argument  to
450                     ``/bin/sh -ce''.  If the null string  (``""'')  is  used,
451                     the command is unset and nothing is invoked.
452
453              initrunas [user][:group]|""
454                     By  default,  the  command invoked by initcmd is run with
455                     the same privileges as the server.  If the server is run‐
456                     ning  with  root  privileges, this option resets the user
457                     and/or group of the invoked process  to  user  and  group
458                     respectively.   user may be a username or numeric uid and
459                     group may be a group name or numeric gid.  Either one  is
460                     optional.   If the server is not running with root privi‐
461                     leges, these values are not used.   If  the  null  string
462                     (``""'')  is  specified,  the default of running with the
463                     same privileges as the server is restored.
464
465              initspinmax n|""
466                     Set the maximum number of ``spins'' allowed for the  con‐
467                     sole  to n, where 0 <= n <= 254.  A console is determined
468                     to be ``spinning'' if an attempt to initialize  the  con‐
469                     sole  occurs in under initspintimer seconds from its pre‐
470                     vious initialization and this quick initialization occurs
471                     initspinmax  times  in a row.  If, at any point, the time
472                     between initializations is  greater  than  initspintimer,
473                     the  counter  for  reaching  initspinmax  resets to zero.
474                     When a console is determined to  be  ``spinning''  it  is
475                     forced  down.   If the null string (``""'') is specified,
476                     the default of 5 is used.
477
478              initspintimer t|""
479                     Set the number of seconds a console must be ``up'' to not
480                     be  considered  ``spinning''  to  t, where 0 <= t <= 254.
481                     See initspinmax for a full description of console ``spin‐
482                     ning.''   If  the  null string (``""'') is specified, the
483                     default of 1 is used.
484
485              initsubst c=t[n]f[,...]|""
486                     Perform character substitutions  on  the  initcmd  value.
487                     See the devicesubst option for an explanation of the for‐
488                     mat string.  If the null  string  (``""'')  is  used,  no
489                     replacements will be done.
490
491              logfile filename|""
492                     Assign  the logfile specified by filename to the console.
493                     Any occurrence of ``&'' in filename will be replaced with
494                     the  name of the console.  If the null string (``""'') is
495                     used, the logfile name  is  unset  and  no  logging  will
496                     occur.
497
498              logfilemax number[k|m]
499                     Enable  automatic  rotation  of  logfile  once  its  size
500                     exceeds number bytes.  Specifying k or m interpret number
501                     as kilobytes and megabytes.  number must be at least 2048
502                     bytes.  A value of zero will turn off automatic  rotation
503                     of  logfile.   The logfile filename will be renamed file‐
504                     name-YYYYMMDD-HHMMSS, where the extension is the  current
505                     GMT  year,  month, day, hour, minute, and second (to pre‐
506                     vent  issues  with  clock  rollbacks).   File  sizes  are
507                     checked  every  5  minutes  with  an  additional  initial
508                     pseudo-random delay of up to one minute (to help  prevent
509                     all  processes  checking  all  consoles  simultaneously).
510                     2.5% (minimum 100 bytes, maximum 4000 bytes) of  the  old
511                     logfile  is read from the end of the file.  All data past
512                     the first newline is moved (not copied) to the  new  log‐
513                     file  so that a replay of the console works and starts on
514                     a line boundary.
515
516              master hostname|ipaddr
517                     Define which conserver host  manages  the  console.   The
518                     host  may  be  specified by hostname or using the address
519                     ipaddr.
520
521              motd message|""
522                     Set the "message of the day" for the console to  message,
523                     which  gets  displayed when a client attaches to the con‐
524                     sole.  If the null string (``""'') is used, the  MOTD  is
525                     unset and no message will occur.
526
527              options [!]option[,...]|""
528                     You  can  negate  the option by prefixing it with a ``!''
529                     character.  So, to turn off the hupcl flag, you would use
530                     !hupcl.  The following are valid options:
531
532                     ixon        Enable XON/XOFF flow control on output.  Only
533                                 consoles of type ``device'' or ``exec''  will
534                                 use this value.  Default is ixon.
535                     ixany       Enable any character to restart output.  Only
536                                 consoles of type ``device'' or ``exec''  will
537                                 use this value.  Default is !ixany.
538                     ixoff       Enable  XON/XOFF flow control on input.  Only
539                                 consoles of type ``device'' or ``exec''  will
540                                 use  this  value.   Default is ixoff for con‐
541                                 soles of type ``device'' and !ixoff for  con‐
542                                 soles of type ``exec''.
543                     crtscts     Enable RTS/CTS (hardware) flow control.  Only
544                                 consoles of type  ``device''  will  use  this
545                                 value.  Default is !crtscts.
546                     cstopb      Set  two  stop  bits,  rather than one.  Only
547                                 consoles of type  ``device''  will  use  this
548                                 value.  Default is !cstopb.
549                     hupcl       Lower  modem control lines after last process
550                                 closes the device (hang up).   Only  consoles
551                                 of  type  ``device''  will  use  this  value.
552                                 Default is !hupcl.
553                     ondemand    Initialize the console when a client requests
554                                 a connection to the console.  When no clients
555                                 are connected, bring the console  down.   The
556                                 conserver  option  -i  will set this flag for
557                                 all consoles.  Default is !ondemand.
558                     striphigh   Strip the high bit off all data  coming  from
559                                 this  console  and  all  clients connected to
560                                 this console before processing  occurs.   The
561                                 conserver  option  -7  will set this flag for
562                                 all consoles.  Default is !striphigh.
563                     reinitoncc  Automatically reinitialize (``bring  up'')  a
564                                 downed console when a client connects.  With‐
565                                 out this option, a client will be attached to
566                                 the  downed console and will need to manually
567                                 reinitialize  the  console  with  an   escape
568                                 sequence.   The  conserver option -o will set
569                                 this  flag  for  all  consoles.   Default  is
570                                 !reinitoncc.
571                     autoreinit  Allow this console to be automatically reini‐
572                                 tialized if it unexpectedly  goes  down.   If
573                                 the  console  doesn't  come  back  up,  it is
574                                 retried every  minute.   A  console  of  type
575                                 ``exec''  that  exits with a zero exit status
576                                 is automatically reinitialized regardless  of
577                                 this  setting.   The conserver option -F will
578                                 unset this flag for all consoles.  Default is
579                                 autoreinit.
580                     unloved     Enable  the  sending of this console's output
581                                 (prefixed with its name) to the daemon's std‐
582                                 out  (or  the logfile if in daemon mode) when
583                                 no clients are connected to the console.  The
584                                 conserver  option  -u  will set this flag for
585                                 all consoles.  Default is !unloved.
586                     login       Allow users to log  into  this  console.   If
587                                 logins are not allowed, conserver will send a
588                                 generic message to the client saying  so  and
589                                 terminate  the  connection.  You can override
590                                 the generic message by setting the motd  mes‐
591                                 sage.  Default is login.
592
593              parity even|mark|none|odd|space
594                     Set  the parity option for the console.  Only consoles of
595                     type ``device'' will use this value.
596
597              password password|""
598                     Use password during IPMI  authentication.   If  the  null
599                     string  (``""'')  is used (the default), no password will
600                     be used.
601
602              port number|name
603                     Set the port used to access the console.  The port may be
604                     specified  as  a  number  or a name.  A name will cause a
605                     getservbyname(3) call to look up the  port  number.   The
606                     port, portbase, and portinc values are all used to calcu‐
607                     late the final port number to connect  to.   The  formula
608                     used  is finalport = portbase + portinc * port.  By using
609                     proper values in the formula, you can reference ports  on
610                     a  terminal server by their physical numbering of 0..n or
611                     1..n (depending on if you like  zero-based  or  one-based
612                     numbering).   Warning:  you  can generate a -1 value with
613                     this formula, which will become a very high numbered pos‐
614                     itive value (since things are stored unsigned).  You must
615                     also set the host option as well.   Normally,  only  con‐
616                     soles  of  type  ``host'' will use this value, however if
617                     the devicesubst, execsubst,  or  initsubst  keywords  are
618                     used in any console type, this value is used.
619
620              portbase number
621                     Set  the  base  value  for  the port calculation formula.
622                     number must be 0 or greater.  The default is  zero.   See
623                     port for the details of the formula.
624
625              portinc number
626                     Set the increment value for the port calculation formula.
627                     number must be 0 or greater.  The default  is  one.   See
628                     port for the details of the formula.
629
630              protocol telnet|raw
631                     Set  the  protocol used to send and receive data from the
632                     console.  If raw is used, all data  is  sent  ``as  is'',
633                     unprotected  by any protocol specification.  If telnet is
634                     used (which is the default), data is encapsulated in  the
635                     telnet  protocol.   The  striphigh  console  option still
636                     applies when data is read by the server, and if  enabled,
637                     can impact the encapsulation process.
638
639              replstring string
640                     A  generic  replacement  string  that  can be used by the
641                     devicesubst, execsubst, and initsubst keywords.
642
643              ro [!]username[,...]|""
644                     Define a list of users making  up  the  read-only  access
645                     list  for  the console.  If username matches a previously
646                     defined group name, all members of the previous group are
647                     applied   to  the  read-only  access  list  (with  access
648                     reversed if prefixed with a `!').   If  username  doesn't
649                     match a previously defined group and username begins with
650                     `@', the name (minus the  `@')  is  checked  against  the
651                     host's group database.  All users found in the group will
652                     be granted (or denied, if prefixed  with  `!')  read-only
653                     access.   If  username doesn't match a previous group and
654                     doesn't begin with `@', the users  will  be  granted  (or
655                     denied,  if  prefixed with `!') read-only access.  If the
656                     null  string  (``""'')  is  used,  any  users  previously
657                     defined for the console's read-only list are removed.
658
659              rw [!]username[,...]|""
660                     Define  a  list  of users making up the read-write access
661                     list for the console.  If username matches  a  previously
662                     defined group name, all members of the previous group are
663                     applied  to  the  read-write  access  list  (with  access
664                     reversed  if  prefixed  with a `!').  If username doesn't
665                     match a previously defined group and username begins with
666                     `@',  the  name  (minus  the  `@') is checked against the
667                     host's group database.  All users found in the group will
668                     be  granted  (or denied, if prefixed with `!') read-write
669                     access.  If username doesn't match a previous  group  and
670                     doesn't  begin  with  `@',  the users will be granted (or
671                     denied, if prefixed with `!') read-write access.  If  the
672                     null  string  (``""'')  is  used,  any  users  previously
673                     defined for the console's read-write list are removed.
674
675              tasklist c[,...]|""
676                     Associate a list of tasks referenced by c with  the  con‐
677                     sole.   If ``*'' is used (the default), all defined tasks
678                     will be available.  If the null string (``""'') is  used,
679                     no tasks will be available.
680
681              timestamp [number[m|h|d|l]][a][b]|""
682                     Specifies the time between timestamps applied to the con‐
683                     sole log file and whether to  log  read/write  connection
684                     actions.   The timestamps look like ``[-- MARK -- Mon Jan
685                     25 14:46:56 1999]''.  The `m', `h', and `d' tags  specify
686                     ``minutes''  (the default), ``hours'', and ``days''.  The
687                     `l' tag specifies ``lines'' and will cause timestamps  of
688                     the  form ``[Mon Jan 25 14:46:56 PST 1999]'' to be placed
689                     every number lines (a newline character signifies  a  new
690                     line).   So, ``5h'' specifies every five hours and ``2l''
691                     specifies every two lines.  An `a' can  be  specified  to
692                     add  logs  of  ``attached'', ``detached'', and ``bumped''
693                     actions, including the user's  name  and  the  host  from
694                     which the client connection was made.  A `b' can be spec‐
695                     ified to add logging of break sequences sent to the  con‐
696                     sole.
697
698              type device|ipmi|exec|host|noop|uds
699                     Set  the type of console.  A type of ``device'' should be
700                     used for local serial ports (also set the device  value).
701                     A  type  of  ``ipmi'' should be used for IPMI serial over
702                     LAN consoles (also set the host value  and  possibly  the
703                     username,   password,  and  ipmi*  values).   A  type  of
704                     ``exec'' should be used for command invocations  (perhaps
705                     also  set  the exec value).  A type of ``host'' should be
706                     used for terminal  servers  and  other  TCP  socket-based
707                     interaction  (also set the host and port values).  A type
708                     of ``noop'' should be used as a  placeholder  -  it  does
709                     nothing,  ignores any logfile value and forces the !nolo‐
710                     gin option (so you might want to set the motd value).   A
711                     type  of  ``uds''  should be used for Unix domain sockets
712                     (also set the uds option).
713
714              uds filename
715                     Assign the Unix domain socket filename as the path to the
716                     console.   Only  consoles  of  type ``uds'' will use this
717                     value.
718
719              udssubst c=t[n]f[,...]|""
720                     Perform character substitutions on the  uds  value.   See
721                     the  devicesubst  option for an explanation of the format
722                     string.  If the null string (``""'') is used, no replace‐
723                     ments will be done.
724
725              username username|""
726                     Use  username  during  IPMI  authentication.  If the null
727                     string (``""'') is used (the default), the ``null''  user
728                     will be used.
729
730       group name
731              Define a user group identified as name.
732
733              users [!]username[,...]|""
734                     Define  a  list  of  users  making up the group name.  If
735                     username matches a previously  defined  group  name,  all
736                     members  of the previous group are applied to the current
737                     group (with access reversed if prefixed with a `!').   If
738                     username  doesn't  match  a  previously defined group and
739                     username begins with `@', the name  (minus  the  `@')  is
740                     checked  against  the  host's  group database.  All users
741                     found in the group will be recorded with (or without,  if
742                     prefixed  with  `!') access.  If username doesn't match a
743                     previous group and doesn't begin with `@', the users will
744                     be  recorded  with  (or  without,  if  prefixed with `!')
745                     access.  If the null string (``""'') is used,  any  users
746                     previously defined for this group are removed.
747
748       task c
749              Define  a  task  where  c  is a lowercase alphanumeric (0-9a-z).
750              Tasks are invoked via the ``^Ec!c'' client escape sequence.
751
752              cmd command|""
753                     Invoke command on  the  server  when  instructed  by  the
754                     client.   All  file  descriptors  are  closed, except for
755                     stderr (which is inherited from the server).  The command
756                     is  passed  as  an  argument  to ``/bin/sh -ce'' and is a
757                     ``fire and forget'' methodology (you need to  check  logs
758                     for  any  issues).   If the null string (``""'') is used,
759                     the entire task definition is ignored.
760
761              confirm yes|true|on|no|false|off
762                     Set whether or not to ask  the  client  for  confirmation
763                     before invoking the task.  The default is ``no''.
764
765              description string
766                     Set  a  description  for  the  task.  When a client lists
767                     tasks, string will be  printed  instead  of  the  command
768                     defined  above.  If the null string (``""'') is used, the
769                     command defined above will be printed.
770
771              runas [user][:group]|""
772                     By default, the command invoked by cmd is  run  with  the
773                     same  privileges as the server.  If the server is running
774                     with root privileges, this option resets the user  and/or
775                     group  of  the  invoked process to user and group respec‐
776                     tively.  user may be a username or numeric uid and  group
777                     may  be  a  group  name  or  numeric  gid.  Either one is
778                     optional.  If the server is not running with root  privi‐
779                     leges,  these  values  are  not used.  If the null string
780                     (``""'') is specified, the default of  running  with  the
781                     same privileges as the server is restored.
782
783              subst c=t[n]f[,...]|""
784                     Perform  character  substitutions  on the cmd value.  See
785                     the devicesubst option for an explanation of  the  format
786                     string.  If the null string (``""'') is used, no replace‐
787                     ments will be done.
788

AUTHORS

790       Bryan Stansell, conserver.com
791

SEE ALSO

793       console(1), conserver.passwd(5), conserver(8)
794
795
796
797conserver-8.2.2                   2018/05/28                   CONSERVER.CF(5)
Impressum