1sac(1M) System Administration Commands sac(1M)
2
6 sac - service access controller
7
9 sac -t sanity_interval
10 /usr/lib/saf/sac
13
16 The Service Access Controller (SAC) is the overseer of the server
17 machine. It is started when the server machine enters multiuser mode.
18 The SAC performs several important functions as explained below.
19 Customizing the SAC Environment
21 When sac is invoked, it first looks for the per-system configuration
22 script /etc/saf/_sysconfig. sac interprets _sysconfig to customize its
23 own environment. The modifications made to the SAC environment by
24 _sysconfig are inherited by all the children of the SAC. This inherited
25 environment may be modified by the children.
26 Starting Port Monitors
28 After it has interpreted the _sysconfig file, the sac reads its admin‐
29 istrative file /etc/saf/_sactab. _sactab specifies which port monitors
30 are to be started. For each port monitor to be started, sac forks a
31 child (see fork(2)) and creates a utmpx entry with the type field set
32 to LOGIN_PROCESS. Each child then interprets its per-port monitor con‐
33 figuration script /etc/saf/pmtag/_config , if the file exists. These
34 modifications to the environment affect the port monitor and will be
35 inherited by all its children. Finally, the child process execs the
36 port monitor, using the command found in the _sactab entry. (See
37 sacadm; this is the command given with the -c option when the port mon‐
38 itor is added to the system.)
39 Polling Port Monitors to Detect Failure
41 The -t option sets the frequency with which sac polls the port monitors
42 on the system. This time may also be thought of as half of the maximum
43 latency required to detect that a port monitor has failed and that
44 recovery action is necessary.
45 Administrative functions
47 The Service Access Controller represents the administrative point of
48 control for port monitors. Its administrative tasks are explained
49 below.
50 When queried (sacadm with either -l or -L), the Service Access Con‐
53 troller returns the status of the port monitors specified, which
54 sacadm prints on the standard output. A port monitor may be in one of
55 six states:
56 ENABLED The port monitor is currently running and is accepting
58 connections. See sacadm(1M) with the -e option.
59 DISABLED The port monitor is currently running and is not accept‐
62 ing connections. See sacadm with the -d option, and see
63 NOTRUNNING, below.
64 STARTING The port monitor is in the process of starting up. START‐
67 ING is an intermediate state on the way to ENABLED or
68 DISABLED.
69 FAILED The port monitor was unable to start and remain running.
72 STOPPING The port monitor has been manually terminated but has not
75 completed its shutdown procedure. STOPPING is an interme‐
76 diate state on the way to NOTRUNNING.
77 NOTRUNNING The port monitor is not currently running. (See sacadm
80 with -k.) This is the normal "not running" state. When a
81 port monitor is killed, all ports it was monitoring are
82 inaccessible. It is not possible for an external user to
83 tell whether a port is not being monitored or the system
84 is down. If the port monitor is not killed but is in the
85 DISABLED state, it may be possible (depending on the port
86 monitor being used) to write a message on the inaccessi‐
87 ble port telling the user who is trying to access the
88 port that it is disabled. This is the advantage of having
89 a DISABLED state as well as the NOTRUNNING state.
90 When a port monitor terminates, the SAC removes the utmpx entry for
94 that port monitor.
95 The SAC receives all requests to enable, disable, start, or stop port
98 monitors and takes the appropriate action.
99 The SAC is responsible for restarting port monitors that terminate.
102 Whether or not the SAC will restart a given port monitor depends on two
103 things:
104 o The restart count specified for the port monitor when the
106 port monitor was added by sacadm; this information is
107 included in /etc/saf/pmtag/_sactab.
108 o The number of times the port monitor has already been
110 restarted.
111
113 sac uses pam(3PAM) for session management. The PAM configuration pol‐
114 icy, listed through /etc/pam.conf, specifies the session management
115 module to be used for sac. Here is a partial pam.conf file with entries
116 for sac using the UNIX session management module.
117 sac session required pam_unix_session.so.1
119 If there are no entries for the sac service, then the entries for the
123 "other" service will be used.
124
126 -t sanity_interval Sets the frequency (sanity_interval) with which
127 sac polls the port monitors on the system.
128
131 o /etc/saf/_sactab
132 o /etc/saf/_sysconfig
134 o /var/adm/utmpx
136 o /var/saf/_log
138
140 See attributes(5) for descriptions of the following attributes:
141 ┌─────────────────────────────┬─────────────────────────────┐
146 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
147 ├─────────────────────────────┼─────────────────────────────┤
148 │Availability │SUNWcsu │
149 └─────────────────────────────┴─────────────────────────────┘
150
152 pmadm(1M), sacadm(1M), fork(2) pam(3PAM), pam.conf(4), attributes(5),
153 pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5),
154 pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
155 pam_unix_auth(5), pam_unix_session(5)
156
158 The pam_unix(5) module is no longer supported. Similar functionality is
159 provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth‐
160 tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5),
161 pam_unix_auth(5), and pam_unix_session(5).
162 The service access controller service is managed by the service manage‐
165 ment facility, smf(5), under the service identifier:
166 svc:/system/sac:default
168 Administrative actions on this service, such as enabling, disabling, or
173 requesting restart, can be performed using svcadm(1M). The service's
174 status can be queried using the svcs(1) command.
175SunOS 5.11 21 Apr 2009 sac(1M)