1CONSERVER.CF(5) conserver CONSERVER.CF(5)
2
6 conserver.cf - console configuration file for conserver(8)
7
9 The format of the conserver.cf file is made up of named blocks of key‐
10 word/value pairs, comments, and optional whitespace for formatting
11 flexibility. The block types as well as the keywords are pre-defined
12 and explained in the BLOCKS section. A comment is an unquoted pound-
13 sign to a newline. See the PARSER section for full details on white‐
14 space and quoting.
15 Let me first show you a sample block with a couple of keyword/value
17 pairs to make the description a bit simpler to understand.
18 console simple { master localhost; type exec; rw *; }
20 This is actually a fully functional conserver.cf file (if certain con‐
22 ditions are met...and if you can list those conditions, you can proba‐
23 bly can skip to the BLOCKS section).
24 Our example is made of up of a console-block named ``simple'' with
26 three keyword/value pairs. What this does is define a console named
27 ``simple'', makes the master of that console the host ``localhost'',
28 makes the type an exec-style console, and gives every user read/write
29 permission. This is the generic format of the file:
30 block-type block-name { keyword value; ... }
32 To show the addition of comments and whitespace, here is the example
34 reformatted (but functionally equivalent):
35 # define a console named "simple"
37 console simple {
38 # setting all required values...
39 master localhost;
40 type exec; # exec-style console
41 rw *; # allow any username
42 }
43
45 The parser has six characters that it considers special. These are:
46 ``{'', ``}'', ``;'', ``#'', ``\'', and ``"''. The first three (hereby
47 called tokens) define the format of the configuration blocks and are
48 used as word separators, the next is the comment character, and the
49 last two are quoting characters.
50 Word separation occurs when the parser encounters an unquoted token
52 and, in certain cases, whitespace. Whitespace is only used as a word
53 separator when the parser is looking for a block-type or keyword. When
54 it's looking for a block-name or value, whitespace is like any other
55 character, which allows you to embed whitespace in a block-name or
56 value without having to quote it. Here is an example:
57 default my defs { rw *; include other defs ; }
59 The block-type is ``default'', the block-name is ``my defs'', and the
61 value for the keyword ``include'' is ``other defs''. Whitespace around
62 tokens are ignored so you get ``other defs'' instead of ``other defs
63 '' as the value.
64 The only way to use one of the special characters as part of a block-
66 name or value is to quote it.
67 Quoting is a simple matter of prefixing a character with a backslash or
69 surrounding a group of characters with double-quotes. If a character
70 is prefixed by a backslash, the next character is a literal (so ``\\''
71 produces a ``\'', ``\"'' produces ``"'', ``\{'' produces a ``{'',
72 etc.). For double-quoted strings, all characters are literal except
73 for ``\"'', which embeds a double-quote.
74 Adding a variety of quotes to our example without changing the meaning
76 of things, we have:
77 "defa"ult my\ defs { rw *; in\clude "other defs" ; }
79 There is one special line the parser recognizes: a ``#include'' state‐
81 ment. It is of the form:
82 #include filename
84 Any whitespace around filename is ignored, but whitespace embedded
86 inside is preserved. Everything in filename is taken literally, so
87 none of the normal parser quoting applies. The #include must begin in
88 ``column 0'' - no whitespace is allowed between it and the start of the
89 physical line. There is an include file depth limit of 10 to prevent
90 infinite recursion.
91
93 access hostname|ipaddr
94 Define an access block for the host named hostname or using the
95 address ipaddr. If the value of ``*'' is used, the access block
96 will be applied to all conserver hosts. Access lists are used
97 in a first match fashion (top down), so order is important.
98 admin [!]username[,...]|""
100 Define a list of users making up the admin list for the
101 console server. If username matches a previously defined
102 group name, all members of the previous group are applied
103 to the admin list (with access reversed if prefixed with
104 a `!'). If username doesn't match a previously defined
105 group and username begins with `@', the name (minus the
106 `@') is checked against the host's group database. All
107 users found in the group will be granted (or denied, if
108 prefixed with `!') access. If username doesn't match a
109 previous group and doesn't begin with `@', the users will
110 be granted (or denied, if prefixed with `!') access. If
111 the null string (``""'') is used, any users previously
112 defined for the console servers's admin list are removed.
113 allowed hostname[,...]
115 The list of hostnames are added to the ``allowed'' list,
116 which grants connections from the hosts but requires
117 username authentication.
118 include accessgroup
120 The access lists defined using the name accessgroup are
121 applied to the current access block. The included access
122 block must be previously defined.
123 limited [!]username[,...]|""
125 Define a list of users with limited functionality on the
126 console server. These users will not be allowed to sus‐
127 pend their connection, shift to another console, or
128 attach to a local command. If username matches a previ‐
129 ously defined group name, all members of the previous
130 group are applied to the admin list (with access reversed
131 if prefixed with a `!'). If username doesn't match a
132 previously defined group and username begins with `@',
133 the name (minus the `@') is checked against the host's
134 group database. All users found in the group will be
135 granted (or denied, if prefixed with `!') access. If
136 username doesn't match a previous group and doesn't begin
137 with `@', the users will be granted (or denied, if pre‐
138 fixed with `!') access. If the null string (``""'') is
139 used, any users previously defined for the console
140 server's limited list are removed.
141 rejected hostname[,...]
143 The list of hostnames are added to the ``rejected'' list,
144 which rejects connections from the hosts.
145 trusted hostname[,...]
147 The list of hostnames are added to the ``trusted'' list,
148 which grants connections from the hosts without username
149 authentication.
150 break n
152 Define a break sequence where (1 <= n <= 9) or (a <= n <= z).
153 Break sequences are accessed via the ``^Ecln'' client escape
154 sequence.
155 confirm yes|true|on|no|false|off
157 Set whether or not to ask the client for confirmation
158 before sending the break sequence. The default is
159 ``no''.
160 delay n
162 Set the time delay for the \d sequence to n milliseconds.
163 The default time delay is 250ms.
164 string breakseq
166 Assign the string breakseq to the specified slot n. A
167 break sequence is a simple character string with the
168 exception of `\' and `^':
169 \a alert
171 \b backspace
172 \d delay specified by the delay option.
173 \f form-feed
174 \n newline
175 \r carriage-return
176 \t tab
177 \v vertical-tab
178 \z serial break
179 \\ backslash
180 \^ circumflex
181 \ooo octal representation of a character (where
182 ooo is one to three octal digits)
183 \c character c
184 ^? delete
185 ^c control character (c is ``and''ed with 0x1f)
186 config hostname|ipaddr
188 Define a configuration block for the host named hostname or
189 using the address ipaddr. If the value of ``*'' is used, the
190 configuration block will be applied to all conserver hosts.
191 autocomplete yes|true|on|no|false|off
193 Turn the console name autocompletion feature on or off.
194 If autocompletion is on, a client can use any unique
195 leading portion of a console name when connecting to a
196 console. Autocompletion is on by default.
197 defaultaccess rejected|trusted|allowed
199 Set the default access permission for all hosts not
200 matched by an access list (see the -a command-line flag).
201 daemonmode yes|true|on|no|false|off
203 Set whether or not to become a daemon when run (see the
204 -d command-line flag).
205 initdelay number
207 Set the number of seconds between console initializa‐
208 tions. All consoles with the same host value will be
209 throttled as a group (those without a host value are
210 their own group). In other words, each console within a
211 group will only be initialized after number seconds
212 passes from the previous initialization of a console in
213 that group. Different throttle groups are initialized
214 simultaneously. One warning: since consoles are split up
215 and managed by seperate conserver processes, it's possi‐
216 ble for more than one conserver process to have a throt‐
217 tle group based on a particular host value. If this hap‐
218 pens, each conserver process will throttle their groups
219 independently of the other conserver processes, which
220 results in a more rapid initialization (per host value)
221 than one might otherwise expect. If number is zero, all
222 consoles are initialized without delay.
223 logfile filename
225 Set the logfile to write to when in daemon mode (see the
226 -L command-line flag).
227 passwdfile filename
229 Set the password file location used for authentication
230 (see the -P command-line flag).
231 primaryport number|name
233 Set the port used by the master conserver process (see
234 the -p command-line flag).
235 redirect yes|true|on|no|false|off
237 Turn redirection on or off (see the -R command-line
238 flag).
239 reinitcheck number
241 Set the number of minutes used between reinitialization
242 checks (see the -O command-line flag).
243 secondaryport number|name
245 Set the base port number used by child processes (see the
246 -b command-line flag).
247 setproctitle yes|true|on|no|false|off
249 Set whether or not the process title shows master/group
250 functionality as well as the port number the process is
251 listening on and how many consoles it is managing. The
252 operating system must support the setproctitle() call.
253 sslcredentials filename
255 Set the SSL credentials file location (see the -c com‐
256 mand-line flag).
257 sslcacertificatefile filename
259 Load the valid CA certificates for the SSL connection
260 from the PEM encoded file. This option overrides the
261 global CA list.
262 sslreqclientcert yes|true|on|no|false|off
264 Set whether or not a certificate is required by the
265 client to connect. The default is ``no''.
266 sslrequired yes|true|on|no|false|off
268 Set whether or not encryption is required when talking to
269 clients (see the -E command-line flag).
270 unifiedlog filename
272 Set the location of the unified log to filename. See the
273 -U command-line flag for details.
274 console name
276 Define a console identified as name. The keywords are the same
277 as the default block with the following addition.
278 aliases name[,...]|""
280 Define a list of console aliases. If the null string
281 (``""'') is used, any aliases previously defined for the
282 console are removed.
283 default name
285 Define a block of defaults identified as name. If name is
286 ``*'', the automatically applied default block is defined (basi‐
287 cally all consoles have an implicit ``include "*";'' at the
288 beginning of their definition).
289 baud 300|600|1800|2400|4800|9600|19200|38400|57600|115200
291 Assign the baud rate to the console. Only consoles of
292 type ``device'' will use this value.
293 break n
295 Assign the break sequence n as the default for the con‐
296 sole, which is used by the ``^Ecl0'' client escape
297 sequence.
298 breaklist n[,...]|""
300 Associate a list of break sequences referenced by n with
301 the console. If ``*'' is used (the default), all defined
302 break sequences will be available. If the null string
303 (``""'') is used, no sequences will be available.
304 device filename
306 Assign the serial device filename as the path to the con‐
307 sole. Only consoles of type ``device'' will use this
308 value.
309 devicesubst c=t[n]f[,...]|""
311 Perform character substitutions on the device value. A
312 series of replacements can be defined by specifying a
313 comma-separated list of c=t[n]f sequences where c is any
314 printable character, t specifies the replacement value, n
315 is a field length (optional), and f is the format string.
316 t can be one of the characters below, catagorized as a
317 string replacement or a numeric replacement, which dic‐
318 tates the use of the n and f fields.
319 String Replacement
321 c console name
322 h host value
323 r replstring value
324 Numeric Replacement
326 p config port value
327 P calculated port value
328 For string replacements, if the replacement isn't at
330 least n characters, it will be padded with space charac‐
331 ters on the left. f must be `s'. For numeric replace‐
332 ments, the value will be formatted to at least n charac‐
333 ters, padded with 0s if n begins with a 0, and space
334 characters otherwise. f must be either `d', `x', `X',
335 `a', or `A', specifying a decimal, lowercase hexadecimal
336 (0-9a-f), uppercase hexadecimal (0-9A-F), lowercase
337 alphanumeric (0-9a-z), or uppercase alphanumeric (0-9A-Z)
338 conversion. If the null string (``""'') is used, no
339 replacements will be done.
340 exec command|""
342 Assign the string command as the command to access the
343 console. Conserver will run the command by invoking
344 ``/bin/sh -ce "command"''. If the null string (``""'')
345 is used or no exec keyword is specified, conserver will
346 use the command ``/bin/sh -i''. Only consoles of type
347 ``exec'' will use this value.
348 execrunas [user][:group]|""
350 By default, the command invoked by exec is run with the
351 same privileges as the server. If the server is running
352 with root privileges, this option resets the user and/or
353 group of the invoked process to user and group respec‐
354 tively. user may be a username or numeric uid and group
355 may be a group name or numeric gid. Either one is
356 optional. If the server is not running with root privi‐
357 leges, these values are not used. If the null string
358 (``""'') is specified, the default of running with the
359 same privileges as the server is restored.
360 execsubst c=t[n]f[,...]|""
362 Perform character substitutions on the exec value. See
363 the devicesubst option for an explanation of the format
364 string. If the null string (``""'') is used, no replace‐
365 ments will be done.
366 host hostname
368 Assign hostname as the host to connect to for accessing
369 the console. You must also set the port option for con‐
370 soles of type ``host''. Normally, only consoles of type
371 ``host'' and ``ipmi'' will use this value, however if the
372 devicesubst, execsubst, or initsubst keywords are used in
373 any console type, this value is used.
374 idlestring string|""
376 Assign the string that is sent to the console once the
377 console is idle for an idletimeout amount of time. If
378 the null string (``""'') is used, the string is unset and
379 the default is used. The string is interpreted just as a
380 break string is interpreted (see the break configuration
381 items for details) where all delays specified (via
382 ``\d'') use the default delay time. The default string
383 is ``\n''.
384 idletimeout number[s|m|h]
386 Set the idle timeout of the console to number seconds.
387 If an `s', `m', or `h' is used after number, the speci‐
388 fied time is interpreted as seconds, minutes, or hours.
389 Set the timeout to zero to disable the idle timeout (the
390 default).
391 ipmiciphersuite number
393 Set the IPMI cipher suite. Syntactically valid values
394 are -1 (the default) and greater. Check the FreeIPMI
395 documentation for usable values.
396 ipmikg string|""
398 Set the BMC authentication key K_g to string. A K_g
399 value is a simple character string with the exception of
400 `\':
401 \\ backslash
403 \ooo octal representation of a character (where
404 ooo is one to three octal digits)
405 \c character c
406 The resulting value must be no more than 20 characters.
408 The null string (``""'') is the default.
409 impiworkaround [!]option[,...]|""
411 You can turn off a workaround by prefixing it with a
412 ``!'' character. So, to turn off the integrity work‐
413 around, you would use !integrity. The following are
414 valid options and their mapping to FreeIPMI settings:
415 activation-status SKIP_SOL_ACTIVATION_STATUS
417 auth-capabilites AUTHENTICATION_CAPABILITIES
418 channel-payload SKIP_CHANNEL_PAYLOAD_SUPPORT
419 checksum NO_CHECKSUM_CHECK
420 default DEFAULT
421 ignore-payload-size IGNORE_SOL_PAYLOAD_SIZE
422 ignore-port IGNORE_SOL_PORT
423 integrity NON_EMPTY_INTEGRITY_CHECK_VALUE
424 intel-session INTEL_2_0_SESSION
425 packet-sequence INCREMENT_SOL_PACKET_SEQUENCE
426 privilege OPEN_SESSION_PRIVILEGE
427 serial-alerts SERIAL_ALERTS_DEFERRED
428 sun-session SUN_2_0_SESSION
429 supermicro-session SUPERMICRO_2_0_SESSION
430 If no ipmiworkaround is specified, the ``default'' work‐
432 around will be used. The null string (``""'') unsets all
433 workarounds, including ``default''. See the FreeIPMI
434 documentation for details on what workarounds affect.
435 ipmiprivlevel user|operator|admin
437 Set the privilege level for the username used during IPMI
438 authentication. The default privilege level is
439 ``admin''.
440 include default
442 The default block defined using the name default is
443 applied to the current console or default block. The
444 included default block must be previously defined.
445 initcmd command|""
447 Invoke command as soon as the console is brought up,
448 redirecting the console to stdin, stdout, and stderr of
449 command. The command is passed as an argument to
450 ``/bin/sh -ce''. If the null string (``""'') is used,
451 the command is unset and nothing is invoked.
452 initrunas [user][:group]|""
454 By default, the command invoked by initcmd is run with
455 the same privileges as the server. If the server is run‐
456 ning with root privileges, this option resets the user
457 and/or group of the invoked process to user and group
458 respectively. user may be a username or numeric uid and
459 group may be a group name or numeric gid. Either one is
460 optional. If the server is not running with root privi‐
461 leges, these values are not used. If the null string
462 (``""'') is specified, the default of running with the
463 same privileges as the server is restored.
464 initspinmax n|""
466 Set the maximum number of ``spins'' allowed for the con‐
467 sole to n, where 0 <= n <= 254. A console is determined
468 to be ``spinning'' if an attempt to initialize the con‐
469 sole occurs in under initspintimer seconds from its pre‐
470 vious initialization and this quick initialization occurs
471 initspinmax times in a row. If, at any point, the time
472 between initializations is greater than initspintimer,
473 the counter for reaching initspinmax resets to zero.
474 When a console is determined to be ``spinning'' it is
475 forced down. If the null string (``""'') is specified,
476 the default of 5 is used.
477 initspintimer t|""
479 Set the number of seconds a console must be ``up'' to not
480 be considered ``spinning'' to t, where 0 <= t <= 254.
481 See initspinmax for a full description of console ``spin‐
482 ning.'' If the null string (``""'') is specified, the
483 default of 1 is used.
484 initsubst c=t[n]f[,...]|""
486 Perform character substitutions on the initcmd value.
487 See the devicesubst option for an explanation of the for‐
488 mat string. If the null string (``""'') is used, no
489 replacements will be done.
490 logfile filename|""
492 Assign the logfile specified by filename to the console.
493 Any occurrence of ``&'' in filename will be replaced with
494 the name of the console. If the null string (``""'') is
495 used, the logfile name is unset and no logging will
496 occur.
497 logfilemax number[k|m]
499 Enable automatic rotation of logfile once its size
500 exceeds number bytes. Specifying k or m interpret number
501 as kilobytes and megabytes. number must be at least 2048
502 bytes. A value of zero will turn off automatic rotation
503 of logfile. The logfile filename will be renamed file‐
504 name-YYYYMMDD-HHMMSS, where the extension is the current
505 GMT year, month, day, hour, minute, and second (to pre‐
506 vent issues with clock rollbacks). File sizes are
507 checked every 5 minutes with an additional initial
508 pseudo-random delay of up to one minute (to help prevent
509 all processes checking all consoles simultaneously).
510 2.5% (minimum 100 bytes, maximum 4000 bytes) of the old
511 logfile is read from the end of the file. All data past
512 the first newline is moved (not copied) to the new log‐
513 file so that a replay of the console works and starts on
514 a line boundary.
515 master hostname|ipaddr
517 Define which conserver host manages the console. The
518 host may be specified by hostname or using the address
519 ipaddr.
520 motd message|""
522 Set the "message of the day" for the console to message,
523 which gets displayed when a client attaches to the con‐
524 sole. If the null string (``""'') is used, the MOTD is
525 unset and no message will occur.
526 options [!]option[,...]|""
528 You can negate the option by prefixing it with a ``!''
529 character. So, to turn off the hupcl flag, you would use
530 !hupcl. The following are valid options:
531 ixon Enable XON/XOFF flow control on output. Only
533 consoles of type ``device'' or ``exec'' will
534 use this value. Default is ixon.
535 ixany Enable any character to restart output. Only
536 consoles of type ``device'' or ``exec'' will
537 use this value. Default is !ixany.
538 ixoff Enable XON/XOFF flow control on input. Only
539 consoles of type ``device'' or ``exec'' will
540 use this value. Default is ixoff for con‐
541 soles of type ``device'' and !ixoff for con‐
542 soles of type ``exec''.
543 crtscts Enable RTS/CTS (hardware) flow control. Only
544 consoles of type ``device'' will use this
545 value. Default is !crtscts.
546 cstopb Set two stop bits, rather than one. Only
547 consoles of type ``device'' will use this
548 value. Default is !cstopb.
549 hupcl Lower modem control lines after last process
550 closes the device (hang up). Only consoles
551 of type ``device'' will use this value.
552 Default is !hupcl.
553 ondemand Initialize the console when a client requests
554 a connection to the console. When no clients
555 are connected, bring the console down. The
556 conserver option -i will set this flag for
557 all consoles. Default is !ondemand.
558 striphigh Strip the high bit off all data coming from
559 this console and all clients connected to
560 this console before processing occurs. The
561 conserver option -7 will set this flag for
562 all consoles. Default is !striphigh.
563 reinitoncc Automatically reinitialize (``bring up'') a
564 downed console when a client connects. With‐
565 out this option, a client will be attached to
566 the downed console and will need to manually
567 reinitialize the console with an escape
568 sequence. The conserver option -o will set
569 this flag for all consoles. Default is
570 !reinitoncc.
571 autoreinit Allow this console to be automatically reini‐
572 tialized if it unexpectedly goes down. If
573 the console doesn't come back up, it is
574 retried every minute. A console of type
575 ``exec'' that exits with a zero exit status
576 is automatically reinitialized regardless of
577 this setting. The conserver option -F will
578 unset this flag for all consoles. Default is
579 autoreinit.
580 unloved Enable the sending of this console's output
581 (prefixed with its name) to the daemon's std‐
582 out (or the logfile if in daemon mode) when
583 no clients are connected to the console. The
584 conserver option -u will set this flag for
585 all consoles. Default is !unloved.
586 login Allow users to log into this console. If
587 logins are not allowed, conserver will send a
588 generic message to the client saying so and
589 terminate the connection. You can override
590 the generic message by setting the motd mes‐
591 sage. Default is login.
592 parity even|mark|none|odd|space
594 Set the parity option for the console. Only consoles of
595 type ``device'' will use this value.
596 password password|""
598 Use password during IPMI authentication. If the null
599 string (``""'') is used (the default), no password will
600 be used.
601 port number|name
603 Set the port used to access the console. The port may be
604 specified as a number or a name. A name will cause a
605 getservbyname(3) call to look up the port number. The
606 port, portbase, and portinc values are all used to calcu‐
607 late the final port number to connect to. The formula
608 used is finalport = portbase + portinc * port. By using
609 proper values in the formula, you can reference ports on
610 a terminal server by their physical numbering of 0..n or
611 1..n (depending on if you like zero-based or one-based
612 numbering). Warning: you can generate a -1 value with
613 this formula, which will become a very high numbered pos‐
614 itive value (since things are stored unsigned). You must
615 also set the host option as well. Normally, only con‐
616 soles of type ``host'' will use this value, however if
617 the devicesubst, execsubst, or initsubst keywords are
618 used in any console type, this value is used.
619 portbase number
621 Set the base value for the port calculation formula.
622 number must be 0 or greater. The default is zero. See
623 port for the details of the formula.
624 portinc number
626 Set the increment value for the port calculation formula.
627 number must be 0 or greater. The default is one. See
628 port for the details of the formula.
629 protocol telnet|raw
631 Set the protocol used to send and receive data from the
632 console. If raw is used, all data is sent ``as is'',
633 unprotected by any protocol specification. If telnet is
634 used (which is the default), data is encapsulated in the
635 telnet protocol. The striphigh console option still
636 applies when data is read by the server, and if enabled,
637 can impact the encapsulation process.
638 replstring string
640 A generic replacement string that can be used by the
641 devicesubst, execsubst, and initsubst keywords.
642 ro [!]username[,...]|""
644 Define a list of users making up the read-only access
645 list for the console. If username matches a previously
646 defined group name, all members of the previous group are
647 applied to the read-only access list (with access
648 reversed if prefixed with a `!'). If username doesn't
649 match a previously defined group and username begins with
650 `@', the name (minus the `@') is checked against the
651 host's group database. All users found in the group will
652 be granted (or denied, if prefixed with `!') read-only
653 access. If username doesn't match a previous group and
654 doesn't begin with `@', the users will be granted (or
655 denied, if prefixed with `!') read-only access. If the
656 null string (``""'') is used, any users previously
657 defined for the console's read-only list are removed.
658 rw [!]username[,...]|""
660 Define a list of users making up the read-write access
661 list for the console. If username matches a previously
662 defined group name, all members of the previous group are
663 applied to the read-write access list (with access
664 reversed if prefixed with a `!'). If username doesn't
665 match a previously defined group and username begins with
666 `@', the name (minus the `@') is checked against the
667 host's group database. All users found in the group will
668 be granted (or denied, if prefixed with `!') read-write
669 access. If username doesn't match a previous group and
670 doesn't begin with `@', the users will be granted (or
671 denied, if prefixed with `!') read-write access. If the
672 null string (``""'') is used, any users previously
673 defined for the console's read-write list are removed.
674 tasklist c[,...]|""
676 Associate a list of tasks referenced by c with the con‐
677 sole. If ``*'' is used (the default), all defined tasks
678 will be available. If the null string (``""'') is used,
679 no tasks will be available.
680 timestamp [number[m|h|d|l]][a][b]|""
682 Specifies the time between timestamps applied to the con‐
683 sole log file and whether to log read/write connection
684 actions. The timestamps look like ``[-- MARK -- Mon Jan
685 25 14:46:56 1999]''. The `m', `h', and `d' tags specify
686 ``minutes'' (the default), ``hours'', and ``days''. The
687 `l' tag specifies ``lines'' and will cause timestamps of
688 the form ``[Mon Jan 25 14:46:56 PST 1999]'' to be placed
689 every number lines (a newline character signifies a new
690 line). So, ``5h'' specifies every five hours and ``2l''
691 specifies every two lines. An `a' can be specified to
692 add logs of ``attached'', ``detached'', and ``bumped''
693 actions, including the user's name and the host from
694 which the client connection was made. A `b' can be spec‐
695 ified to add logging of break sequences sent to the con‐
696 sole.
697 type device|ipmi|exec|host|noop|uds
699 Set the type of console. A type of ``device'' should be
700 used for local serial ports (also set the device value).
701 A type of ``ipmi'' should be used for IPMI serial over
702 LAN consoles (also set the host value and possibly the
703 username, password, and ipmi* values). A type of
704 ``exec'' should be used for command invocations (perhaps
705 also set the exec value). A type of ``host'' should be
706 used for terminal servers and other TCP socket-based
707 interaction (also set the host and port values). A type
708 of ``noop'' should be used as a placeholder - it does
709 nothing, ignores any logfile value and forces the !nolo‐
710 gin option (so you might want to set the motd value). A
711 type of ``uds'' should be used for Unix domain sockets
712 (also set the uds option).
713 uds filename
715 Assign the Unix domain socket filename as the path to the
716 console. Only consoles of type ``uds'' will use this
717 value.
718 udssubst c=t[n]f[,...]|""
720 Perform character substitutions on the uds value. See
721 the devicesubst option for an explanation of the format
722 string. If the null string (``""'') is used, no replace‐
723 ments will be done.
724 username username|""
726 Use username during IPMI authentication. If the null
727 string (``""'') is used (the default), the ``null'' user
728 will be used.
729 group name
731 Define a user group identified as name.
732 users [!]username[,...]|""
734 Define a list of users making up the group name. If
735 username matches a previously defined group name, all
736 members of the previous group are applied to the current
737 group (with access reversed if prefixed with a `!'). If
738 username doesn't match a previously defined group and
739 username begins with `@', the name (minus the `@') is
740 checked against the host's group database. All users
741 found in the group will be recorded with (or without, if
742 prefixed with `!') access. If username doesn't match a
743 previous group and doesn't begin with `@', the users will
744 be recorded with (or without, if prefixed with `!')
745 access. If the null string (``""'') is used, any users
746 previously defined for this group are removed.
747 task c
749 Define a task where c is a lowercase alphanumeric (0-9a-z).
750 Tasks are invoked via the ``^Ec!c'' client escape sequence.
751 cmd command|""
753 Invoke command on the server when instructed by the
754 client. All file descriptors are closed, except for
755 stderr (which is inherited from the server). The command
756 is passed as an argument to ``/bin/sh -ce'' and is a
757 ``fire and forget'' methodology (you need to check logs
758 for any issues). If the null string (``""'') is used,
759 the entire task definition is ignored.
760 confirm yes|true|on|no|false|off
762 Set whether or not to ask the client for confirmation
763 before invoking the task. The default is ``no''.
764 description string
766 Set a description for the task. When a client lists
767 tasks, string will be printed instead of the command
768 defined above. If the null string (``""'') is used, the
769 command defined above will be printed.
770 runas [user][:group]|""
772 By default, the command invoked by cmd is run with the
773 same privileges as the server. If the server is running
774 with root privileges, this option resets the user and/or
775 group of the invoked process to user and group respec‐
776 tively. user may be a username or numeric uid and group
777 may be a group name or numeric gid. Either one is
778 optional. If the server is not running with root privi‐
779 leges, these values are not used. If the null string
780 (``""'') is specified, the default of running with the
781 same privileges as the server is restored.
782 subst c=t[n]f[,...]|""
784 Perform character substitutions on the cmd value. See
785 the devicesubst option for an explanation of the format
786 string. If the null string (``""'') is used, no replace‐
787 ments will be done.
788
790 Bryan Stansell, conserver.com
791
793 console(1), conserver.passwd(5), conserver(8)
794conserver-8.2.1 2015/06/02 CONSERVER.CF(5)