1CONSERVER.CF(5) conserver CONSERVER.CF(5)
2
6 conserver.cf - console configuration file for conserver(8)
7
9 The format of the conserver.cf file is made up of named blocks of key‐
10 word/value pairs, comments, and optional whitespace for formatting
11 flexibility. The block types as well as the keywords are pre-defined
12 and explained in the BLOCKS section. A comment is an unquoted pound-
13 sign to a newline. See the PARSER section for full details on white‐
14 space and quoting.
15 Let me first show you a sample block with a couple of keyword/value
17 pairs to make the description a bit simpler to understand.
18 console simple { master localhost; type exec; rw *; }
20 This is actually a fully functional conserver.cf file (if certain con‐
22 ditions are met...and if you can list those conditions, you can proba‐
23 bly can skip to the BLOCKS section).
24 Our example is made of up of a console-block named ``simple'' with
26 three keyword/value pairs. What this does is define a console named
27 ``simple'', makes the master of that console the host ``localhost'',
28 makes the type an exec-style console, and gives every user read/write
29 permission. This is the generic format of the file:
30 block-type block-name { keyword value; ... }
32 To show the addition of comments and whitespace, here is the example
34 reformatted (but functionally equivalent):
35 # define a console named "simple"
37 console simple {
38 # setting all required values...
39 master localhost;
40 type exec; # exec-style console
41 rw *; # allow any username
42 }
43
45 The parser has six characters that it considers special. These are:
46 ``{'', ``}'', ``;'', ``#'', ``\'', and ``"''. The first three (hereby
47 called tokens) define the format of the configuration blocks and are
48 used as word separators, the next is the comment character, and the
49 last two are quoting characters.
50 Word separation occurs when the parser encounters an unquoted token
52 and, in certain cases, whitespace. Whitespace is only used as a word
53 separator when the parser is looking for a block-type or keyword. When
54 it's looking for a block-name or value, whitespace is like any other
55 character, which allows you to embed whitespace in a block-name or
56 value without having to quote it. Here is an example:
57 default my defs { rw *; include other defs ; }
59 The block-type is ``default'', the block-name is ``my defs'', and the
61 value for the keyword ``include'' is ``other defs''. Whitespace around
62 tokens are ignored so you get ``other defs'' instead of ``other defs
63 '' as the value.
64 The only way to use one of the special characters as part of a block-
66 name or value is to quote it.
67 Quoting is a simple matter of prefixing a character with a backslash or
69 surrounding a group of characters with double-quotes. If a character
70 is prefixed by a backslash, the next character is a literal (so ``\\''
71 produces a ``\'', ``\"'' produces ``"'', ``\{'' produces a ``{'',
72 etc.). For double-quoted strings, all characters are literal except
73 for ``\"'', which embeds a double-quote.
74 Adding a variety of quotes to our example without changing the meaning
76 of things, we have:
77 "defa"ult my\ defs { rw *; in\clude "other defs" ; }
79 There is one special line the parser recognizes: a ``#include'' state‐
81 ment. It is of the form:
82 #include filename
84 Any whitespace around filename is ignored, but whitespace embedded in‐
86 side is preserved. Everything in filename is taken literally, so none
87 of the normal parser quoting applies. The #include must begin in
88 ``column 0'' - no whitespace is allowed between it and the start of the
89 physical line. There is an include file depth limit of 10 to prevent
90 infinite recursion.
91
93 access hostname|ipaddr
94 Define an access block for the host named hostname or using the
95 address ipaddr. If the value of ``*'' is used, the access block
96 will be applied to all conserver hosts. Access lists are used
97 in a first match fashion (top down), so order is important.
98 admin [!]username[,...]|""
100 Define a list of users making up the admin list for the
101 console server. If username matches a previously defined
102 group name, all members of the previous group are applied
103 to the admin list (with access reversed if prefixed with
104 a `!'). If username doesn't match a previously defined
105 group and username begins with `@', the name (minus the
106 `@') is checked against the host's group database. All
107 users found in the group will be granted (or denied, if
108 prefixed with `!') access. If username doesn't match a
109 previous group and doesn't begin with `@', the users will
110 be granted (or denied, if prefixed with `!') access. If
111 the null string (``""'') is used, any users previously
112 defined for the console servers's admin list are removed.
113 allowed hostname[,...]
115 The list of hostnames are added to the ``allowed'' list,
116 which grants connections from the hosts but requires
117 username authentication.
118 include accessgroup
120 The access lists defined using the name accessgroup are
121 applied to the current access block. The included access
122 block must be previously defined.
123 limited [!]username[,...]|""
125 Define a list of users with limited functionality on the
126 console server. These users will not be allowed to sus‐
127 pend their connection, shift to another console, or at‐
128 tach to a local command. If username matches a previ‐
129 ously defined group name, all members of the previous
130 group are applied to the admin list (with access reversed
131 if prefixed with a `!'). If username doesn't match a
132 previously defined group and username begins with `@',
133 the name (minus the `@') is checked against the host's
134 group database. All users found in the group will be
135 granted (or denied, if prefixed with `!') access. If
136 username doesn't match a previous group and doesn't begin
137 with `@', the users will be granted (or denied, if pre‐
138 fixed with `!') access. If the null string (``""'') is
139 used, any users previously defined for the console
140 server's limited list are removed.
141 rejected hostname[,...]
143 The list of hostnames are added to the ``rejected'' list,
144 which rejects connections from the hosts.
145 trusted hostname[,...]
147 The list of hostnames are added to the ``trusted'' list,
148 which grants connections from the hosts without username
149 authentication.
150 break n
152 Define a break sequence where (1 <= n <= 9) or (a <= n <= z).
153 Break sequences are accessed via the ``^Ecln'' client escape se‐
154 quence.
155 confirm yes|true|on|no|false|off
157 Set whether or not to ask the client for confirmation be‐
158 fore sending the break sequence. The default is ``no''.
159 delay n
161 Set the time delay for the \d sequence to n milliseconds.
162 The default time delay is 250ms.
163 string breakseq
165 Assign the string breakseq to the specified slot n. A
166 break sequence is a simple character string with the ex‐
167 ception of `\' and `^':
168 \a alert
170 \b backspace
171 \d delay specified by the delay option.
172 \f form-feed
173 \n newline
174 \r carriage-return
175 \t tab
176 \v vertical-tab
177 \z serial break
178 \\ backslash
179 \^ circumflex
180 \ooo octal representation of a character (where
181 ooo is one to three octal digits)
182 \c character c
183 ^? delete
184 ^c control character (c is ``and''ed with 0x1f)
185 config hostname|ipaddr
187 Define a configuration block for the host named hostname or us‐
188 ing the address ipaddr. If the value of ``*'' is used, the con‐
189 figuration block will be applied to all conserver hosts.
190 autocomplete yes|true|on|no|false|off
192 Turn the console name autocompletion feature on or off.
193 If autocompletion is on, a client can use any unique
194 leading portion of a console name when connecting to a
195 console. Autocompletion is on by default.
196 defaultaccess rejected|trusted|allowed
198 Set the default access permission for all hosts not
199 matched by an access list (see the -a command-line flag).
200 daemonmode yes|true|on|no|false|off
202 Set whether or not to become a daemon when run (see the
203 -d command-line flag).
204 initdelay number
206 Set the number of seconds between console initializa‐
207 tions. All consoles with the same host value will be
208 throttled as a group (those without a host value are
209 their own group). In other words, each console within a
210 group will only be initialized after number seconds
211 passes from the previous initialization of a console in
212 that group. Different throttle groups are initialized
213 simultaneously. One warning: since consoles are split up
214 and managed by seperate conserver processes, it's possi‐
215 ble for more than one conserver process to have a throt‐
216 tle group based on a particular host value. If this hap‐
217 pens, each conserver process will throttle their groups
218 independently of the other conserver processes, which re‐
219 sults in a more rapid initialization (per host value)
220 than one might otherwise expect. If number is zero, all
221 consoles are initialized without delay.
222 logfile filename
224 Set the logfile to write to when in daemon mode (see the
225 -L command-line flag).
226 passwdfile filename
228 Set the password file location used for authentication
229 (see the -P command-line flag).
230 primaryport number|name
232 Set the port used by the master conserver process (see
233 the -p command-line flag).
234 redirect yes|true|on|no|false|off
236 Turn redirection on or off (see the -R command-line
237 flag).
238 reinitcheck number
240 Set the number of minutes used between reinitialization
241 checks (see the -O command-line flag).
242 secondaryport number|name
244 Set the base port number used by child processes (see the
245 -b command-line flag).
246 setproctitle yes|true|on|no|false|off
248 Set whether or not the process title shows master/group
249 functionality as well as the port number the process is
250 listening on and how many consoles it is managing. The
251 operating system must support the setproctitle() call.
252 sslcredentials filename
254 Set the SSL credentials file location (see the -c com‐
255 mand-line flag).
256 sslcacertificatefile filename
258 Load the valid CA certificates for the SSL connection
259 from the PEM encoded file. This option overrides the
260 global CA list.
261 sslreqclientcert yes|true|on|no|false|off
263 Set whether or not a certificate is required by the
264 client to connect. The default is ``no''.
265 sslrequired yes|true|on|no|false|off
267 Set whether or not encryption is required when talking to
268 clients (see the -E command-line flag).
269 unifiedlog filename
271 Set the location of the unified log to filename. See the
272 -U command-line flag for details.
273 console name
275 Define a console identified as name. The keywords are the same
276 as the default block with the following addition.
277 aliases name[,...]|""
279 Define a list of console aliases. If the null string
280 (``""'') is used, any aliases previously defined for the
281 console are removed.
282 default name
284 Define a block of defaults identified as name. If name is
285 ``*'', the automatically applied default block is defined (basi‐
286 cally all consoles have an implicit ``include "*";'' at the be‐
287 ginning of their definition).
288 baud 300|600|1800|2400|4800|9600|19200|38400|57600|115200
290 Assign the baud rate to the console. Only consoles of
291 type ``device'' will use this value.
292 break n
294 Assign the break sequence n as the default for the con‐
295 sole, which is used by the ``^Ecl0'' client escape se‐
296 quence.
297 breaklist n[,...]|""
299 Associate a list of break sequences referenced by n with
300 the console. If ``*'' is used (the default), all defined
301 break sequences will be available. If the null string
302 (``""'') is used, no sequences will be available.
303 device filename
305 Assign the serial device filename as the path to the con‐
306 sole. Only consoles of type ``device'' will use this
307 value.
308 devicesubst c=t[n]f[,...]|""
310 Perform character substitutions on the device value. A
311 series of replacements can be defined by specifying a
312 comma-separated list of c=t[n]f sequences where c is any
313 printable character, t specifies the replacement value, n
314 is a field length (optional), and f is the format string.
315 t can be one of the characters below, catagorized as a
316 string replacement or a numeric replacement, which dic‐
317 tates the use of the n and f fields.
318 String Replacement
320 c console name
321 h host value
322 r replstring value
323 Numeric Replacement
325 p config port value
326 P calculated port value
327 For string replacements, if the replacement isn't at
329 least n characters, it will be padded with space charac‐
330 ters on the left. f must be `s'. For numeric replace‐
331 ments, the value will be formatted to at least n charac‐
332 ters, padded with 0s if n begins with a 0, and space
333 characters otherwise. f must be either `d', `x', `X',
334 `a', or `A', specifying a decimal, lowercase hexadecimal
335 (0-9a-f), uppercase hexadecimal (0-9A-F), lowercase al‐
336 phanumeric (0-9a-z), or uppercase alphanumeric (0-9A-Z)
337 conversion. If the null string (``""'') is used, no re‐
338 placements will be done.
339 exec command|""
341 Assign the string command as the command to access the
342 console. Conserver will run the command by invoking
343 ``/bin/sh -ce "command"''. If the null string (``""'')
344 is used or no exec keyword is specified, conserver will
345 use the command ``/bin/sh -i''. Only consoles of type
346 ``exec'' will use this value.
347 execrunas [user][:group]|""
349 By default, the command invoked by exec is run with the
350 same privileges as the server. If the server is running
351 with root privileges, this option resets the user and/or
352 group of the invoked process to user and group respec‐
353 tively. user may be a username or numeric uid and group
354 may be a group name or numeric gid. Either one is op‐
355 tional. If the server is not running with root privi‐
356 leges, these values are not used. If the null string
357 (``""'') is specified, the default of running with the
358 same privileges as the server is restored.
359 execsubst c=t[n]f[,...]|""
361 Perform character substitutions on the exec value. See
362 the devicesubst option for an explanation of the format
363 string. If the null string (``""'') is used, no replace‐
364 ments will be done.
365 host hostname
367 Assign hostname as the host to connect to for accessing
368 the console. You must also set the port option for con‐
369 soles of type ``host''. Normally, only consoles of type
370 ``host'' and ``ipmi'' will use this value, however if the
371 devicesubst, execsubst, or initsubst keywords are used in
372 any console type, this value is used.
373 idlestring string|""
375 Assign the string that is sent to the console once the
376 console is idle for an idletimeout amount of time. If
377 the null string (``""'') is used, the string is unset and
378 the default is used. The string is interpreted just as a
379 break string is interpreted (see the break configuration
380 items for details) where all delays specified (via
381 ``\d'') use the default delay time. The default string
382 is ``\n''.
383 idletimeout number[s|m|h]
385 Set the idle timeout of the console to number seconds.
386 If an `s', `m', or `h' is used after number, the speci‐
387 fied time is interpreted as seconds, minutes, or hours.
388 Set the timeout to zero to disable the idle timeout (the
389 default).
390 ipmiciphersuite number
392 Set the IPMI cipher suite. Syntactically valid values
393 are -1 (the default) and greater. Check the FreeIPMI
394 documentation for usable values.
395 ipmikg string|""
397 Set the BMC authentication key K_g to string. A K_g
398 value is a simple character string with the exception of
399 `\':
400 \\ backslash
402 \ooo octal representation of a character (where
403 ooo is one to three octal digits)
404 \c character c
405 The resulting value must be no more than 20 characters.
407 The null string (``""'') is the default.
408 ipmiworkaround [!]option[,...]|""
410 You can turn off a workaround by prefixing it with a
411 ``!'' character. So, to turn off the integrity work‐
412 around, you would use !integrity. The following are
413 valid options and their mapping to FreeIPMI settings:
414 activation-status SKIP_SOL_ACTIVATION_STATUS
416 auth-capabilites AUTHENTICATION_CAPABILITIES
417 channel-payload SKIP_CHANNEL_PAYLOAD_SUPPORT
418 checksum NO_CHECKSUM_CHECK
419 default DEFAULT
420 ignore-payload-size IGNORE_SOL_PAYLOAD_SIZE
421 ignore-port IGNORE_SOL_PORT
422 integrity NON_EMPTY_INTEGRITY_CHECK_VALUE
423 intel-session INTEL_2_0_SESSION
424 packet-sequence INCREMENT_SOL_PACKET_SEQUENCE
425 privilege OPEN_SESSION_PRIVILEGE
426 serial-alerts SERIAL_ALERTS_DEFERRED
427 sun-session SUN_2_0_SESSION
428 supermicro-session SUPERMICRO_2_0_SESSION
429 If no ipmiworkaround is specified, the ``default'' work‐
431 around will be used. The null string (``""'') unsets all
432 workarounds, including ``default''. See the FreeIPMI
433 documentation for details on what workarounds affect.
434 ipmiprivlevel user|operator|admin
436 Set the privilege level for the username used during IPMI
437 authentication. The default privilege level is ``ad‐
438 min''.
439 include default
441 The default block defined using the name default is ap‐
442 plied to the current console or default block. The in‐
443 cluded default block must be previously defined.
444 initcmd command|""
446 Invoke command as soon as the console is brought up,
447 redirecting the console to stdin, stdout, and stderr of
448 command. The command is passed as an argument to
449 ``/bin/sh -ce''. If the null string (``""'') is used,
450 the command is unset and nothing is invoked.
451 initrunas [user][:group]|""
453 By default, the command invoked by initcmd is run with
454 the same privileges as the server. If the server is run‐
455 ning with root privileges, this option resets the user
456 and/or group of the invoked process to user and group re‐
457 spectively. user may be a username or numeric uid and
458 group may be a group name or numeric gid. Either one is
459 optional. If the server is not running with root privi‐
460 leges, these values are not used. If the null string
461 (``""'') is specified, the default of running with the
462 same privileges as the server is restored.
463 initspinmax n|""
465 Set the maximum number of ``spins'' allowed for the con‐
466 sole to n, where 0 <= n <= 254. A console is determined
467 to be ``spinning'' if an attempt to initialize the con‐
468 sole occurs in under initspintimer seconds from its pre‐
469 vious initialization and this quick initialization occurs
470 initspinmax times in a row. If, at any point, the time
471 between initializations is greater than initspintimer,
472 the counter for reaching initspinmax resets to zero.
473 When a console is determined to be ``spinning'' it is
474 forced down. If the null string (``""'') is specified,
475 the default of 5 is used.
476 initspintimer t|""
478 Set the number of seconds a console must be ``up'' to not
479 be considered ``spinning'' to t, where 0 <= t <= 254.
480 See initspinmax for a full description of console ``spin‐
481 ning.'' If the null string (``""'') is specified, the
482 default of 1 is used.
483 initsubst c=t[n]f[,...]|""
485 Perform character substitutions on the initcmd value.
486 See the devicesubst option for an explanation of the for‐
487 mat string. If the null string (``""'') is used, no re‐
488 placements will be done.
489 logfile filename|""
491 Assign the logfile specified by filename to the console.
492 Any occurrence of ``&'' in filename will be replaced with
493 the name of the console. If the null string (``""'') is
494 used, the logfile name is unset and no logging will oc‐
495 cur.
496 logfilemax number[k|m]
498 Enable automatic rotation of logfile once its size ex‐
499 ceeds number bytes. Specifying k or m interpret number
500 as kilobytes and megabytes. number must be at least 2048
501 bytes. A value of zero will turn off automatic rotation
502 of logfile. The logfile filename will be renamed file‐
503 name-YYYYMMDD-HHMMSS, where the extension is the current
504 GMT year, month, day, hour, minute, and second (to pre‐
505 vent issues with clock rollbacks). File sizes are
506 checked every 5 minutes with an additional initial
507 pseudo-random delay of up to one minute (to help prevent
508 all processes checking all consoles simultaneously).
509 2.5% (minimum 100 bytes, maximum 4000 bytes) of the old
510 logfile is read from the end of the file. All data past
511 the first newline is moved (not copied) to the new log‐
512 file so that a replay of the console works and starts on
513 a line boundary.
514 master hostname|ipaddr
516 Define which conserver host manages the console. The
517 host may be specified by hostname or using the address
518 ipaddr.
519 motd message|""
521 Set the "message of the day" for the console to message,
522 which gets displayed when a client attaches to the con‐
523 sole. If the null string (``""'') is used, the MOTD is
524 unset and no message will occur.
525 options [!]option[,...]|""
527 You can negate the option by prefixing it with a ``!''
528 character. So, to turn off the hupcl flag, you would use
529 !hupcl. The following are valid options:
530 ixon Enable XON/XOFF flow control on output. Only
532 consoles of type ``device'' or ``exec'' will
533 use this value. Default is ixon.
534 ixany Enable any character to restart output. Only
535 consoles of type ``device'' or ``exec'' will
536 use this value. Default is !ixany.
537 ixoff Enable XON/XOFF flow control on input. Only
538 consoles of type ``device'' or ``exec'' will
539 use this value. Default is ixoff for con‐
540 soles of type ``device'' and !ixoff for con‐
541 soles of type ``exec''.
542 crtscts Enable RTS/CTS (hardware) flow control. Only
543 consoles of type ``device'' will use this
544 value. Default is !crtscts.
545 cstopb Set two stop bits, rather than one. Only
546 consoles of type ``device'' will use this
547 value. Default is !cstopb.
548 hupcl Lower modem control lines after last process
549 closes the device (hang up). Only consoles
550 of type ``device'' will use this value. De‐
551 fault is !hupcl.
552 ondemand Initialize the console when a client requests
553 a connection to the console. When no clients
554 are connected, bring the console down. The
555 conserver option -i will set this flag for
556 all consoles. Default is !ondemand.
557 striphigh Strip the high bit off all data coming from
558 this console and all clients connected to
559 this console before processing occurs. The
560 conserver option -7 will set this flag for
561 all consoles. Default is !striphigh.
562 reinitoncc Automatically reinitialize (``bring up'') a
563 downed console when a client connects. With‐
564 out this option, a client will be attached to
565 the downed console and will need to manually
566 reinitialize the console with an escape se‐
567 quence. The conserver option -o will set
568 this flag for all consoles. Default is
569 !reinitoncc.
570 autoreinit Allow this console to be automatically reini‐
571 tialized if it unexpectedly goes down. If
572 the console doesn't come back up, it is re‐
573 tried every minute. A console of type
574 ``exec'' that exits with a zero exit status
575 is automatically reinitialized regardless of
576 this setting. The conserver option -F will
577 unset this flag for all consoles. Default is
578 autoreinit.
579 unloved Enable the sending of this console's output
580 (prefixed with its name) to the daemon's std‐
581 out (or the logfile if in daemon mode) when
582 no clients are connected to the console. The
583 conserver option -u will set this flag for
584 all consoles. Default is !unloved.
585 login Allow users to log into this console. If lo‐
586 gins are not allowed, conserver will send a
587 generic message to the client saying so and
588 terminate the connection. You can override
589 the generic message by setting the motd mes‐
590 sage. Default is login.
591 parity even|mark|none|odd|space
593 Set the parity option for the console. Only consoles of
594 type ``device'' will use this value.
595 password password|""
597 Use password during IPMI authentication. If the null
598 string (``""'') is used (the default), no password will
599 be used.
600 port number|name
602 Set the port used to access the console. The port may be
603 specified as a number or a name. A name will cause a
604 getservbyname(3) call to look up the port number. The
605 port, portbase, and portinc values are all used to calcu‐
606 late the final port number to connect to. The formula
607 used is finalport = portbase + portinc * port. By using
608 proper values in the formula, you can reference ports on
609 a terminal server by their physical numbering of 0..n or
610 1..n (depending on if you like zero-based or one-based
611 numbering). Warning: you can generate a -1 value with
612 this formula, which will become a very high numbered pos‐
613 itive value (since things are stored unsigned). You must
614 also set the host option as well. Normally, only con‐
615 soles of type ``host'' will use this value, however if
616 the devicesubst, execsubst, or initsubst keywords are
617 used in any console type, this value is used.
618 portbase number
620 Set the base value for the port calculation formula.
621 number must be 0 or greater. The default is zero. See
622 port for the details of the formula.
623 portinc number
625 Set the increment value for the port calculation formula.
626 number must be 0 or greater. The default is one. See
627 port for the details of the formula.
628 protocol telnet|raw
630 Set the protocol used to send and receive data from the
631 console. If raw is used, all data is sent ``as is'', un‐
632 protected by any protocol specification. If telnet is
633 used (which is the default), data is encapsulated in the
634 telnet protocol. The striphigh console option still ap‐
635 plies when data is read by the server, and if enabled,
636 can impact the encapsulation process.
637 replstring string
639 A generic replacement string that can be used by the de‐
640 vicesubst, execsubst, and initsubst keywords.
641 ro [!]username[,...]|""
643 Define a list of users making up the read-only access
644 list for the console. If username matches a previously
645 defined group name, all members of the previous group are
646 applied to the read-only access list (with access re‐
647 versed if prefixed with a `!'). If username doesn't
648 match a previously defined group and username begins with
649 `@', the name (minus the `@') is checked against the
650 host's group database. All users found in the group will
651 be granted (or denied, if prefixed with `!') read-only
652 access. If username doesn't match a previous group and
653 doesn't begin with `@', the users will be granted (or de‐
654 nied, if prefixed with `!') read-only access. If the
655 null string (``""'') is used, any users previously de‐
656 fined for the console's read-only list are removed.
657 rw [!]username[,...]|""
659 Define a list of users making up the read-write access
660 list for the console. If username matches a previously
661 defined group name, all members of the previous group are
662 applied to the read-write access list (with access re‐
663 versed if prefixed with a `!'). If username doesn't
664 match a previously defined group and username begins with
665 `@', the name (minus the `@') is checked against the
666 host's group database. All users found in the group will
667 be granted (or denied, if prefixed with `!') read-write
668 access. If username doesn't match a previous group and
669 doesn't begin with `@', the users will be granted (or de‐
670 nied, if prefixed with `!') read-write access. If the
671 null string (``""'') is used, any users previously de‐
672 fined for the console's read-write list are removed.
673 tasklist c[,...]|""
675 Associate a list of tasks referenced by c with the con‐
676 sole. If ``*'' is used (the default), all defined tasks
677 will be available. If the null string (``""'') is used,
678 no tasks will be available.
679 timestamp [number[m|h|d|l]][a][b]|""
681 Specifies the time between timestamps applied to the con‐
682 sole log file and whether to log read/write connection
683 actions. The timestamps look like ``[-- MARK -- Mon Jan
684 25 14:46:56 1999]''. The `m', `h', and `d' tags specify
685 ``minutes'' (the default), ``hours'', and ``days''. The
686 `l' tag specifies ``lines'' and will cause timestamps of
687 the form ``[Mon Jan 25 14:46:56 PST 1999]'' to be placed
688 every number lines (a newline character signifies a new
689 line). So, ``5h'' specifies every five hours and ``2l''
690 specifies every two lines. An `a' can be specified to
691 add logs of ``attached'', ``detached'', and ``bumped''
692 actions, including the user's name and the host from
693 which the client connection was made. A `b' can be spec‐
694 ified to add logging of break sequences sent to the con‐
695 sole.
696 type device|ipmi|exec|host|noop|uds
698 Set the type of console. A type of ``device'' should be
699 used for local serial ports (also set the device value).
700 A type of ``ipmi'' should be used for IPMI serial over
701 LAN consoles (also set the host value and possibly the
702 username, password, and ipmi* values). A type of
703 ``exec'' should be used for command invocations (perhaps
704 also set the exec value). A type of ``host'' should be
705 used for terminal servers and other TCP socket-based in‐
706 teraction (also set the host and port values). A type of
707 ``noop'' should be used as a placeholder - it does noth‐
708 ing, ignores any logfile value and forces the !nologin
709 option (so you might want to set the motd value). A type
710 of ``uds'' should be used for Unix domain sockets (also
711 set the uds option).
712 uds filename
714 Assign the Unix domain socket filename as the path to the
715 console. Only consoles of type ``uds'' will use this
716 value.
717 udssubst c=t[n]f[,...]|""
719 Perform character substitutions on the uds value. See
720 the devicesubst option for an explanation of the format
721 string. If the null string (``""'') is used, no replace‐
722 ments will be done.
723 username username|""
725 Use username during IPMI authentication. If the null
726 string (``""'') is used (the default), the ``null'' user
727 will be used.
728 group name
730 Define a user group identified as name.
731 users [!]username[,...]|""
733 Define a list of users making up the group name. If
734 username matches a previously defined group name, all
735 members of the previous group are applied to the current
736 group (with access reversed if prefixed with a `!'). If
737 username doesn't match a previously defined group and
738 username begins with `@', the name (minus the `@') is
739 checked against the host's group database. All users
740 found in the group will be recorded with (or without, if
741 prefixed with `!') access. If username doesn't match a
742 previous group and doesn't begin with `@', the users will
743 be recorded with (or without, if prefixed with `!') ac‐
744 cess. If the null string (``""'') is used, any users
745 previously defined for this group are removed.
746 task c
748 Define a task where c is a lowercase alphanumeric (0-9a-z).
749 Tasks are invoked via the ``^Ec!c'' client escape sequence.
750 cmd command|""
752 Invoke command on the server when instructed by the
753 client. All file descriptors are closed, except for
754 stderr (which is inherited from the server). The command
755 is passed as an argument to ``/bin/sh -ce'' and is a
756 ``fire and forget'' methodology (you need to check logs
757 for any issues). If the null string (``""'') is used,
758 the entire task definition is ignored.
759 confirm yes|true|on|no|false|off
761 Set whether or not to ask the client for confirmation be‐
762 fore invoking the task. The default is ``no''.
763 description string
765 Set a description for the task. When a client lists
766 tasks, string will be printed instead of the command de‐
767 fined above. If the null string (``""'') is used, the
768 command defined above will be printed.
769 runas [user][:group]|""
771 By default, the command invoked by cmd is run with the
772 same privileges as the server. If the server is running
773 with root privileges, this option resets the user and/or
774 group of the invoked process to user and group respec‐
775 tively. user may be a username or numeric uid and group
776 may be a group name or numeric gid. Either one is op‐
777 tional. If the server is not running with root privi‐
778 leges, these values are not used. If the null string
779 (``""'') is specified, the default of running with the
780 same privileges as the server is restored.
781 subst c=t[n]f[,...]|""
783 Perform character substitutions on the cmd value. See
784 the devicesubst option for an explanation of the format
785 string. If the null string (``""'') is used, no replace‐
786 ments will be done.
787
789 Bryan Stansell, conserver.com
790
792 console(1), conserver.passwd(5), conserver(8)
793conserver-8.2.6 2020/10/19 CONSERVER.CF(5)