1CONSERVER.CF(5) conserver CONSERVER.CF(5)
2
6 conserver.cf - console configuration file for conserver(8)
7
9 The format of the conserver.cf file is made up of named blocks of key‐
10 word/value pairs, comments, and optional whitespace for formatting
11 flexibility. The block types as well as the keywords are pre-defined
12 and explained in the BLOCKS section. A comment is an unquoted pound-
13 sign to a newline. See the PARSER section for full details on white‐
14 space and quoting.
15 Let me first show you a sample block with a couple of keyword/value
17 pairs to make the description a bit simpler to understand.
18 console simple { master localhost; type exec; rw *; }
20 This is actually a fully functional conserver.cf file (if certain con‐
22 ditions are met...and if you can list those conditions, you can proba‐
23 bly can skip to the BLOCKS section).
24 Our example is made of up of a console-block named ``simple'' with
26 three keyword/value pairs. What this does is define a console named
27 ``simple'', makes the master of that console the host ``localhost'',
28 makes the type an exec-style console, and gives every user read/write
29 permission. This is the generic format of the file:
30 block-type block-name { keyword value; ... }
32 To show the addition of comments and whitespace, here is the example
34 reformatted (but functionally equivalent):
35 # define a console named "simple"
37 console simple {
38 # setting all required values...
39 master localhost;
40 type exec; # exec-style console
41 rw *; # allow any username
42 }
43
45 The parser has six characters that it considers special. These are:
46 ``{'', ``}'', ``;'', ``#'', ``\'', and ``"''. The first three (hereby
47 called tokens) define the format of the configuration blocks and are
48 used as word separators, the next is the comment character, and the
49 last two are quoting characters.
50 Word separation occurs when the parser encounters an unquoted token
52 and, in certain cases, whitespace. Whitespace is only used as a word
53 separator when the parser is looking for a block-type or keyword. When
54 it's looking for a block-name or value, whitespace is like any other
55 character, which allows you to embed whitespace in a block-name or
56 value without having to quote it. Here is an example:
57 default my defs { rw *; include other defs ; }
59 The block-type is ``default'', the block-name is ``my defs'', and the
61 value for the keyword ``include'' is ``other defs''. Whitespace around
62 tokens are ignored so you get ``other defs'' instead of ``other defs
63 '' as the value.
64 The only way to use one of the special characters as part of a block-
66 name or value is to quote it.
67 Quoting is a simple matter of prefixing a character with a backslash or
69 surrounding a group of characters with double-quotes. If a character
70 is prefixed by a backslash, the next character is a literal (so ``\\''
71 produces a ``\'', ``\"'' produces ``"'', ``\{'' produces a ``{'',
72 etc.). For double-quoted strings, all characters are literal except
73 for ``\"'', which embeds a double-quote.
74 Adding a variety of quotes to our example without changing the meaning
76 of things, we have:
77 "defa"ult my\ defs { rw *; in\clude "other defs" ; }
79 There is one special line the parser recognizes: a ``#include'' state‐
81 ment. It is of the form:
82 #include filename
84 Any whitespace around filename is ignored, but whitespace embedded in‐
86 side is preserved. Everything in filename is taken literally, so none
87 of the normal parser quoting applies. The #include must begin in
88 ``column 0'' - no whitespace is allowed between it and the start of the
89 physical line. There is an include file depth limit of 10 to prevent
90 infinite recursion.
91
93 access hostname|ipaddr
94 Define an access block for the host named hostname or using the
95 address ipaddr. If the value of ``*'' is used, the access block
96 will be applied to all conserver hosts. Access lists are used
97 in a first match fashion (top down), so order is important.
98 admin [!]username[,...]|""
100 Define a list of users making up the admin list for the
101 console server. If username matches a previously defined
102 group name, all members of the previous group are applied
103 to the admin list (with access reversed if prefixed with
104 a `!'). If username doesn't match a previously defined
105 group and username begins with `@', the name (minus the
106 `@') is checked against the host's group database. All
107 users found in the group will be granted (or denied, if
108 prefixed with `!') access. If username doesn't match a
109 previous group and doesn't begin with `@', the users will
110 be granted (or denied, if prefixed with `!') access. If
111 the null string (``""'') is used, any users previously
112 defined for the console servers's admin list are removed.
113 allowed hostname[,...]
115 The list of hostnames are added to the ``allowed'' list,
116 which grants connections from the hosts but requires
117 username authentication.
118 include accessgroup
120 The access lists defined using the name accessgroup are
121 applied to the current access block. The included access
122 block must be previously defined.
123 limited [!]username[,...]|""
125 Define a list of users with limited functionality on the
126 console server. These users will not be allowed to sus‐
127 pend their connection, shift to another console, or at‐
128 tach to a local command. If username matches a previ‐
129 ously defined group name, all members of the previous
130 group are applied to the admin list (with access reversed
131 if prefixed with a `!'). If username doesn't match a
132 previously defined group and username begins with `@',
133 the name (minus the `@') is checked against the host's
134 group database. All users found in the group will be
135 granted (or denied, if prefixed with `!') access. If
136 username doesn't match a previous group and doesn't begin
137 with `@', the users will be granted (or denied, if pre‐
138 fixed with `!') access. If the null string (``""'') is
139 used, any users previously defined for the console
140 server's limited list are removed.
141 rejected hostname[,...]
143 The list of hostnames are added to the ``rejected'' list,
144 which rejects connections from the hosts.
145 trusted hostname[,...]
147 The list of hostnames are added to the ``trusted'' list,
148 which grants connections from the hosts without username
149 authentication.
150 break n
152 Define a break sequence where (1 <= n <= 9) or (a <= n <= z).
153 Break sequences are accessed via the ``^Ecln'' client escape se‐
154 quence.
155 confirm yes|true|on|no|false|off
157 Set whether or not to ask the client for confirmation be‐
158 fore sending the break sequence. The default is ``no''.
159 delay n
161 Set the time delay for the \d sequence to n milliseconds.
162 The default time delay is 250ms.
163 string breakseq
165 Assign the string breakseq to the specified slot n. A
166 break sequence is a simple character string with the ex‐
167 ception of `\' and `^':
168 \a alert
170 \b backspace
171 \d delay specified by the delay option.
172 \f form-feed
173 \n newline
174 \r carriage-return
175 \t tab
176 \v vertical-tab
177 \z serial break
178 \\ backslash
179 \^ circumflex
180 \ooo octal representation of a character (where
181 ooo is one to three octal digits)
182 \c character c
183 ^? delete
184 ^c control character (c is ``and''ed with 0x1f)
185 config hostname|ipaddr
187 Define a configuration block for the host named hostname or us‐
188 ing the address ipaddr. If the value of ``*'' is used, the con‐
189 figuration block will be applied to all conserver hosts.
190 autocomplete yes|true|on|no|false|off
192 Turn the console name autocompletion feature on or off.
193 If autocompletion is on, a client can use any unique
194 leading portion of a console name when connecting to a
195 console. Autocompletion is on by default.
196 defaultaccess rejected|trusted|allowed
198 Set the default access permission for all hosts not
199 matched by an access list (see the -a command-line flag).
200 daemonmode yes|true|on|no|false|off
202 Set whether or not to become a daemon when run (see the
203 -d command-line flag).
204 initdelay number
206 Set the number of seconds between console initializa‐
207 tions. All consoles with the same host value will be
208 throttled as a group (those without a host value are
209 their own group). In other words, each console within a
210 group will only be initialized after number seconds
211 passes from the previous initialization of a console in
212 that group. Different throttle groups are initialized
213 simultaneously. One warning: since consoles are split up
214 and managed by seperate conserver processes, it's possi‐
215 ble for more than one conserver process to have a throt‐
216 tle group based on a particular host value. If this hap‐
217 pens, each conserver process will throttle their groups
218 independently of the other conserver processes, which re‐
219 sults in a more rapid initialization (per host value)
220 than one might otherwise expect. If number is zero, all
221 consoles are initialized without delay.
222 logfile filename
224 Set the logfile to write to when in daemon mode (see the
225 -L command-line flag).
226 passwdfile filename
228 Set the password file location used for authentication
229 (see the -P command-line flag).
230 primaryport number|name
232 Set the port used by the master conserver process (see
233 the -p command-line flag).
234 redirect yes|true|on|no|false|off
236 Turn redirection on or off (see the -R command-line
237 flag).
238 reinitcheck number
240 Set the number of minutes used between reinitialization
241 checks (see the -O command-line flag).
242 secondaryport number|name
244 Set the base port number used by child processes (see the
245 -b command-line flag).
246 setproctitle yes|true|on|no|false|off
248 Set whether or not the process title shows master/group
249 functionality as well as the port number the process is
250 listening on and how many consoles it is managing. The
251 operating system must support the setproctitle() call.
252 sslcredentials filename
254 Set the SSL credentials file location (see the -c com‐
255 mand-line flag).
256 sslcacertificatefile filename
258 Load the valid CA certificates for the SSL connection
259 from the PEM encoded file. This option overrides the
260 global CA list.
261 sslreqclientcert yes|true|on|no|false|off
263 Set whether or not a certificate is required by the
264 client to connect. The default is ``no''.
265 sslrequired yes|true|on|no|false|off
267 Set whether or not encryption is required when talking to
268 clients (see the -E command-line flag).
269 unifiedlog filename
271 Set the location of the unified log to filename. See the
272 -U command-line flag for details.
273 console name
275 Define a console identified as name. The keywords are the same
276 as the default block with the following addition.
277 aliases name[,...]|""
279 Define a list of console aliases. If the null string
280 (``""'') is used, any aliases previously defined for the
281 console are removed.
282 default name
284 Define a block of defaults identified as name. If name is
285 ``*'', the automatically applied default block is defined (basi‐
286 cally all consoles have an implicit ``include "*";'' at the be‐
287 ginning of their definition).
288 baud
290 300|600|1800|2400|4800|9600|19200|38400|57600|115200|..|4000000
291 Assign the baud rate to the console. Only consoles of
292 type ``device'' will use this value.
293 break n
295 Assign the break sequence n as the default for the con‐
296 sole, which is used by the ``^Ecl0'' client escape se‐
297 quence.
298 breaklist n[,...]|""
300 Associate a list of break sequences referenced by n with
301 the console. If ``*'' is used (the default), all defined
302 break sequences will be available. If the null string
303 (``""'') is used, no sequences will be available.
304 device filename
306 Assign the serial device filename as the path to the con‐
307 sole. Only consoles of type ``device'' will use this
308 value.
309 devicesubst c=t[n]f[,...]|""
311 Perform character substitutions on the device value. A
312 series of replacements can be defined by specifying a
313 comma-separated list of c=t[n]f sequences where c is any
314 printable character, t specifies the replacement value, n
315 is a field length (optional), and f is the format string.
316 t can be one of the characters below, catagorized as a
317 string replacement or a numeric replacement, which dic‐
318 tates the use of the n and f fields.
319 String Replacement
321 c console name
322 h host value
323 r replstring value
324 Numeric Replacement
326 b baud value
327 p config port value
328 P calculated port value
329 For string replacements, if the replacement isn't at
331 least n characters, it will be padded with space charac‐
332 ters on the left. f must be `s'. For numeric replace‐
333 ments, the value will be formatted to at least n charac‐
334 ters, padded with 0s if n begins with a 0, and space
335 characters otherwise. f must be either `d', `x', `X',
336 `a', or `A', specifying a decimal, lowercase hexadecimal
337 (0-9a-f), uppercase hexadecimal (0-9A-F), lowercase al‐
338 phanumeric (0-9a-z), or uppercase alphanumeric (0-9A-Z)
339 conversion. If the null string (``""'') is used, no re‐
340 placements will be done.
341 exec command|""
343 Assign the string command as the command to access the
344 console. Conserver will run the command by invoking
345 ``/bin/sh -ce "command"''. If the null string (``""'')
346 is used or no exec keyword is specified, conserver will
347 use the command ``/bin/sh -i''. Only consoles of type
348 ``exec'' will use this value.
349 execrunas [user][:group]|""
351 By default, the command invoked by exec is run with the
352 same privileges as the server. If the server is running
353 with root privileges, this option resets the user and/or
354 group of the invoked process to user and group respec‐
355 tively. user may be a username or numeric uid and group
356 may be a group name or numeric gid. Either one is op‐
357 tional. If the server is not running with root privi‐
358 leges, these values are not used. If the null string
359 (``""'') is specified, the default of running with the
360 same privileges as the server is restored.
361 execsubst c=t[n]f[,...]|""
363 Perform character substitutions on the exec value. See
364 the devicesubst option for an explanation of the format
365 string. If the null string (``""'') is used, no replace‐
366 ments will be done.
367 host hostname
369 Assign hostname as the host to connect to for accessing
370 the console. You must also set the port option for con‐
371 soles of type ``host''. Normally, only consoles of type
372 ``host'' and ``ipmi'' will use this value, however if the
373 devicesubst, execsubst, or initsubst keywords are used in
374 any console type, this value is used.
375 idlestring string|""
377 Assign the string that is sent to the console once the
378 console is idle for an idletimeout amount of time. If
379 the null string (``""'') is used, the string is unset and
380 the default is used. The string is interpreted just as a
381 break string is interpreted (see the break configuration
382 items for details) where all delays specified (via
383 ``\d'') use the default delay time. The default string
384 is ``\n''.
385 idletimeout number[s|m|h]
387 Set the idle timeout of the console to number seconds.
388 If an `s', `m', or `h' is used after number, the speci‐
389 fied time is interpreted as seconds, minutes, or hours.
390 Set the timeout to zero to disable the idle timeout (the
391 default).
392 ipmiciphersuite number
394 Set the IPMI cipher suite. Syntactically valid values
395 are -1 (the default) and greater. Check the FreeIPMI
396 documentation for usable values.
397 ipmikg string|""
399 Set the BMC authentication key K_g to string. A K_g
400 value is a simple character string with the exception of
401 `\':
402 \\ backslash
404 \ooo octal representation of a character (where
405 ooo is one to three octal digits)
406 \c character c
407 The resulting value must be no more than 20 characters.
409 The null string (``""'') is the default.
410 ipmiworkaround [!]option[,...]|""
412 You can turn off a workaround by prefixing it with a
413 ``!'' character. So, to turn off the integrity work‐
414 around, you would use !integrity. The following are
415 valid options and their mapping to FreeIPMI settings:
416 activation-status SKIP_SOL_ACTIVATION_STATUS
418 auth-capabilites AUTHENTICATION_CAPABILITIES
419 channel-payload SKIP_CHANNEL_PAYLOAD_SUPPORT
420 checksum NO_CHECKSUM_CHECK
421 default DEFAULT
422 ignore-payload-size IGNORE_SOL_PAYLOAD_SIZE
423 ignore-port IGNORE_SOL_PORT
424 integrity NON_EMPTY_INTEGRITY_CHECK_VALUE
425 intel-session INTEL_2_0_SESSION
426 packet-sequence INCREMENT_SOL_PACKET_SEQUENCE
427 privilege OPEN_SESSION_PRIVILEGE
428 serial-alerts SERIAL_ALERTS_DEFERRED
429 sun-session SUN_2_0_SESSION
430 supermicro-session SUPERMICRO_2_0_SESSION
431 If no ipmiworkaround is specified, the ``default'' work‐
433 around will be used. The null string (``""'') unsets all
434 workarounds, including ``default''. See the FreeIPMI
435 documentation for details on what workarounds affect.
436 ipmiprivlevel user|operator|admin
438 Set the privilege level for the username used during IPMI
439 authentication. The default privilege level is ``ad‐
440 min''.
441 include default
443 The default block defined using the name default is ap‐
444 plied to the current console or default block. The in‐
445 cluded default block must be previously defined.
446 initcmd command|""
448 Invoke command as soon as the console is brought up,
449 redirecting the console to stdin, stdout, and stderr of
450 command. The command is passed as an argument to
451 ``/bin/sh -ce''. If the null string (``""'') is used,
452 the command is unset and nothing is invoked.
453 initrunas [user][:group]|""
455 By default, the command invoked by initcmd is run with
456 the same privileges as the server. If the server is run‐
457 ning with root privileges, this option resets the user
458 and/or group of the invoked process to user and group re‐
459 spectively. user may be a username or numeric uid and
460 group may be a group name or numeric gid. Either one is
461 optional. If the server is not running with root privi‐
462 leges, these values are not used. If the null string
463 (``""'') is specified, the default of running with the
464 same privileges as the server is restored.
465 initspinmax n|""
467 Set the maximum number of ``spins'' allowed for the con‐
468 sole to n, where 0 <= n <= 254. A console is determined
469 to be ``spinning'' if an attempt to initialize the con‐
470 sole occurs in under initspintimer seconds from its pre‐
471 vious initialization and this quick initialization occurs
472 initspinmax times in a row. If, at any point, the time
473 between initializations is greater than initspintimer,
474 the counter for reaching initspinmax resets to zero.
475 When a console is determined to be ``spinning'' it is
476 forced down. If the null string (``""'') is specified,
477 the default of 5 is used.
478 initspintimer t|""
480 Set the number of seconds a console must be ``up'' to not
481 be considered ``spinning'' to t, where 0 <= t <= 254.
482 See initspinmax for a full description of console ``spin‐
483 ning.'' If the null string (``""'') is specified, the
484 default of 1 is used.
485 initsubst c=t[n]f[,...]|""
487 Perform character substitutions on the initcmd value.
488 See the devicesubst option for an explanation of the for‐
489 mat string. If the null string (``""'') is used, no re‐
490 placements will be done.
491 logfile filename|""
493 Assign the logfile specified by filename to the console.
494 Any occurrence of ``&'' in filename will be replaced with
495 the name of the console. If the null string (``""'') is
496 used, the logfile name is unset and no logging will oc‐
497 cur.
498 logfilemax number[k|m]
500 Enable automatic rotation of logfile once its size ex‐
501 ceeds number bytes. Specifying k or m interpret number
502 as kilobytes and megabytes. number must be at least 2048
503 bytes. A value of zero will turn off automatic rotation
504 of logfile. The logfile filename will be renamed file‐
505 name-YYYYMMDD-HHMMSS, where the extension is the current
506 GMT year, month, day, hour, minute, and second (to pre‐
507 vent issues with clock rollbacks). File sizes are
508 checked every 5 minutes with an additional initial
509 pseudo-random delay of up to one minute (to help prevent
510 all processes checking all consoles simultaneously).
511 2.5% (minimum 100 bytes, maximum 4000 bytes) of the old
512 logfile is read from the end of the file. All data past
513 the first newline is moved (not copied) to the new log‐
514 file so that a replay of the console works and starts on
515 a line boundary.
516 master hostname|ipaddr
518 Define which conserver host manages the console. The
519 host may be specified by hostname or using the address
520 ipaddr.
521 motd message|""
523 Set the "message of the day" for the console to message,
524 which gets displayed when a client attaches to the con‐
525 sole. If the null string (``""'') is used, the MOTD is
526 unset and no message will occur.
527 options [!]option[,...]|""
529 You can negate the option by prefixing it with a ``!''
530 character. So, to turn off the hupcl flag, you would use
531 !hupcl. The following are valid options:
532 ixon Enable XON/XOFF flow control on output. Only
534 consoles of type ``device'' or ``exec'' will
535 use this value. Default is ixon.
536 ixany Enable any character to restart output. Only
537 consoles of type ``device'' or ``exec'' will
538 use this value. Default is !ixany.
539 ixoff Enable XON/XOFF flow control on input. Only
540 consoles of type ``device'' or ``exec'' will
541 use this value. Default is ixoff for con‐
542 soles of type ``device'' and !ixoff for con‐
543 soles of type ``exec''.
544 crtscts Enable RTS/CTS (hardware) flow control. Only
545 consoles of type ``device'' will use this
546 value. Default is !crtscts.
547 cstopb Set two stop bits, rather than one. Only
548 consoles of type ``device'' will use this
549 value. Default is !cstopb.
550 hupcl Lower modem control lines after last process
551 closes the device (hang up). Only consoles
552 of type ``device'' will use this value. De‐
553 fault is !hupcl.
554 ondemand Initialize the console when a client requests
555 a connection to the console. When no clients
556 are connected, bring the console down. The
557 conserver option -i will set this flag for
558 all consoles. Default is !ondemand.
559 striphigh Strip the high bit off all data coming from
560 this console and all clients connected to
561 this console before processing occurs. The
562 conserver option -7 will set this flag for
563 all consoles. Default is !striphigh.
564 reinitoncc Automatically reinitialize (``bring up'') a
565 downed console when a client connects. With‐
566 out this option, a client will be attached to
567 the downed console and will need to manually
568 reinitialize the console with an escape se‐
569 quence. The conserver option -o will set
570 this flag for all consoles. Default is
571 !reinitoncc.
572 autoreinit Allow this console to be automatically reini‐
573 tialized if it unexpectedly goes down. If
574 the console doesn't come back up, it is re‐
575 tried every minute. A console of type
576 ``exec'' that exits with a zero exit status
577 is automatically reinitialized regardless of
578 this setting. The conserver option -F will
579 unset this flag for all consoles. Default is
580 autoreinit.
581 unloved Enable the sending of this console's output
582 (prefixed with its name) to the daemon's std‐
583 out (or the logfile if in daemon mode) when
584 no clients are connected to the console. The
585 conserver option -u will set this flag for
586 all consoles. Default is !unloved.
587 login Allow users to log into this console. If lo‐
588 gins are not allowed, conserver will send a
589 generic message to the client saying so and
590 terminate the connection. You can override
591 the generic message by setting the motd mes‐
592 sage. Default is login.
593 parity even|mark|none|odd|space
595 Set the parity option for the console. Only consoles of
596 type ``device'' will use this value.
597 password password|""
599 Use password during IPMI authentication. If the null
600 string (``""'') is used (the default), no password will
601 be used.
602 port number|name
604 Set the port used to access the console. The port may be
605 specified as a number or a name. A name will cause a
606 getservbyname(3) call to look up the port number. The
607 port, portbase, and portinc values are all used to calcu‐
608 late the final port number to connect to. The formula
609 used is finalport = portbase + portinc * port. By using
610 proper values in the formula, you can reference ports on
611 a terminal server by their physical numbering of 0..n or
612 1..n (depending on if you like zero-based or one-based
613 numbering). Warning: you can generate a -1 value with
614 this formula, which will become a very high numbered pos‐
615 itive value (since things are stored unsigned). You must
616 also set the host option as well. Normally, only con‐
617 soles of type ``host'' will use this value, however if
618 the devicesubst, execsubst, or initsubst keywords are
619 used in any console type, this value is used.
620 portbase number
622 Set the base value for the port calculation formula.
623 number must be 0 or greater. The default is zero. See
624 port for the details of the formula.
625 portinc number
627 Set the increment value for the port calculation formula.
628 number must be 0 or greater. The default is one. See
629 port for the details of the formula.
630 protocol telnet|raw
632 Set the protocol used to send and receive data from the
633 console. If raw is used, all data is sent ``as is'', un‐
634 protected by any protocol specification. If telnet is
635 used (which is the default), data is encapsulated in the
636 telnet protocol. The striphigh console option still ap‐
637 plies when data is read by the server, and if enabled,
638 can impact the encapsulation process.
639 replstring string
641 A generic replacement string that can be used by the de‐
642 vicesubst, execsubst, and initsubst keywords.
643 ro [!]username[,...]|""
645 Define a list of users making up the read-only access
646 list for the console. If username matches a previously
647 defined group name, all members of the previous group are
648 applied to the read-only access list (with access re‐
649 versed if prefixed with a `!'). If username doesn't
650 match a previously defined group and username begins with
651 `@', the name (minus the `@') is checked against the
652 host's group database. All users found in the group will
653 be granted (or denied, if prefixed with `!') read-only
654 access. If username doesn't match a previous group and
655 doesn't begin with `@', the users will be granted (or de‐
656 nied, if prefixed with `!') read-only access. If the
657 null string (``""'') is used, any users previously de‐
658 fined for the console's read-only list are removed.
659 rw [!]username[,...]|""
661 Define a list of users making up the read-write access
662 list for the console. If username matches a previously
663 defined group name, all members of the previous group are
664 applied to the read-write access list (with access re‐
665 versed if prefixed with a `!'). If username doesn't
666 match a previously defined group and username begins with
667 `@', the name (minus the `@') is checked against the
668 host's group database. All users found in the group will
669 be granted (or denied, if prefixed with `!') read-write
670 access. If username doesn't match a previous group and
671 doesn't begin with `@', the users will be granted (or de‐
672 nied, if prefixed with `!') read-write access. If the
673 null string (``""'') is used, any users previously de‐
674 fined for the console's read-write list are removed.
675 tasklist c[,...]|""
677 Associate a list of tasks referenced by c with the con‐
678 sole. If ``*'' is used (the default), all defined tasks
679 will be available. If the null string (``""'') is used,
680 no tasks will be available.
681 timestamp [number[m|h|d|l]][a][b]|""
683 Specifies the time between timestamps applied to the con‐
684 sole log file and whether to log read/write connection
685 actions. The timestamps look like ``[-- MARK -- Mon Jan
686 25 14:46:56 1999]''. The `m', `h', and `d' tags specify
687 ``minutes'' (the default), ``hours'', and ``days''. The
688 `l' tag specifies ``lines'' and will cause timestamps of
689 the form ``[Mon Jan 25 14:46:56 PST 1999]'' to be placed
690 every number lines (a newline character signifies a new
691 line). So, ``5h'' specifies every five hours and ``2l''
692 specifies every two lines. An `a' can be specified to
693 add logs of ``attached'', ``detached'', and ``bumped''
694 actions, including the user's name and the host from
695 which the client connection was made. A `b' can be spec‐
696 ified to add logging of break sequences sent to the con‐
697 sole.
698 type device|ipmi|exec|host|noop|uds
700 Set the type of console. A type of ``device'' should be
701 used for local serial ports (also set the device value).
702 A type of ``ipmi'' should be used for IPMI serial over
703 LAN consoles (also set the host value and possibly the
704 username, password, and ipmi* values). A type of
705 ``exec'' should be used for command invocations (perhaps
706 also set the exec value). A type of ``host'' should be
707 used for terminal servers and other TCP socket-based in‐
708 teraction (also set the host and port values). A type of
709 ``noop'' should be used as a placeholder - it does noth‐
710 ing, ignores any logfile value and forces the !nologin
711 option (so you might want to set the motd value). A type
712 of ``uds'' should be used for Unix domain sockets (also
713 set the uds option).
714 uds filename
716 Assign the Unix domain socket filename as the path to the
717 console. Only consoles of type ``uds'' will use this
718 value.
719 udssubst c=t[n]f[,...]|""
721 Perform character substitutions on the uds value. See
722 the devicesubst option for an explanation of the format
723 string. If the null string (``""'') is used, no replace‐
724 ments will be done.
725 username username|""
727 Use username during IPMI authentication. If the null
728 string (``""'') is used (the default), the ``null'' user
729 will be used.
730 group name
732 Define a user group identified as name.
733 users [!]username[,...]|""
735 Define a list of users making up the group name. If
736 username matches a previously defined group name, all
737 members of the previous group are applied to the current
738 group (with access reversed if prefixed with a `!'). If
739 username doesn't match a previously defined group and
740 username begins with `@', the name (minus the `@') is
741 checked against the host's group database. All users
742 found in the group will be recorded with (or without, if
743 prefixed with `!') access. If username doesn't match a
744 previous group and doesn't begin with `@', the users will
745 be recorded with (or without, if prefixed with `!') ac‐
746 cess. If the null string (``""'') is used, any users
747 previously defined for this group are removed.
748 task c
750 Define a task where c is a lowercase alphanumeric (0-9a-z).
751 Tasks are invoked via the ``^Ec!c'' client escape sequence.
752 cmd command|""
754 Invoke command on the server when instructed by the
755 client. All file descriptors are closed, except for
756 stderr (which is inherited from the server). The command
757 is passed as an argument to ``/bin/sh -ce'' and is a
758 ``fire and forget'' methodology (you need to check logs
759 for any issues). If the null string (``""'') is used,
760 the entire task definition is ignored.
761 confirm yes|true|on|no|false|off
763 Set whether or not to ask the client for confirmation be‐
764 fore invoking the task. The default is ``no''.
765 description string
767 Set a description for the task. When a client lists
768 tasks, string will be printed instead of the command de‐
769 fined above. If the null string (``""'') is used, the
770 command defined above will be printed.
771 runas [user][:group]|""
773 By default, the command invoked by cmd is run with the
774 same privileges as the server. If the server is running
775 with root privileges, this option resets the user and/or
776 group of the invoked process to user and group respec‐
777 tively. user may be a username or numeric uid and group
778 may be a group name or numeric gid. Either one is op‐
779 tional. If the server is not running with root privi‐
780 leges, these values are not used. If the null string
781 (``""'') is specified, the default of running with the
782 same privileges as the server is restored.
783 subst c=t[n]f[,...]|""
785 Perform character substitutions on the cmd value. See
786 the devicesubst option for an explanation of the format
787 string. If the null string (``""'') is used, no replace‐
788 ments will be done.
789
791 Bryan Stansell, conserver.com
792
794 console(1), conserver.passwd(5), conserver(8)
795conserver-8.2.7 2022/07/07 CONSERVER.CF(5)