1sac(1M)                 System Administration Commands                 sac(1M)
2
3
4

NAME

6       sac - service access controller
7

SYNOPSIS

9       sac -t sanity_interval
10
11
12       /usr/lib/saf/sac
13
14

DESCRIPTION

16       The  Service  Access  Controller  (SAC)  is  the overseer of the server
17       machine. It is started when the server machine enters  multiuser  mode.
18       The SAC performs several important functions as explained below.
19
20   Customizing the SAC Environment
21       When  sac  is  invoked, it first looks for the per-system configuration
22       script /etc/saf/_sysconfig. sac interprets _sysconfig to customize  its
23       own  environment.  The  modifications  made  to  the SAC environment by
24       _sysconfig are inherited by all the children of the SAC. This inherited
25       environment may be modified by the children.
26
27   Starting Port Monitors
28       After  it has interpreted the _sysconfig file, the sac reads its admin‐
29       istrative file /etc/saf/_sactab. _sactab specifies which port  monitors
30       are  to  be  started.  For each port monitor to be started, sac forks a
31       child (see fork(2)) and creates a utmpx entry with the type  field  set
32       to  LOGIN_PROCESS. Each child then interprets its per-port monitor con‐
33       figuration script /etc/saf/pmtag/_config , if the  file  exists.  These
34       modifications  to  the environment  affect the port monitor and will be
35       inherited by all its children. Finally, the  child  process  execs  the
36       port  monitor,  using  the  command  found  in the _sactab entry.  (See
37       sacadm; this is the command given with the -c option when the port mon‐
38       itor is added to the system.)
39
40   Polling Port Monitors to Detect Failure
41       The -t option sets the frequency with which sac polls the port monitors
42       on the system. This time may also be thought of as half of the  maximum
43       latency  required  to  detect  that  a port monitor has failed and that
44       recovery action is necessary.
45
46   Administrative functions
47       The Service Access Controller represents the  administrative  point  of
48       control  for  port  monitors.  Its  administrative  tasks are explained
49       below.
50
51
52       When queried (sacadm with either -l or -L),  the  Service  Access  Con‐
53       troller  returns  the  status   of  the  port monitors specified, which
54       sacadm prints on the standard output. A port monitor may be in  one  of
55       six states:
56
57       ENABLED       The  port  monitor  is currently running and is accepting
58                     connections. See sacadm(1M) with the -e option.
59
60
61       DISABLED      The port monitor is currently running and is not  accept‐
62                     ing  connections.  See sacadm with the -d option, and see
63                     NOTRUNNING, below.
64
65
66       STARTING      The port monitor is in the process of starting up. START‐
67                     ING  is  an  intermediate state  on the way to ENABLED or
68                     DISABLED.
69
70
71       FAILED        The port monitor was unable to start and remain running.
72
73
74       STOPPING      The port monitor has been manually terminated but has not
75                     completed its shutdown procedure. STOPPING is an interme‐
76                     diate state on the way to NOTRUNNING.
77
78
79       NOTRUNNING    The port monitor is not currently  running.  (See  sacadm
80                     with  -k.) This is the normal "not running" state. When a
81                     port monitor is killed, all ports it was  monitoring  are
82                     inaccessible.  It is not possible for an external user to
83                     tell whether a port is not being monitored or the  system
84                     is  down. If the port monitor is not killed but is in the
85                     DISABLED state, it may be possible (depending on the port
86                     monitor  being used) to write a message on the inaccessi‐
87                     ble port telling the user who is  trying  to  access  the
88                     port that it is disabled. This is the advantage of having
89                     a DISABLED state as well as the NOTRUNNING state.
90
91
92
93       When a port monitor terminates, the SAC removes  the  utmpx  entry  for
94       that port monitor.
95
96
97       The  SAC  receives all requests to enable, disable, start, or stop port
98       monitors and  takes the appropriate action.
99
100
101       The SAC is responsible for restarting  port  monitors  that  terminate.
102       Whether or not the SAC will restart a given port monitor depends on two
103       things:
104
105           o      The restart count specified for the port  monitor  when  the
106                  port  monitor  was  added  by  sacadm;  this  information is
107                  included in /etc/saf/pmtag/_sactab.
108
109           o      The number of  times  the  port  monitor  has  already  been
110                  restarted.
111

SECURITY

113       sac  uses pam(3PAM) for session management.  The PAM configuration pol‐
114       icy, listed through /etc/pam.conf,  specifies  the  session  management
115       module to be used for sac. Here is a partial pam.conf file with entries
116       for sac using the UNIX session management module.
117
118         sac  session   required   pam_unix_session.so.1
119
120
121
122       If there are no entries for the sac service, then the entries  for  the
123       "other" service will be used.
124

OPTIONS

126       -t sanity_interval    Sets  the  frequency (sanity_interval) with which
127                             sac polls the port monitors on the system.
128
129

FILES

131           o      /etc/saf/_sactab
132
133           o      /etc/saf/_sysconfig
134
135           o      /var/adm/utmpx
136
137           o      /var/saf/_log
138

ATTRIBUTES

140       See attributes(5) for descriptions of the following attributes:
141
142
143
144
145       ┌─────────────────────────────┬─────────────────────────────┐
146       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
147       ├─────────────────────────────┼─────────────────────────────┤
148       │Availability                 │SUNWcsu                      │
149       └─────────────────────────────┴─────────────────────────────┘
150

SEE ALSO

152       pmadm(1M), sacadm(1M), fork(2) pam(3PAM),  pam.conf(4),  attributes(5),
153       pam_authtok_check(5),     pam_authtok_get(5),     pam_authtok_store(5),
154       pam_dhkeys(5),         pam_passwd_auth(5),         pam_unix_account(5),
155       pam_unix_auth(5), pam_unix_session(5)
156

NOTES

158       The pam_unix(5) module is no longer supported. Similar functionality is
159       provided   by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
160       tok_store(5),  pam_dhkeys(5),  pam_passwd_auth(5), pam_unix_account(5),
161       pam_unix_auth(5), and pam_unix_session(5).
162
163
164       The service access controller service is managed by the service manage‐
165       ment facility, smf(5), under the service identifier:
166
167         svc:/system/sac:default
168
169
170
171
172       Administrative actions on this service, such as enabling, disabling, or
173       requesting restart, can be performed using  svcadm(1M).  The  service's
174       status can be queried using the svcs(1) command.
175
176
177
178SunOS 5.11                        21 Apr 2009                          sac(1M)
Impressum