NetBSD/dist/am-utils/scripts/amd.conf.5

743 lines
26 KiB
Groff

.\" $NetBSD: amd.conf.5,v 1.11 2005/04/23 18:38:18 christos Exp $
.\"
.\"
.\" Copyright (c) 1997-2005 Erez Zadok
.\" Copyright (c) 1990 Jan-Simon Pendry
.\" Copyright (c) 1990 Imperial College of Science, Technology & Medicine
.\" Copyright (c) 1990 The Regents of the University of California.
.\" All rights reserved.
.\"
.\" This code is derived from software contributed to Berkeley by
.\" Jan-Simon Pendry at Imperial College, London.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\" must display the following acknowledgment:
.\" This product includes software developed by the University of
.\" California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" %W% (Berkeley) %G%
.\"
.\" Id: amd.conf.5,v 1.37 2005/04/17 03:05:54 ezk Exp
.\"
.TH AMD.CONF 5 "7 August 1997"
.SH NAME
amd.conf \- amd configuration file
.SH SYNOPSIS
.B amd.conf
.SH DESCRIPTION
The
.B amd.conf
file is the configuration file for amd, as part of the am-utils suite.
.P
.B amd.conf
contains runtime configuration information for the
.B amd
automounter program.
.\" **************************************************************************
.SH FILE FORMAT
.P
The file consists of sections and parameters. A section begins with the
name of the section in square brackets and continues until the next section
begins or the end the file is reached. Sections contain parameters of the
form 'name = value'.
.P
The file is line-based - that is, each newline-terminated line represents
either a comment, a section name or a parameter. No line-continuation
syntax is available.
.P
Section, parameter names and their values are case sensitive.
.P
Only the first equals sign in a parameter is significant. Whitespace before
or after the first equals sign is discarded. Leading, trailing and
internal whitespace in section and parameter names is irrelevant. Leading
and trailing whitespace in a parameter value is discarded. Internal
whitespace within a parameter value is not allowed, unless the whole
parameter value is quoted with double quotes as in 'name = "some value"'.
.P
Any line beginning with a pound sign (#) is ignored, as are lines containing
only whitespace.
.P
The values following the equals sign in parameters are all either a string
(no quotes needed if string does not include spaces) or a boolean, which may
be given as yes/no. Case is significant in all values. Some items such as
cache timeouts are numeric.
.\" **************************************************************************
.SH SECTIONS
.SS The [global] section
Parameters in this section either apply to amd as a whole, or to all other
regular map sections which follow. There should be only one global section
defined in one configuration file.
.P
It is highly recommended that this section be specified first in the
configuration file. If it is not, then regular map sections which precede
it will not use global values defined later.
.SS Regular [/map] sections
Parameters in regular (non-global) sections apply to a single map entry.
For example, if the map section
.B [/homes]
is defined, then all parameters following it will be applied to the
.I /homes
amd-managed mount point.
.\" **************************************************************************
.SH PARAMETERS
.SS Parameters common to all sections
These parameters can be specified either in the global or a map specific
section. Entries specified in a map-specific section override the default
value or one defined in the global section. If such a common parameter is
specified only in the global section, it is applicable to all regular map
sections that follow.
.\" **************************************************************************
.TP
.BR browsable_dirs " (string, default=no)"
If "yes," then amd's top-level mount points will be browsable to
.BR readdir (3)
calls. This means you could run for example
.BR ls (1)
and see what keys are available to mount in that directory. Not all entries
are made visible to readdir(3): the "/default" entry, wildcard
entries, and those with a "/" in them are not included. If you specify
"full" to this option, all but "/default" will be visible.
Note that if you run a command which will attempt to
.BR stat (2)
the entries, such as often done by "ls -l" or "ls -F," amd will attempt to
mount
.I every
entry in that map. This is often called a ``mount storm''.
.TP
.BR map_defaults " (string, default to empty)"
This option sets a string to be used as the map's /defaults entry,
overriding any /defaults specified in the map. This allows local users to
override map defaults without modifying maps globally.
.TP
.BR map_options " (string, default no options)"
This option is the same as specifying map options on the command line to
amd, such as "cache:=all".
.TP
.BR map_type " (string, default search all map types)"
If specified, amd will initialize the map only for the type given. This is
useful to avoid the default map search type used by amd which takes longer
and can have undesired side-effects such as initializing NIS even if not
used. Possible values are
.nf
\fBexec\fR executable maps
\fBfile\fR plain files
\fBhesiod\fR Hesiod name service from MIT
\fBldap\fR Lightweight Directory Access Protocol
\fBndbm\fR (New) dbm style hash files
\fBnis\fR Network Information Services (version 2)
\fBnisplus\fR Network Information Services Plus (version 3)
\fBpasswd\fR local password files
\fBunion\fR union maps
.fi
.TP
.BR mount_type " (string, default=nfs)"
All amd mount types default to NFS. That is, amd is an NFS server on the
map mount points, for the local host it is running on. If "autofs" is
specified, amd will be an autofs server for those mount points.
.TP
.BR autofs_use_lofs " (string, default=yes)"
When set to "yes" and using Autofs, Amd will use lofs-type (loopback) mounts
for type:=link mounts. This has the advantage of mounting in place, and
users get to the see the same pathname that they chdir'ed into. If this
option is set to "no," then Amd will use symlinks instead: that code is more
tested, but negates autofs's big advantage of in-place mounts.
.TP
.BR search_path " (string, default no search path)"
This provides a (colon-delimited) search path for file maps. Using a search
path, sites can allow for local map customizations and overrides, and can
distributed maps in several locations as needed.
.\" **************************************************************************
.SS Parameters applicable to the global section only
.TP
.BR arch " (string, default to compiled in value)"
Same as the
.B \-A
option to amd. Allows you to override the value of the
.I arch
amd variable.
.TP
.BR auto_attrcache " (numeric, default=0)"
Specify in seconds, the (kernel-side) NFS attribute cache timeout for amd's
own automount points. A value of 0 turns off attribute caching, meaning
that amd will be consulted via a kernel-RPC each time someone stat's the
mount point (which could be abused as a denial-of-service attack). Warning:
if you set this option to any non-zero value, especially a large value, and
you get ESTALE errors on your particular OS , then set this value back to 0
seconds.
.TP
.BR auto_dir " (string, default=/a)"
Same as the
.B \-a
option to amd. This sets the private directory where amd will create
sub-directories for its real mount points.
.TP
.BR cache_duration " (numeric, default=300)"
Same as the
.B \-c
option to amd. Sets the duration in seconds that looked-up or mounted map
entries remain in the cache.
.TP
.BR cluster " (string, default no cluster)"
Same as the
.B \-C
option to amd. Specifies the alternate HP-UX cluster to use.
.TP
.BR debug_mtab_file " (string, default=/tmp/mnttab)"
Path to mtab file that is used by Amd to store a list of mounted
file systems during debug-mtab mode. This option only applies
to systems that store mtab information on disk.
.TP
.TP
.BR debug_options " (string, default no debug options)"
Same as the
.B \-D
option to amd. Specify any debugging options for amd. Works only if
am-utils was configured for debugging using the --enable-debug option. The
"mem" option, as well as all other options, can be turned on via
--enable-debug=mem. Otherwise debugging options are ignored. Options are
comma delimited, and can be preceded by the string "no" to negate their
meaning. You can get the list of supported debugging options by running amd
\-H. Possible values are:
.nf
\fBall\fR all options
\fBamq\fR register for amq
\fBdaemon\fR enter daemon mode
\fBfork\fR fork server
\fBfull\fR program trace
\fBhrtime\fR print high resolution time stamps (only if syslog(3) is not used)
\fBinfo\fR info service specific debugging (hesiod, nis, etc.)
\fBmem\fR trace memory allocations
\fBmtab\fR use local "./mtab" file
\fBreaddir\fR show browsable_dirs progress
\fBstr\fR debug string munging
\fBtest\fR full debug but no daemon
\fBtrace\fR trace protocol and NFS mount arguments
\fBxdrtrace\fR trace XDR routines
.fi
.TP
.BR dismount_interval " (numeric, default=120)"
Same as the
.B \-w
option to amd. Specify in seconds, the time between attempts to dismount
file systems that have exceeded their cached times.
.TP
.BR domain_strip " (boolean, default=yes)"
If "yes," then the domain
name part referred to by ${rhost} is stripped off. This is
useful to keep logs and smaller. If "no," then the domain name
part is left changed. This is useful when using multiple domains with
the same maps (as you may have hosts whose domain-stripped name is
identical).
.TP
.BR exec_map_timeout " (numeric, default=10)"
The timeout in seconds that
.I Amd
will wait for an executable map program before an answer is returned from
that program (or script). This value should be set to as small as possible
while still allowing normal replies to be returned before the timer expires,
because during the time that the executable map program is queried,
.I Amd
is essentially waiting and is thus not responding to any other queries.
.TP
.BR full_os " (string, default to compiled in value)"
The full name of the operating system, along with its version. Allows you
to override the compiled-in full name and version of the operating system.
Useful when the compiled-in name is not desired. For example, the full
operating system name on linux comes up as ``linux'', but you can override
it to ``linux-2.2.5.''
.TP
.BR fully_qualified_hosts " (string, default=no)"
If "yes,"
.I Amd
will perform RPC authentication using fully-qualified host names. This is
necessary for some systems, and especially when performing cross-domain
mounting. For this function to work, the
.I Amd
variable ${hostd} is used, requiring that ${domain} not be null.
.TP
.BR hesiod_base " (string, default=automount)"
Specify the base name for hesiod maps.
.TP
.BR karch " (string, default to karch of the system)"
Same as the
.B \-k
option to amd. Allows you to override the kernel-architecture of your
system. Useful for example on Sun (SPARC) machines, where you can build one
amd binary, and run it on multiple machines, yet you want each one to get
the correct
.I karch
variable set (for example, sun4c, sun4m, sun4u, etc.) Note that if not
specified, amd will use uname(3) to figure out the kernel architecture of
the machine.
.TP
.BR ldap_base " (string, default not set)"
Specify the base name for LDAP. This often includes LDAP-specific
values such as country and organization.
.TP
.BR ldap_cache_maxmem " (numeric, default=131072)"
Specify the maximum memory amd should use to cache LDAP entries.
.TP
.BR ldap_cache_seconds " (numeric, default=0)"
Specify the number of seconds to keep entries in the cache.
.TP
.BR ldap_hostports " (string, default not set)"
Specify the LDAP host and port values.
.TP
.BR ldap_proto_version " (numeric, default=2)"
Specify the version of the LDAP protocol to use.
.TP
.BR local_domain " (string, default no sub-domain)"
Same as the
.B \-d
option to amd. Specify the local domain name. If this option is not given
the domain name is determined from the hostname, by removing the first
component of the fully-qualified host name.
.TP
.BR localhost_address " (string, default to localhost or 127.0.0.1)"
Specify the name or IP address for amd to use when connecting the sockets
for the local NFS server and the RPC server. This defaults to 127.0.0.1 or
whatever the host reports as its local address. This parameter is useful on
hosts with multiple addresses where you want to force amd to connect to a
specific address.
.TP
.BR log_file " (string, default=/dev/stderr)"
Same as the
.B \-l
option to amd. Specify a file name to log amd events to.
If the string
.B /dev/stderr
is specified, amd will send its events to the standard error file descriptor.
If the string
.B syslog
is given, amd will record its events with the system logger
.BR syslogd (8).
The default syslog facility used is LOG_DAEMON. If you
wish to change it, append its name to the log file name, delimited by a
single colon. For example, if
.I logfile
is the string
.B syslog:local7
then amd will log messages via
.IR syslog (3)
using the LOG_LOCAL7 facility (if it exists on the system).
.TP
.BR log_options " (string, default no logging options)"
Same as the
.B \-x
option to amd. Specify any logging options for amd. Options are comma
delimited, and can be preceded by the string "no" to negate their meaning.
The "debug" logging option is only available if am-utils was configured with
--enable-debug. You can get the list of supported debugging and logging
options by running amd \-H. Possible values are:
.nf
\fBall\fR all messages
\fBdebug\fR debug messages
\fBerror\fR non-fatal system errors
\fBfatal\fR fatal errors
\fBinfo\fR information
\fBmap\fR map errors
\fBstats\fR additional statistical information
\fBuser\fR non-fatal user errors
\fBwarn\fR warnings
\fBwarning\fR warnings
.fi
.TP
.BR map_reload_interval " (numeric, default=3600)"
The number of seconds that amd will wait before it checks to see if any maps
have changed at their source (NIS servers, LDAP servers, files, etc.). Amd
will reload only those maps that have changed.
.TP
.BR nfs_allow_insecure_port " (string, default=no)"
Normally amd will refuse requests coming from unprivileged ports (i.e.
ports >= 1024 on Unix systems), so that only privileged users and the kernel
can send NFS requests to it. However, some kernels (certain versions of
Darwin, MacOS X, and Linux) have bugs that cause them to use unprivileged
ports in certain situations, which causes amd to stop dead in its
tracks. This parameter allows amd to operate normally even on such systems,
at the expense of a slight decrease in the security of its operations. If
you see messages like "ignoring request from foo:1234, port not reserved"
in your amd log, try enabling this parameter and give it another go.
.TP
.BR nfs_proto " (string, default to trying version tcp then udp)"
By default, amd tries TCP and then UDP. This option forces the overall NFS
protocol used to TCP or UDP. It overrides what is in the amd maps, and is
useful when amd is compiled with NFSv3 support that may not be stable. With
this option you can turn off the complete usage of NFSv3 dynamically
(without having to recompile amd) until such time as NFSv3 support is
desired again.
.TP
.BR nfs_retransmit_counter " (numeric, default=11)"
Same as the
.I retransmit
part of the
.BI \-t " timeout.retransmit"
option to amd.
Specifies the number of NFS retransmissions that the kernel will use to
communicate with amd.
.TP
.BR nfs_retransmit_counter_udp " (numeric, default=11)"
Same as the
.B nfs_retransmit_counter
option, but for all UDP mounts only.
.TP
.BR nfs_retransmit_counter_tcp " (numeric, default=11)"
Same as the
.B nfs_retransmit_counter
option, but for all TCP mounts only.
.TP
.BR nfs_retry_interval " (numeric, default=8)"
Same as the
.I timeout
part of the
.BI \-t " timeout.retransmit"
option to amd. Specifies the NFS timeout interval, in
.I tenths
of seconds, between NFS/RPC retries (for UDP and TCP).
This is the value that the kernel will use to
communicate with amd.
Amd relies on the kernel RPC retransmit mechanism to trigger mount retries.
The values of the
.B nfs_retransmit_counter
and the
.B nfs_retry_interval
parameters change the overall retry interval. Too long an interval gives
poor interactive response; too short an interval causes excessive retries.
.TP
.BR nfs_retry_interval_udp " (numeric, default=8)"
Same as the
.B nfs_retry_interval
option, but for all UDP mounts only.
.TP
.BR nfs_retry_interval_tcp " (numeric, default=8)"
Same as the
.B nfs_retry_interval
option, but for all TCP mounts only.
.TP
.BR nfs_vers " (numeric, default to trying version 3 then 2)"
By default, amd tries version 3 and then version 2. This option forces the
overall NFS protocol used to version 3 or 2. It overrides what is in the
amd maps, and is useful when amd is compiled with NFSv3 support that may not
be stable. With this option you can turn off the complete usage of NFSv3
dynamically (without having to recompile amd) until such time as NFSv3
support is desired again.
.TP
.BR nis_domain " (string, default to local NIS domain name)"
Same as the
.B \-y
option to amd. Specify an alternative NIS domain from which to fetch the
NIS maps. The default is the system domain name. This option is ignored if
NIS support is not available.
.TP
.BR normalize_hostnames " (boolean, default=no)"
Same as the
.B \-n
option to amd. If "yes," then the name refereed to by ${rhost} is
normalized relative to the host database before being used. The effect is
to translate aliases into ``official'' names.
.TP
.BR normalize_slashes " (boolean, default=yes)"
If "yes," then amd will condense all multiple ``/'' (slash) characters into
one and remove all trailing slashes. If "no," then amd will not touch
strings that may contain repeated or trailing slashes. The latter is
sometimes useful with SMB mounts, which often require multiple slash
characters in pathnames.
.TP
.BR os " (string, default to compiled in value)"
Same as the
.B \-O
option to amd. Allows you to override the compiled-in name of the operating
system. Useful when the built-in name is not desired for backward
compatibility reasons. For example, if the build in name is ``sunos5'', you
can override it to ``sos5'', and use older maps which were written with the
latter in mind.
.TP
.BR osver " (string, default to compiled in value)"
Same as the
.B \-o
option to amd. Overrides the compiled-in version number of the operating
system. Useful when the built in version is not desired for backward
compatibility reasons. For example, if the build in version is ``2.5.1'',
you can override it to ``5.5.1'', and use older maps that were written with
the latter in mind.
.TP
.BR pid_file " (string, default=/dev/stdout)"
Specify a file to store the process ID of the running daemon into. If not
specified, amd will print its process id onto the standard output. Useful
for killing amd after it had run. Note that the PID of a running amd can
also be retrieved via
.B amq
.BR \-p .
This file is used only if the print_pid option is on.
.TP
.BR plock " (boolean, default=yes)"
Same as the
.B \-S
option to amd.
If "yes," lock the running executable pages of amd into memory. To improve
amd's performance, systems that support the
.BR plock (3)
or
.BR mlockall (2)
call can lock the amd process into memory. This way there is less chance it
the operating system will schedule, page out, and swap the amd process as
needed. This improves amd's performance, at the cost of reserving the
memory used by the amd process (making it unavailable for other processes).
.TP
.BR portmap_program " (numeric, default=300019)"
Specify an alternate Port-mapper RPC program number, other than the official
number. This is useful when running multiple amd processes. For example,
you can run another amd in "test" mode, without affecting the primary amd
process in any way. For safety reasons, the alternate program numbers that
can be specified must be in the range 300019-300029, inclusive.
.B amq
has an option
.B -P
which can be used to specify an alternate program number of an amd to
contact. In this way, amq can fully control any number of amd processes
running on the same host.
.TP
.BR preferred_amq_port " (numeric, default=0)"
Specify an alternate Port-mapper RPC port number for Amd's
.B amq
service. This is used for both UDP and TCP. Setting this value to 0 (or
not defining it) will cause
.B amd
to select an arbitrary port number. Setting the
.B amq
RPC service port to a specific number is useful in firewalled or NAT'ed
environments, where you need to know which port
.B amd
will listen on.
.TP
.BR print_pid " (boolean, default=no)"
Same as the
.B \-p
option to amd. If "yes," amd will print its process ID upon starting.
.TP
.BR print_version " (boolean, default=no)"
Same as the
.B \-v
option to amd, but the version prints and amd continues to run. If "yes,"
amd will print its version information string, which includes some
configuration and compilation values.
.TP
.BR restart_mounts " (boolean, default=no)"
Same as the
.B \-r
option to amd. If "yes"
.B amd
will scan the mount table to determine which file systems are currently
mounted. Whenever one of these would have been auto-mounted,
.B amd
inherits it.
.TP
.BR selectors_in_defaults " (boolean, default=no)"
If "yes," then the /defaults entry of maps will search for and process any
selectors before setting defaults for all other keys in that map. Useful
when you want to set different options for a complete map based on some
parameters. For example, you may want to better the NFS performance over
slow slip-based networks as follows:
.nf
/defaults \\
wire==slip-net;opts:=intr,rsize=1024,wsize=1024 \\
wire!=slip-net;opts:=intr,rsize=8192,wsize=8192
.fi
Deprecated form: selectors_on_default
.TP
.BR show_statfs_entries " (boolean), default=no)"
If "yes," then all maps which are browsable will also show the number of
entries (keys) they have when "df" runs. (This is accomplished by returning
non-zero values to the statfs(2) system call).
.TP
.BR unmount_on_exit " (boolean), default=no)"
If "yes," then amd will attempt to unmount all file systems which it knows
about. Normally amd leaves all (esp. NFS) mounted file systems intact.
Note that amd does not know about file systems mounted before it starts up,
unless the restart_mounts option or
.B \-r
flag are used.
.TP
.BR use_tcpwrappers " (boolean), default=yes)"
If "yes," then amd will use the tcpd/librwap tcpwrappers library
(if available) to control
access to amd via the /etc/hosts.allow and /etc/hosts.deny files.
.TP
.BR vendor " (string, default to compiled in value)"
The name of the vendor of the operating system. Overrides the compiled-in
vendor name. Useful when the compiled-in name is not desired. For example,
most Intel based systems set the vendor name to ``unknown'', but you can set
it to ``redhat.''
.\" **************************************************************************
.SS Parameters applicable to regular map sections
.TP
.BR map_name " (string, must be specified)"
Name of the map where the keys are located.
.TP
.BR tag " (string, default no tag)"
Each map entry in the configuration file can be tagged. If no tag is
specified, that map section will always be processed by amd. If it is
specified, then amd will process the map if the
.B -T
option was given to amd, and the value given to that command-line option
matches that in the map section.
.\" **************************************************************************
.SH EXAMPLES
Here is a real amd configuration file I use daily.
.P
.nf
# GLOBAL OPTIONS SECTION
[ global ]
normalize_hostnames = no
print_pid = no
restart_mounts = yes
auto_dir = /n
log_file = /var/log/amd
log_options = all
#debug_options = all
plock = no
selectors_in_defaults = yes
# config.guess picks up "sunos5" and I don't want to edit my maps yet
os = sos5
# if you print_version after setting up "os," it will show it.
print_version = no
map_type = file
search_path = /etc/amdmaps:/usr/lib/amd:/usr/local/AMD/lib
browsable_dirs = yes
# DEFINE AN AMD MOUNT POINT
[ /u ]
map_name = amd.u
[ /proj ]
map_name = amd.proj
[ /src ]
map_name = amd.src
[ /misc ]
map_name = amd.misc
[ /import ]
map_name = amd.import
[ /tftpboot/.amd ]
tag = tftpboot
map_name = amd.tftpboot
.fi
.\" **************************************************************************
.SH "SEE ALSO"
.BR amd (8),
.BR amq (8),
.\" .BR ctl-amd (8),
.BR hosts_access (5).
.LP
``am-utils''
.BR info (1)
entry.
.LP
.I "Linux NFS and Automounter Administration"
by Erez Zadok, ISBN 0-7821-2739-8, (Sybex, 2001).
.LP
.I http://www.am-utils.org
.LP
.I "Amd \- The 4.4 BSD Automounter"
.SH AUTHORS
Erez Zadok <ezk@cs.sunysb.edu>, Computer Science Department, Stony Brook
University, Stony Brook, New York, USA.
.P
Other authors and contributors to am-utils are listed in the
.B AUTHORS
file distributed with am-utils.