fam(1M) fam(1M)
fam - file alteration monitor
/usr/etc/fam [ -f | -v | -d ] [ -l | -t NFS_polling_interval ]
[ -T idle_timeout ] [ -p program.version ] [ -L ] [ -C ]
[ -c config_file ]
fam is a server that tracks changes to the filesystem and relays these
changes to interested applications. Applications such as fm(1G) and
mailbox(1) present an up-to-date view of the filesystem. In the absence
of fam, these applications and others like them are forced to poll the
filesystem to detect changes. fam is more efficient.
Applications can request fam to monitor any files or directories in any
filesystem. When fam detects changes to monitored files, it notifies the
appropriate application. The FAM API provides a programmatic interface
to fam; see fam(3X).
fam is informed of filesystem changes as they happen by the kernel
through the imon(7M) pseudo device driver. If asked to monitor files on
an NFS mounted filesystem, fam tries to use fam on the NFS server to
monitor files. If fam cannot contact a remote fam, it polls the files
instead. fam also polls special files.
Normally, fam is started by inetd(1M). It is registered with portmap(1M)
as performing the sgi_fam service.
-l Disable polling of NFS files. It does not
disable use of remote fam on NFS servers, nor
does it disable polling of local files.
-t NFS_polling_interval Set the interval for polling files to
NFS_polling_interval seconds. The default is
six seconds.
-T idle_timeout Set the idle timeout interval to idle_timeout.
fam exits idle_timeout seconds after its last
client disconnects. A value of 0 causes fam to
wait indefinitely for new connections. The
default is five seconds.
-f Remain in the foreground instead of spawning a
child and exiting. This option is ignored if
fam is started by inetd.
-v Turn on verbose messages.
Page 1
fam(1M) fam(1M)
-d Enable verbose messages and debug messages.
-p program.version Use the specified RPC program and version
numbers.
-L Local-only mode. fam will only accept requests
from clients running on the local machine.
This overrides the local_only flag in the
configuration file. This option is ignored if
fam is started by inetd.
-C Compatibility mode. This disables
authentication and reduces access security as
described under SECURITY below. This overrides
the insecure_compatibility flag in the
configuration file.
-c config_file Read configuration information from the given
file rather than the default, which is
/etc/fam.conf.
In addition to its command-line options, fam's behavior can also be
controlled through its configuration file. By default, this is
/etc/fam.conf; the -c command-line option can be used to specify an
alternate file. Configuration lines are in the format option=value.
Lines beginning with # or ! are ignored. fam recognizes the following
options:
insecure_compatibility If set to true, this disables authentication
and reduces access security as described under
SECURITY below. This is false by default.
Setting this option to true is the same as
using the -C command-line option.
untrusted_user This is the user name or UID of the user
account which fam will use for unauthenticated
clients. If a file can't be stat'ed by this
user, fam will not tell unauthenticated clients
about the file's existence. If an untrusted
user is not given in the configuration file,
fam will write an error message to the system
log and terminate.
local_only If set to true, fam will ignore requests from
remote fams. This is false by default.
Setting this option to true is the same as
using the -L command-line option. This option
is ignored if fam is started by inetd.
Page 2
fam(1M) fam(1M)
xtab_verification If set to true, fam will check the list of
exported filesystems when remote requests are
received to verify that the requests fall on
filesystems which are exported to the
requesting hosts. This is true by default. If
this option is set to false, fam will service
remote requests without attempting to perform
the verification. If the local_only
configuration option or -L command-line option
is used, xtab_verification has no effect.
For backward compatibility, the -C command-line option and
insecure_compatibility configuration option can be used to disable
authentication. Configuring fam this way opens a publically known
security weakness whereby a "rogue client" can obtain the names of all
the files and directories on the system.
You might want to configure fam this way if you have a client program
which is statically linked to an older version of libfam.a which does not
perform authentication; see COMPATIBILITY below.
Note that fam never opens the files it's monitoring, and cannot be used
by a rogue client to read the contents of any file on the system. fam
only gives out the names of monitored files, and only monitors files
which the client can stat(1M). Users can stat a file without having read
permission on it as long as they have search permission on the directory
containing it.
If you have an existing FAM client which isn't seeing files which you
think it should be able to see, or which doesn't seem to be responding to
file operations, try running fam with the -C flag and restarting the
client. If that appears to fix the problem, the client is probably
statically linked with a non-authenticating version of libfam. (libfam
on IRIX prior to 6.5.8 does not perform authentication.)
The best way to fix this is to recompile your program with a current
version of libfam. If recompiling isn't an option, and the client only
monitors a few known files, you might add a user account named "fammable"
(for example), add that account to a group which can stat(1M) those
files, and change the untrusted_user option in the configuration file to
make fam use that account for requests from unauthenticated clients.
/etc/fam.conf
fm(1G), inetd(1M), mailbox(1), portmap(1M), fam(3X), imon(7M), stat(1M).
P�P�P�Pa�a�a�ag�g�g�ge�e�e�e 3�3�3�3 [ Back ]
|
