[doldaconnect.git] / doc / doldacond.8

.\"
.\" Copyright (C) 2007 Fredrik Tolf (fredrik@dolda2000.com)
.\"
.\" This is free documentation; you can redistribute it and/or
.\" modify it under the terms of the GNU General Public License as
.\" published by the Free Software Foundation; either version 2 of
.\" the License, or (at your option) any later version.
.\"
.\" The GNU General Public License's references to "object code"
.\" and "executables" are to be interpreted as the output of any
.\" document formatting or typesetting system, including
.\" intermediate and printed output.
.\"
.\" This manual is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public
.\" License along with this manual; if not, write to the Free
.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
.\" USA.
.\"
.TH DOLDACOND 8 "2007-04-11" "" "Dolda Connect manual"
.SH NAME
doldacond \- Dolda Connect daemon
.SH SYNOPSIS
.B doldacond
[ \fB-hns\fP ] [ \fB-C\fP \fIconfigfile\fP ]
[ \fB-p\fP \fIpidfile\fP ] [ \fB-f\fP -fIfacility\fP ]
.SH DESCRIPTION
The \fBdoldacond\fP program is the primary part of the collection of
software that makes up Dolda Connect. It runs in the background and
carries out all the actual work of filesharing. Other programs connect
to \fBdoldacond\fP over a socket in order to command it and/or display
its status to a user.
.P
The configuration of \fBdoldacond\fP is controlled via the
\fBdoldacond.conf\fP(5) file, which is described in detail in its own
manual page.
.SH OPTIONS
.TP
.B -h
Displays a brief usage message on stdout and exits.
.TP
.B -s
Normally, \fBdoldacond\fP will print log messages to stderr before it
has daemonized, and switch to syslog output after daemonization. With
the -s option, however, it will log to syslog directly, and never to
stderr. It is probably only useful when starting \fBdoldacond\fP from
an init script.
.TP
.B -n
Causes \fBdoldacond\fP to not daemonize. As a side-effect of avoiding
daemonization, log messages will be printed to stderr rather than to
syslog even after the point where the daemon would normally have
daemonized (unless the -s option is also specified).
.TP
.BI -C " configfile"
Use \fIconfigfile\fP instead of the normal search list for
configuration files. See \fBdoldacond.conf\fP(5) for the normal
behavior.
.TP
.BI -p " pidfile"
Write the daemon's PID to \fIpidfile\fP after daemonization. Works
even if the -n option has been specified.
.TP
.BI -f " facility"
Use \fIfacility\fP when logging to syslog. The facility can be any of
\fBauth\fP, \fBauthpriv\fP, \fBcron\fP, \fBdaemon\fP, \fBftp\fP,
\fBkern\fP, \fBlpr\fP, \fBmail\fP, \fBnews\fP, \fBsyslog\fP,
\fBuser\fP, \fBuucp\fP or \fBlocal0\fP...\fB7\fP, although only a
subset probably make sense for \fBdoldacond\fP. The default is
\fBdaemon\fP. Also see the BUGS section.
.SH FILES
The configuration file will normally be called
/usr/local/etc/doldacond.conf, /etc/doldacond.conf or
~/.doldacond.conf, but a multitude of others are possible. See the
\fBdoldacond.conf\fP(5) manual page for details.
.SH SIGNALS
.TP
.B SIGHUP
Causes the daemon to reread its configuration file and update its
operation accordingly, and to rescan all shared directories. SIGHUP
can safely be sent at any time \- no connected clients or hubs will be
affected.
.TP
.B SIGINT, SIGTERM
Shut down the daemon cleanly, unlinking temporary files and sockets.
.TP
.B SIGUSR1, SIGUSR2
Used for debugging. USR1 will cause the daemon to fork and dump a core
file, and USR2 will dump some memory usage information to /tmp.
.SH SECURITY
Dolda Connect, including \fBdoldacond\fP and its assorted clients, are
capable of a number of different authentication methods. The default
configuration will cause the daemon to only listen for client
connections on a Unix socket, over which authentication will be made
using Unix credentials passing. When running clients over a network,
authentication can be done using either PAM, Kerberos 5 (requires the
MIT libraries) or client trust (no authentication). Unix credentials
passing and Kerberos authentication should be perfectly secure. PAM
authentication should be secure in itself, but the client protocol is
not encrypted, and therefore causes passwords to be sent over the
network in the clear. Authentication-less operation is, obviously, not
secure at all and is disabled by default. It may be useful on a
trusted network, however.
.SH BUGS
\fBdoldacond\fP has proved to be surprisingly stable. I have had it
running for far longer than a month without any sign of instability or
memory leaks, which is probably a lot longer than a program of this
kind really needs to be able to stay running.
.P
That said, it is not without bugs. Here follows a list of the more
prominent ones.
.P
Most importantly, \fBdoldacond\fP will fail miserably at sharing files
from filesystems that do not have persistent i-numbers, since hashes
are indexed by the i-number of the file. This is done so because
indexing by i-numbers rather than file names allows the daemon to not
rehash files that have merely been renamed. However, among the
filesystems that do not have persistent i-numbers is the Linux
implementation of FAT, which means that it is impossible to share
files that are shared with Microsoft Windows. All the known standard
Unix filesystems, including at least ufs, ext2/3, reiserfs, xfs or any
of them shared over nfs are known to be safe.
.P
From time to time, the hash controller can get stuck, and stop
processing more files. The obvious work-around is to restart
\fBdoldacond\fP, at which point it will continue where it left off. If
you feel adventurous and/or really need to not restart it, you can
attach \fBgdb\fP(1) (or your debugger of choice) to the running
\fBdoldacond\fP process and set the hashjob variable to -1, which will
force \fBdoldacond\fP to resume hashing. Don't do that while a hash
job is actually running, though.
.P
Not really a bug in \fBdoldacond\fP itself, many PAM modules will
reinitialize the syslog library and cause log messages from the daemon
itself to arrive to a different facility than originally intended.
.SH AUTHOR
Fredrik Tolf <fredrik@dolda2000.com>
.SH SEE ALSO
\fBdoldacond.conf\fP(5)
Commit	Line	Data
9b522300	1	.\"
	2	.\" Copyright (C) 2007 Fredrik Tolf (fredrik@dolda2000.com)
	3	.\"
	4	.\" This is free documentation; you can redistribute it and/or
	5	.\" modify it under the terms of the GNU General Public License as
	6	.\" published by the Free Software Foundation; either version 2 of
	7	.\" the License, or (at your option) any later version.
	8	.\"
	9	.\" The GNU General Public License's references to "object code"
	10	.\" and "executables" are to be interpreted as the output of any
	11	.\" document formatting or typesetting system, including
	12	.\" intermediate and printed output.
	13	.\"
	14	.\" This manual is distributed in the hope that it will be useful,
	15	.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
	16	.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	17	.\" GNU General Public License for more details.
	18	.\"
	19	.\" You should have received a copy of the GNU General Public
	20	.\" License along with this manual; if not, write to the Free
	21	.\" Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111,
	22	.\" USA.
	23	.\"
	24	.TH DOLDACOND 8 "2007-04-11" "" "Dolda Connect manual"
	25	.SH NAME
	26	doldacond \- Dolda Connect daemon
	27	.SH SYNOPSIS
	28	.B doldacond
	29	[ \fB-hns\fP ] [ \fB-C\fP \fIconfigfile\fP ]
	30	[ \fB-p\fP \fIpidfile\fP ] [ \fB-f\fP -fIfacility\fP ]
	31	.SH DESCRIPTION
	32	The \fBdoldacond\fP program is the primary part of the collection of
	33	software that makes up Dolda Connect. It runs in the background and
	34	carries out all the actual work of filesharing. Other programs connect
	35	to \fBdoldacond\fP over a socket in order to command it and/or display
	36	its status to a user.
	37	.P
	38	The configuration of \fBdoldacond\fP is controlled via the
	39	\fBdoldacond.conf\fP(5) file, which is described in detail in its own
	40	manual page.
	41	.SH OPTIONS
	42	.TP
	43	.B -h
	44	Displays a brief usage message on stdout and exits.
	45	.TP
	46	.B -s
	47	Normally, \fBdoldacond\fP will print log messages to stderr before it
	48	has daemonized, and switch to syslog output after daemonization. With
	49	the -s option, however, it will log to syslog directly, and never to
	50	stderr. It is probably only useful when starting \fBdoldacond\fP from
	51	an init script.
	52	.TP
	53	.B -n
	54	Causes \fBdoldacond\fP to not daemonize. As a side-effect of avoiding
	55	daemonization, log messages will be printed to stderr rather than to
	56	syslog even after the point where the daemon would normally have
	57	daemonized (unless the -s option is also specified).
	58	.TP
	59	.BI -C " configfile"
	60	Use \fIconfigfile\fP instead of the normal search list for
	61	configuration files. See \fBdoldacond.conf\fP(5) for the normal
	62	behavior.
	63	.TP
	64	.BI -p " pidfile"
65	Write the daemon's PID to \fIpidfile\fP after daemonization. Works
66	even if the -n option has been specified.
67	.TP
68	.BI -f " facility"
69	Use \fIfacility\fP when logging to syslog. The facility can be any of
70	\fBauth\fP, \fBauthpriv\fP, \fBcron\fP, \fBdaemon\fP, \fBftp\fP,
71	\fBkern\fP, \fBlpr\fP, \fBmail\fP, \fBnews\fP, \fBsyslog\fP,
72	\fBuser\fP, \fBuucp\fP or \fBlocal0\fP...\fB7\fP, although only a
73	subset probably make sense for \fBdoldacond\fP. The default is
74	\fBdaemon\fP. Also see the BUGS section.
75	.SH FILES
76	The configuration file will normally be called
77	/usr/local/etc/doldacond.conf, /etc/doldacond.conf or
78	~/.doldacond.conf, but a multitude of others are possible. See the
79	\fBdoldacond.conf\fP(5) manual page for details.
80	.SH SIGNALS
81	.TP
82	.B SIGHUP
83	Causes the daemon to reread its configuration file and update its
84	operation accordingly, and to rescan all shared directories. SIGHUP
85	can safely be sent at any time \- no connected clients or hubs will be
86	affected.
87	.TP
88	.B SIGINT, SIGTERM
89	Shut down the daemon cleanly, unlinking temporary files and sockets.
90	.TP
91	.B SIGUSR1, SIGUSR2
92	Used for debugging. USR1 will cause the daemon to fork and dump a core
93	file, and USR2 will dump some memory usage information to /tmp.
94	.SH SECURITY
95	Dolda Connect, including \fBdoldacond\fP and its assorted clients, are
96	capable of a number of different authentication methods. The default
97	configuration will cause the daemon to only listen for client
98	connections on a Unix socket, over which authentication will be made
99	using Unix credentials passing. When running clients over a network,
100	authentication can be done using either PAM, Kerberos 5 (requires the
101	MIT libraries) or client trust (no authentication). Unix credentials
102	passing and Kerberos authentication should be perfectly secure. PAM
103	authentication should be secure in itself, but the client protocol is
104	not encrypted, and therefore causes passwords to be sent over the
105	network in the clear. Authentication-less operation is, obviously, not
106	secure at all and is disabled by default. It may be useful on a
107	trusted network, however.
108	.SH BUGS
109	\fBdoldacond\fP has proved to be surprisingly stable. I have had it
110	running for far longer than a month without any sign of instability or
111	memory leaks, which is probably a lot longer than a program of this
112	kind really needs to be able to stay running.
113	.P
114	That said, it is not without bugs. Here follows a list of the more
115	prominent ones.
116	.P
117	Most importantly, \fBdoldacond\fP will fail miserably at sharing files
118	from filesystems that do not have persistent i-numbers, since hashes
119	are indexed by the i-number of the file. This is done so because
120	indexing by i-numbers rather than file names allows the daemon to not
121	rehash files that have merely been renamed. However, among the
122	filesystems that do not have persistent i-numbers is the Linux
123	implementation of FAT, which means that it is impossible to share
124	files that are shared with Microsoft Windows. All the known standard
125	Unix filesystems, including at least ufs, ext2/3, reiserfs, xfs or any
126	of them shared over nfs are known to be safe.
127	.P
128	From time to time, the hash controller can get stuck, and stop
129	processing more files. The obvious work-around is to restart
130	\fBdoldacond\fP, at which point it will continue where it left off. If
131	you feel adventurous and/or really need to not restart it, you can
132	attach \fBgdb\fP(1) (or your debugger of choice) to the running
133	\fBdoldacond\fP process and set the hashjob variable to -1, which will
134	force \fBdoldacond\fP to resume hashing. Don't do that while a hash
135	job is actually running, though.
136	.P
137	Not really a bug in \fBdoldacond\fP itself, many PAM modules will
138	reinitialize the syslog library and cause log messages from the daemon
139	itself to arrive to a different facility than originally intended.
140	.SH AUTHOR
141	Fredrik Tolf <fredrik@dolda2000.com>
142	.SH SEE ALSO
143	\fBdoldacond.conf\fP(5)