Provided by: openafs-fileserver_1.8.10-2.1ubuntu3.4_amd64 
NAME
bosserver - Initializes the BOS Server
SYNOPSIS
bosserver
[-noauth]
[-log]
[-enable_peer_stats]
[-auditlog <log path>]
[-audit-interface ( file | sysvmq )]
[-enable_process_stats]
[-allow-dotted-principals]
[-cores[=none|<path>]]
[-restricted]
[-rxmaxmtu <bytes>]
[-rxbind]
[-syslog[=<facility>]>]
[-transarc-logs]
[-pidfiles[=<path>]]
[-nofork]
[-help]
DESCRIPTION
The bosserver command initializes the Basic OverSeer (BOS) Server (bosserver process). In the
conventional configuration, the binary file is located in the /usr/lib/openafs directory on a file server
machine.
The BOS Server must run on every file server machine and helps to automate file server administration by
performing the following tasks:
• Monitors the other AFS server processes on the local machine, to make sure they are running
correctly.
• Automatically restarts failed processes, without contacting a human operator. When restarting
multiple server processes simultaneously, the BOS Server takes interdependencies into account and
initiates restarts in the correct order.
• Processes commands from the bos suite that administrators issue to verify the status of server
processes, install and start new processes, stop processes either temporarily or permanently, and
restart halted processes.
• Manages system configuration information: the files that list the cell's server encryption keys,
database server machines, and users privileged to issue commands from the bos and vos suites.
The BOS Server is configured via the BosConfig configuration file. Normally, this file is managed via
the bos command suite rather than edited directly. See the BosConfig(5) man page for the syntax of this
file.
The BOS Server will rewrite BosConfig when shutting down, so changes made manually to it will be
discarded. Instead, to change the BOS Server configuration only for the next restart of bosserver,
create a file named /etc/openafs/BosConfig.new. If BosConfig.new exists when bosserver starts, it is
renamed to /etc/openafs/BosConfig, removing any existing file by that name, before bosserver reads its
configuration.
The BOS Server logs a default set of important events in the file /var/log/openafs/BosLog. To record the
name of any user who performs a privileged bos command (one that requires being listed in the
/etc/openafs/server/UserList file), add the -log flag. To display the contents of the BosLog file, use
the bos getlog command.
The first time that the BOS Server initializes on a server machine, it creates several files and
subdirectories in the local /usr/afs directory, and sets their mode bits to protect them from
unauthorized access. Each time it restarts, it checks that the mode bits still comply with the settings
listed in the following chart. A question mark indicates that the BOS Server initially turns off the bit
(sets it to the hyphen), but does not check it at restart.
/usr/afs drwxr?xr-x
/var/lib/openafs/backup drwx???---
/usr/lib/openafs drwxr?xr-x
/var/lib/openafs/db drwx???---
/etc/openafs/server drwxr?xr-x
/etc/openafs/server/KeyFile -rw????---
/etc/openafs/server/UserList -rw?????--
/var/lib/openafs/local drwx???---
/var/log/openafs drwxr?xr-x
If the mode bits do not comply, the BOS Server writes the following warning to the BosLog file:
Bosserver reports inappropriate access on server directories
However, the BOS Server does not reset the mode bits, so the administrator can set them to alternate
values if desired (with the understanding that the warning message then appears at startup).
This command does not use the syntax conventions of the AFS command suites. Provide the command name and
all option names in full.
OPTIONS
-noauth
Turns off all authorization checks, and allows all connecting users to act as administrators, even
unauthenticated users. The use of this option is inherently insecure, and should only be used in
controlled environments for experimental or debug purposes. See NoAuth(5).
-log
Records in the /var/log/openafs/BosLog file the names of all users who successfully issue a
privileged bos command (one that requires being listed in the /etc/openafs/server/UserList file).
-cores=none|<path>
The argument none turns off core file generation. Otherwise, the argument is a path where core files
will be stored.
-auditlog <log path>
Turns on audit logging, and sets the path for the audit log. The audit log records information about
RPC calls, including the name of the RPC call, the host that submitted the call, the authenticated
entity (user) that issued the call, the parameters for the call, and if the call succeeded or failed.
-audit-interface (file | sysvmq)
Specifies what audit interface to use. Defaults to "file". See fileserver(8) for an explanation of
each interface.
-enable_peer_stats
Activates the collection of Rx statistics and allocates memory for their storage. For each connection
with a specific UDP port on another machine, a separate record is kept for each type of RPC
(FetchFile, GetStatus, and so on) sent or received. To display or otherwise access the records, use
the Rx Monitoring API.
-enable_process_stats
Activates the collection of Rx statistics and allocates memory for their storage. A separate record
is kept for each type of RPC (FetchFile, GetStatus, and so on) sent or received, aggregated over all
connections to other machines. To display or otherwise access the records, use the Rx Monitoring API.
-allow-dotted-principals
By default, the RXKAD security layer will disallow access by Kerberos principals with a dot in the
first component of their name. This is to avoid the confusion where principals user/admin and
user.admin are both mapped to the user.admin PTS entry. Sites whose Kerberos realms don't have these
collisions between principal names may disable this check by starting the server with this option.
-restricted
In normal operation, the bos server allows a super user to run any command. When the bos server is
running in restricted mode (either due to this command line flag, or when configured by
bos_setrestricted(8)) a number of commands are unavailable. Note that this flag persists across
reboots. Once a server has been placed in restricted mode, it can only be opened up by sending the
SIGFPE signal.
-rxmaxmtu <bytes>
Sets the maximum transmission unit for the RX protocol.
-rxbind
Bind the Rx socket to the primary interface only. If not specified, the Rx socket will listen on all
interfaces.
-syslog[=<facility>]>
Specifies that logging output should go to syslog instead of the normal log file. -syslog=facility
can be used to specify to which facility the log message should be sent.
-transarc-logs
Use Transarc style logging features. Rename the existing log file /var/log/openafs/BosLog to
/var/log/openafs/BosLog.old when the bos server is restarted. This option is provided for
compatibility with older versions.
-pidfiles[=<path>]
Create a one-line file containing the process id (pid) for each non-cron process started by the BOS
Server. This file is removed by the BOS Server when the process exits. The optional <path> argument
specifies the path where the pid files are to be created. The default location is
"/var/lib/openafs/local".
The name of the pid files for "simple" BOS Server process types are the BOS Server instance name
followed by ".pid".
The name of the pid files for "fs" and "dafs" BOS Server process types are the BOS Server type name,
"fs" or "dafs", followed by the BOS Server core name of the process, followed by ".pid". The pid
file name for the "fileserver" process is "fs.file.pid". The pid file name for the "volserver" is
"fs.vol.pid".
BOS Server instance names are specfied using the bos create command. See bos_create for a
description of the BOS Server process types and instance names.
-nofork
Run the BOS Server in the foreground. By default, the BOS Server process will fork and detach the
stdio, stderr, and stdin streams.
-help
Prints the online help for this command. All other valid options are ignored.
EXAMPLES
The following command initializes the BOS Server and logs the names of users who issue privileged bos
commands.
% bosserver -log
PRIVILEGE REQUIRED
The issuer most be logged onto a file server machine as the local superuser "root".
SEE ALSO
BosConfig(5), BosLog(5), bos(8), bos_create(8), bos_exec(8), bos_getlog(8), bos_getrestart(8),
bos_restart(8), bos_setrestricted(8), bos_shutdown(8), bos_start(8), bos_startup(8), bos_status(8),
bos_stop(8)
COPYRIGHT
IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.
This documentation is covered by the IBM Public License Version 1.0. It was converted from HTML to POD
by software written by Chas Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth
Cassell.
OpenAFS 2025-05-19 BOSSERVER(8)