System Administration Commands sac(1M)
NAME
sac - service access controller
SYNOPSIS
sac -t sanityinterval
/usr/lib/saf/sac
DESCRIPTION
The Service Access Controller (SAC) is the overseer of the
server machine. It is started when the server machine enters
multiuser mode. The SAC performs several important functions
as explained below.
Customizing the SAC Environment
When sac is invoked, it first looks for the per-system con-
figuration script /etc/saf/sysconfig. sac interprets sys-
config to customize its own environment. The modifications
made to the SAC environment by sysconfig are inherited by
all the children of the SAC. This inherited environment may
be modified by the children.
Starting Port Monitors
After it has interpreted the sysconfig file, the sac reads
its administrative file /etc/saf/sactab. sactab specifies
which port monitors are to be started. For each port monitor
to be started, sac forks a child (see fork(2)) and creates a
utmpx entry with the type field set to LOGINPROCES. Each
child then interprets its per-port monitor configuration
script /etc/saf/pmtag/config , if the file exists. These
modifications to the environment affect the port monitor
and will be inherited by all its children. Finally, the
child process execs the port monitor, using the command
found in the sactab entry. (See sacadm; this is the com-
mand given with the -c option when the port monitor is added
to the system.)
Polling Port Monitors to Detect Failure
The -t option sets the frequency with which sac polls the
port monitors on the system. This time may also be thought
of as half of the maximum latency required to detect that a
port monitor has failed and that recovery action is neces-
sary.
Administrative functions
The Service Access Controller represents the administrative
point of control for port monitors. Its administrative tasks
are explained below.
SunOS 5.11 Last change: 23 Oct 2002 1
System Administration Commands sac(1M)
When queried (sacadm with either -l or -L), the Service
Access Controller returns the status of the port monitors
specified, which sacadm prints on the standard output. A
port monitor may be in one of six states:
ENABLED The port monitor is currently running and is
accepting connections. See sacadm(1M) with the
-e option.
DISABLED The port monitor is currently running and is
not accepting connections. See sacadm with the
-d option, and see NOTRUNING, below.
STARTING The port monitor is in the process of starting
up. STARTING is an intermediate state on the
way to ENABLED or DISABLED.
FAILED The port monitor was unable to start and
remain running.
STOPING The port monitor has been manually terminated
but has not completed its shutdown procedure.
STOPING is an intermediate state on the way
to NOTRUNING.
NOTRUNING The port monitor is not currently running.
(See sacadm with -k.) This is the normal "not
running" state. When a port monitor is killed,
all ports it was monitoring are inaccessible.
It is not possible for an external user to
tell whether a port is not being monitored or
the system is down. If the port monitor is not
killed but is in the DISABLED state, it may be
possible (depending on the port monitor being
used) to write a message on the inaccessible
port telling the user who is trying to access
the port that it is disabled. This is the
advantage of having a DISABLED state as well
as the NOTRUNING state.
When a port monitor terminates, the SAC removes the utmpx
entry for that port monitor.
SunOS 5.11 Last change: 23 Oct 2002 2
System Administration Commands sac(1M)
The SAC receives all requests to enable, disable, start, or
stop port monitors and takes the appropriate action.
The SAC is responsible for restarting port monitors that
terminate. Whether or not the SAC will restart a given port
monitor depends on two things:
o The restart count specified for the port monitor
when the port monitor was added by sacadm; this
information is included in /etc/saf/pmtag/sactab.
o The number of times the port monitor has already
been restarted.
SECURITY
sac uses pam(3PAM) for session management. The PAM confi-
guration policy, listed through /etc/pam.conf, specifies the
session management module to be used for sac. Here is a par-
tial pam.conf file with entries for sac using the UNIX ses-
sion management module.
sac session required pamunixsession.so.1
If there are no entries for the sac service, then the
entries for the "other" service will be used.
OPTIONS
-t sanityinterval Sets the frequency (sanityinterval)
with which sac polls the port monitors
on the system.
FILES
/etc/saf/sactab
/etc/saf/sysconfig
/var/adm/utmpx
/var/saf/log
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 23 Oct 2002 3
System Administration Commands sac(1M)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsu
SEE ALSO
pmadm(1M), sacadm(1M), fork(2) pam(3PAM), pam.conf(4),
attributes(5), pamauthtokcheck(5), pamauthtokget(5),
pamauthtokstore(5), pamdhkeys(5), pampasswdauth(5),
pamunixaccount(5), pamunixauth(5), pamunixsession(5)
NOTES
The pamunix(5) module is no longer supported. Similar func-
tionality is provided by pamauthtokcheck(5),
pamauthtokget(5), pamauthtokstore(5), pamdhkeys(5),
pampasswdauth(5), pamunixaccount(5), pamunixauth(5),
and pamunixsession(5).
SunOS 5.11 Last change: 23 Oct 2002 4
|
