Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

bos_setrestricted(8) [centos man page]

BOS_SETRESTRICTED(8)					       AFS Command Reference					      BOS_SETRESTRICTED(8)

NAME

       bos_setrestricted - place a server in restricted mode

SYNOPSIS

       bos setrestricted -server <machine name> -mode 1
	   [-cell <cell name>] [-noauth] [-localauth] [-help]

DESCRIPTION

       The bos restricted command places the server in restricted mode. This mode increases the security of the bos server by removing access to a
       number of bos commands that are only used whilst configuring a system.

       When a server is in restricted mode, access to bos_exec, bos uninstall, bos install, bos create, bos install, bos delete, bos prune is
       denied, and the use of bos getlog is limited.

CAUTIONS

       Once a server has been placed in restricted mode, it may not be opened up again using a remote command. That is, bos setrestricted has no
       method of setting an unrestricted mode. Once a server is restricted, it can only be opened up again by sending it a SIGFPE, which must be
       done as root on the local machine.

OPTIONS

       -server <machine name>
	   Indicates the server machine to restrict.

       -cell <cell name>
	   Names the cell in which to run the command. Do not combine this argument with the -localauth flag. For more details, see bos(8).

       -noauth
	   Assigns the unprivileged identity "anonymous" to the issuer. Do not combine this flag with the -localauth flag. For more details, see
	   bos(8).

       -localauth
	   Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. The bos command interpreter presents the ticket
	   to the BOS Server during mutual authentication. Do not combine this flag with the -cell or -noauth options. For more details, see
	   bos(8).

       -help
	   Prints the online help for this command. All other valid options are ignored.

PRIVILEGE REQUIRED

       The issuer must be listed in the /etc/openafs/server/UserList file on the machine named by the -server argument, or must be logged in as
       the local superuser "root" if the -localauth flag is included.

       As noted above, this command cannot be run against servers which are already in restricted mode.

SEE ALSO

       bos(8)

COPYRIGHT

       Copyright 2009 Simon Wilkinson <simon@sxw.org.uk>

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Simon Wilkinson for
       OpenAFS.

OpenAFS 							    2012-03-26						      BOS_SETRESTRICTED(8)

Check Out this Related Man Page

BOS_SETRESTRICTED(8)					       AFS Command Reference					      BOS_SETRESTRICTED(8)

NAME

       bos_setrestricted - place a server in restricted mode

SYNOPSIS

       bos setrestricted -server <machine name> -mode 1
	   [-cell <cell name>] [-noauth] [-localauth] [-help]

DESCRIPTION

       The bos restricted command places the server in restricted mode. This mode increases the security of the bos server by removing access to a
       number of bos commands that are only used whilst configuring a system.

       When a server is in restricted mode, access to bos_exec, bos uninstall, bos install, bos create, bos install, bos delete, bos prune is
       denied, and the use of bos getlog is limited.

CAUTIONS

       Once a server has been placed in restricted mode, it may not be opened up again using a remote command. That is, bos setrestricted has no
       method of setting an unrestricted mode. Once a server is restricted, it can only be opened up again by sending it a SIGFPE, which must be
       done as root on the local machine.

OPTIONS

       -server <machine name>
	   Indicates the server machine to restrict.

       -cell <cell name>
	   Names the cell in which to run the command. Do not combine this argument with the -localauth flag. For more details, see bos(8).

       -noauth
	   Assigns the unprivileged identity "anonymous" to the issuer. Do not combine this flag with the -localauth flag. For more details, see
	   bos(8).

       -localauth
	   Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. The bos command interpreter presents the ticket
	   to the BOS Server during mutual authentication. Do not combine this flag with the -cell or -noauth options. For more details, see
	   bos(8).

       -help
	   Prints the online help for this command. All other valid options are ignored.

PRIVILEGE REQUIRED

       The issuer must be listed in the /etc/openafs/server/UserList file on the machine named by the -server argument, or must be logged in as
       the local superuser "root" if the -localauth flag is included.

       As noted above, this command cannot be run against servers which are already in restricted mode.

SEE ALSO

       bos(8)

COPYRIGHT

       Copyright 2009 Simon Wilkinson <simon@sxw.org.uk>

       This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Simon Wilkinson for
       OpenAFS.

OpenAFS 							    2012-03-26						      BOS_SETRESTRICTED(8)
Man Page