| www.delorie.com/gnu/docs/cfengine/cfengine-Reference_123.html | search |
 Buy GNU books! | |
| www.delorie.com/gnu/docs/cfengine/cfengine-Reference_123.html | search |
|
Buy GNU books! | |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
4.1 control 4.2 admit, grant and deny 4.3 cfrun4.4 Firewalls and NATs
The server daemon is controlled by a file called `cfservd.conf'. The syntax of this configuration file is deliberately modelled on cfengine's own configuration file, but despite the similarities, they are separate.
You can use groups and import in both files
to break up files into convenient modules and to import
common resources, such as lists of groups.
Note that the classes in the `cfservd.conf' file do not tell you the
classes of host which have access to files and directories, but rather
which classes of host pay attention to the access and deny commands when
the file is parsed.
Authentication is not by class or group but by hostname, like the `/etc/exports' file on most Unix systems. The syntax for the file is as follows:
control:
classes::
domain = ( DNS-domain-name )
cfrunCommand = ( "script/filename" ) # Quoted
MaxConnections = ( maximum number of forked daemons )
ChecksumDatabase = ( filename )
IfElapsed = ( time-in-minutes )
DenyBadClocks = ( false )
AllowConnectionsFrom = ( IP numbers )
DenyConnectionsFrom = ( IP numbers )
AllMultipleConnectionsFrom = ( IP numbers )
TrustKeysFrom = ( IP numbers )
AllowUsers = ( mark systemuser )
LogAllConnections = ( false/true )
SkipVerify = ( IP numbers )
DynamicAddresses = ( IP numbers )
groups:
Group definitions
import:
Files to import
admit: | grant:
classes::
/file-or-directory
wildcards/hostnames
deny:
classes::
/file-or-directory
wildcards/hostnames root=hostlist encrypt=true/on
|
The file consists of a control section and access information.
| webmaster donations bookstore | delorie software privacy |
| Copyright © 2003 by The Free Software Foundation | Updated Jun 2003 |