Introduction to the bos command suite
Options
The following options are used with many bos commands. They are also listed with the commands that use them.
-server machine
Names the machine running the BOS Server that is to execute the command. To run a privileged bos command (a bos command that requires
the issuer to have some level of administrative privilege) using a privileged identity, always specify the full DCE path name of the machine (for example, /.../abc.com/hosts/fs1).
To run an unprivileged bos command, you can use any of the following to specify the machine:
· The machine's DCE path name (for example, /.../abc.com/hosts/fs1)
· The machine's host name (for example, fs1.abc.com or fs1)
· The machine's IP address (for example, 11.22.33.44)
Note: If you specify the host name or IP address of the machine, the command executes using the unprivileged identity nobody (the equivalent of running the command with the -noauth option); unless DFS authorization checking is disabled on the specified machine, a privileged bos command issued in this manner fails. If you specify the machine's host name or IP address, the command displays the following message (using the -noauth option suppresses the message):
bos: WARNING: short form for server used; no authentication
information will be sent to the bosserver
-noauth
Directs the bos program to use the unprivileged identity nobody as the identity of the issuer of the command. Generally, the -noauth option
is included with a command if DFS authorization checking is disabled on the server machine whose BOS Server is to execute the command or if the Security Service is unavailable. If DFS authorization
checking is disabled, the BOS Server requires no administrative privilege to issue any command; any user, even the identity nobody, has sufficient privilege to perform any operation. If the
Security Service is unavailable, a user's security credentials cannot be obtained.
DFS authorization checking is disabled with the bos setauth command or by including the -noauth option when the bosserver process is started on a machine. DFS authorization checking is typically disabled
· During initial DFS installation
· If the Security Service is unavailable
· During server encryption key emergencies
· To view the actual keys stored in a keytab file
Include the -noauth option with a command that requires administrative privilege only if DFS authorization checking is disabled on the necessary machine. A command that requires administrative privilege fails if the -noauth option is included and DFS authorization checking is not disabled. If you use this option, do not use the -localauth option.
-localauth
Directs bos to use the DFS server principal of the machine on which the command is issued as the identity of the issuer. Each DFS server machine has a DFS
server principal stored in the Registry Database. A DFS server principal is a unique, fully qualified principal name that ends with the string dfs-server; for example,
/.../abc.com/hosts/fs1/dfs-server. (Do not confuse a machine's DFS server principal with its unique self identity.)
Use this option only if the command is issued from a DFS server machine. You must be logged into the server machine as root for this option to work. If you use this option, do not use the -noauth option.
-help
Prints the online help for the command. All other valid options specified with this option are ignored. For complete details about receiving help, see the
dfs_intro(8dfs) reference page.
Description
Commands in the bos command suite are used by system administrators to contact the Basic OverSeer (BOS) Server. The BOS Server runs on every DFS server
machine to monitor the other DFS server processes on the machine. It restarts processes automatically if they fail. The BOS Server also provides an interface through which system administrators can
start and stop processes and check on server status.
The files described in the following sections are used to store configuration, administrative, and security information.
More: