OKS database server configuration file



Syntax

The configuration file is composed of several sections identified by a section name and containing zero, one or more parameters. Sections are often separated with an empty line ( not required ) and may be repeated several times. A parameter makes part of only one section at a time and can be repeated several times; in this case, only the latest parameter value is taken into account.

A section begins which a section name put between square brackets and ends at the next section or at the end of file. Only one parameter per line is allowed and lines beginning by a # are ignored. Parameters and values are separated by spaces or tabs.
 

 
GENERAL section

 
userid    <login-name> or <userid>

This parameter allows the process to set its effective and real user IDs to the one specified as value. Either a login name or a userid can be specified. By default, the server keeps the privileges of the user running the process.

By changing its effective and real user IDs the process can be run with lower privileges. It means that you can restrict the files and resources the server can access.

Example

userid    oks
This will set the process effective and real user IDs to the user OKS.


  This parameter is ignored when the process is restarted: you will need to stop and start it after if you want to apply your changes.

Note that you may need to be the super user to use this fonctionality.

 
chroot    <path>

Under normal circumstances the process is run under the current directory. However, for security reasons, administrators used to run processes under a restricted environment reducing the risks of damage in case of break-in through process bugs or misconfigurations.

This parameter allows the process to change its root directory to the one specified as value. This change is done very early in the process and its means that further references to files have to take this into account.

Example

chroot    /usr/local/oks
This will set the current root directory to the OKS directory.

This parameter is ignored when the process is restarted: you will need to stop and start it after if you want to apply your changes.

Attention Solaris users : on this system, the socket system call used by this process needs to access the /dev/tcp device in order to run properly. The access to this device can still be granted via the following commands :

# mkdir /usr/local/oks/dev
# mknod /usr/local/oks/dev/tcp c 11 42
# chmod 755 /usr/local/oks/dev/tcp

Note that you may need to be the super user to use this fonctionality.

 
bindaddress    <ipaddress> or <fully qualified host name>

This parameter allows you to set the ip address on which your OKS database server listens to establish TCP connections with the OKS gateways. Either a dotted ip address or a fully qualified host name can be specified. The later case will cause the process to resolve the host name into an ip address.  By default this bind address is configured during the installation.

Example

bindaddress    127.0.0.1
This will set the process ip address to the localhost address.
With this value only the processes on the local machine will be
able to access the server.


Note that it is possible the modify the process's ip address when it is running just by editing the configuration file and restarting the process.

Specifying an IP address different from the machine's ip addresses needs super-user privileges.
 

bindport    <port number>

This parameter sets the port on which the process listens to establish TCP connections with the OKS gateways. By default this bind port number is 11372.

Example

bindport    9999
This will set the process port number to 9999. Combined with the
process bind address, it uniquely identify the process on the network.


Note that it is possible to set the process's port number when it is running just by editing the configuration file and restarting the process.

  Specifying a port number lower than 1024 needs super-user privileges.

 
syslogfacility    <facility>

This parameter sets the syslog facility the process will use to log its messages. The facility value can be one of the followings : auth, authpriv, cron, daemon, kern, lpr, mail, news, security, syslog, user, uucp, and local0 through local7.
Please refer to the syslog manual on how to use and configure syslog. By default, the process uses the local0 facility.

Example

syslogfacility    local0
This will set the syslog facility the process will use to local0.
You still need to configure syslogd to store local0 messages as you want.


Note that if you use the chroot parameter in the configuration file, you will not be able to change the process syslog facility by restarting the process. In this case, shutdown the server and start it again.
 

pausedelay    <seconds>

This parameter sets the delay the process will wait when an error condition occurs during the restarting of the process. The delay is expressed in seconds.

Example

pausedelay    30
This will set the pause delay to 30 seconds.


 
DATABASE section


databasename    <string>

This parameter sets the name of the database the process will use. This name will be used in conjonction with the database directory to retrieve the database on the disk.

Example

databasename    sample
This makes that the server searches for a database named sample in
the database directory.


Note that the server closes its database when it is restarted. It means you can change the database just by editing the OKS database server configuration file and restarting it.

 
databasedir    <path>

This parameter sets the directory where the process searches for the database specified in the databasename parameter. This directory has to be at least executable with the process priviliges.

Example

databasedir    /usr/local/oks/var/db
This makes the server searching in the directory /usr/local/oks/var/db
for its database.


  If you make the server running into a chrooted environment, don't forget that absolute pathnames are computed from the current process root directory. It means that /usr/local/oks/var/db must become /var/db if you configure the chroot parameter as /usr/local/oks.

 
recoverdir    <path>

This parameter enables the generation of database recovery files and sets the directory where the database server will store them. This directory has to be at least writable and executable with the process privilges.

Example

recoverdir    /usr/local/oks/var/recover
This makes the server writing its recovery files into the 
/usr/local/oks/var/recover directory.

  If you make the server running into a chrooted environment, don't forget that absolute pathnames are computed from the current process root directory. It means that /usr/local/oks/var/recover must become /var/recoverif you configure the chroot parameter as /usr/local/oks.
 


 
Configuration file example

[general]
userid          oks
chroot          /usr/local/oks
bindaddress     127.0.0.1
bindport        11372
syslogfacility  local0
pausedelay      30


[database]
databasename    test
databasedir     /var/db
recoverdir      /var/recover