The skabus-dynteed program
skabus-dynteed is the serving part of the
It assumes that one of its file descriptors (3 or above) is a
bound, listening, non-blocking domain socket;
it accepts connections from clients connecting to that socket,
and copies its stdin stream to all its clients.
skabus-dynteed [ -1 ] [ -c maxconn ] [ -t clienttimeout ] [ -T lameducktimeout ] [ -i rulesdir | -x rulesfile ]
- skabus-dynteed accepts connections from clients to an already
bound and listening SOCK_STREAM Unix domain socket, by default on
its file descriptor 3.
- It runs until it receives a SIGTERM or until it reads EOF
on its stdin. In that case, it stops accepting new client connections,
and exits 0 when all clients have read their pending data.
- Client connections last as long as the client wants to, unless an
error occurs, or unless the server is told to exit - in which cases
skabus-dynteed forcibly disconnects the client.
- Clients cannot write anything to skabus-dynteed. They can only
read a stream of bytes on their socket, which is a copy of what
skabus-dynteed reads on its standard input.
- -1 : write a newline to stdout, and close stdout,
right before entering the client-accepting loop.
If stdout is suitably redirected, this can be used by monitoring
programs to check when the server is accepting connections. See
for more information on readiness notification.
- -c maxconn : accept at most
maxconn concurrent connections. Default is 40. It is
impossible to set it higher than the value of the SKABUS_DYNTEE_MAX macro,
- -t clienttimeout : disconnect a client
if it has not read its pending data after clienttimeout milliseconds.
By default, clienttimeout is 0, which means infinite.
- -T lameducktimeout : give clients
lameducktimeout milliseconds to read their pending data when
skabus-dynteed is going to exit.
By default, lameducktimeout is 0, which means infinite.
- -x rulesfile : read access rights
- -i rulesdir : read access rights
configuration from the filesystem in directory rulesdir.
- SIGTERM: enter lameduck mode, then exit when all clients have
read their pending data (or lameducktimeout milliseconds have
- SIGHUP: reopen rulesfile, if skabus-dynteed has been run
with the -x option. It is not necessary to send skabus-dynteed
a SIGHUP when the -i option is used instead: configuration
changes in the filesystem are automatically picked up.
skabus-dynteed (or its wrapper skabus-dyntee)
can be instructed not to accept every client. This is achieved
via a series of rules, or ruleset, stored in either a
rulesfile in the
and given to skabus-dynteed with the -x option,
or in a rulesdir, i.e. a directory in the filesystem following a
certain format, and given to skabus-dynteed with the -i option.
If neither the -i nor the -x option has been provided,
skabus-dynteed will accept connections from any client.
Rulesets can be converted between the rulesdir and
rulesfile formats with the
The rules file, or rules directory, follows the
s6 accessrules format for uid and
gid checking. For every connecting client, skabus-dynteed matches the uid
and gid of the client against the provided ruleset, and determines whether
the client is authorized or not to connect.
The right to connect is given if an
allow file is found in one of the subdirectories checked by
For instance, to allow everyone to connect, touch
If a rulesfile or rulesdir has been provided to
skabus-dynteed, and the client's uid and gid match no rule in the
ruleset, then the connection is denied.
- skabus-dynteed is meant to be execve'd into by a program that gets
the listening socket. That program is normally
which creates the socket itself; but it can be a different one if the
socket is to be obtained by another means, for instance if it has
been retrieved from a fd-holding daemon.
- Clients can plug into the data stream at any time. The data stream
should have a format making it easy for clients to synchronize with it.
- The simplest way of connecting to a skabus-dynteed instance and
reading the data stream is via the