skabus
Software
skarnet.org

The skabus-dynteed program

skabus-dynteed is the serving part of the skabus-dyntee program. It assumes that one of its file descriptors (3 or above) is a bound, listening, non-blocking domain socket; it accepts connections from clients connecting to that socket, and copies its stdin stream to all its clients.

Interface

     skabus-dynteed [ -1 ] [ -c maxconn ] [ -t clienttimeout ] [ -T lameducktimeout ] [ -i rulesdir | -x rulesfile ]

Options

Signals

Configuration

skabus-dynteed (or its wrapper skabus-dyntee) can be instructed not to accept every client. This is achieved via a series of rules, or ruleset, stored in either a rulesfile in the CDB format, and given to skabus-dynteed with the -x option, or in a rulesdir, i.e. a directory in the filesystem following a certain format, and given to skabus-dynteed with the -i option. If neither the -i nor the -x option has been provided, skabus-dynteed will accept connections from any client.

Rulesets can be converted between the rulesdir and rulesfile formats with the s6-accessrules-cdb-from-fs and s6-accessrules-fs-from-cdb conversion tools.

Rules format

The rules file, or rules directory, follows the s6 accessrules format for uid and gid checking. For every connecting client, skabus-dynteed matches the uid and gid of the client against the provided ruleset, and determines whether the client is authorized or not to connect. The right to connect is given if an allow file is found in one of the subdirectories checked by s6_accessrules_keycheck_uidgid. For instance, to allow everyone to connect, touch rulesdir/uid/default/allow.

If a rulesfile or rulesdir has been provided to skabus-dynteed, and the client's uid and gid match no rule in the ruleset, then the connection is denied.

Notes