skabus
Software
skarnet.org

The skabus-rpcd program

skabus-rpcd is the serving part of the skabus-rpc-daemon RPC mapper daemon. It assumes that its stdin is a bound and listening Unix domain socket; it accepts connections from clients connecting to that socket, and transmits messages between clients.

Overview and terminology

Interface

     skabus-rpcd [ -1 ] [ -v verbosity ] [ -c maxconn ] [ -t clienttimeout ] [ -T lameducktimeout ] [ -i rulesdir | -x rulesfile ] [ -S | -s ] [ -J | -j ]

Operation

skabus-rpcd only performs low-level operations and message routing. Client identifiers, interface names and queries are strings or arrays of bytes - they are not structured. It's up to the client programs to decide on a structure for the queries, a protocol between qclient and rclient.

Options

Signals

Configuration

Before running skabus-rpcd (or its wrapper skabus-rpc-daemon), it is necessary to configure it. This is done by a series of rules, or ruleset, stored in either a rulesfile in the CDB format, or in a rulesdir, i.e. a directory in the filesystem following a certain format. skabus-rpcd will refuse to run if neither the -i nor the -x option has been provided.

Rulesets can be converted between the rulesdir and rulesfile formats with the s6-accessrules-cdb-from-fs and s6-accessrules-fs-from-cdb conversion tools.

Rules format

The rules file, or rules directory, follows the s6 accessrules format for uid and gid checking. For every connecting client, skabus-rpcd matches the uid and gid of the client against the provided ruleset, and determines what the client is authorized to do.

By default, no client is allowed to do anything - not even connect to the server. Even root, the super-user, will be denied access. That is why it is essential to create a sensible ruleset prior to running the server in order to do anything useful.

Here is how to configure a rulesdir for a client running as uid u. It is also possible to configure rules for clients running under gid g by replacing uid/u with gid/g il all the examples below. The default behaviour can be configured under uid/default. It is also possible to use a rulesfile instead by writing a rulesdir and converting it to a rulesfile with the s6-accessrules-cdb-from-fs program.

Notes