=head1 NAME bos_setrestricted - place a server in restricted mode =head1 SYNOPSIS =for html
B S<<< B<-server> > >>> S<<< B<-mode> 1 >>> S<<< [B<-cell> >] >>> [B<-noauth>] [B<-localauth>] [B<-help>] =for html
=head1 DESCRIPTION The B command places the server in restricted mode. This mode increases the security of the bos server by removing access to a number of bos commands that are only used whilst configuring a system. When a server is in restricted mode, access to B, B, B, B, B, B, B is denied, and the use of B is limited. =head1 CAUTIONS Once a server has been placed in restricted mode, it may not be opened up again using a remote command. That is, B has no method of setting an unrestricted mode. Once a server is restricted, it can only be opened up again by sending it a SIGFPE, which must be done as root on the local machine. =head1 OPTIONS =over 4 =item B<-server> > Indicates the server machine to restrict. =item B<-cell> > Names the cell in which to run the command. Do not combine this argument with the B<-localauth> flag. For more details, see L. =item B<-noauth> Assigns the unprivileged identity C to the issuer. Do not combine this flag with the B<-localauth> flag. For more details, see L. =item B<-localauth> Constructs a server ticket using a key from the local F file. The B command interpreter presents the ticket to the BOS Server during mutual authentication. Do not combine this flag with the B<-cell> or B<-noauth> options. For more details, see L. =item B<-help> Prints the online help for this command. All other valid options are ignored. =back =head1 PRIVILEGE REQUIRED The issuer must be listed in the F file on the machine named by the B<-server> argument, or must be logged in as the local superuser C if the B<-localauth> flag is included. As noted above, this command cannot be run against servers which are already in restricted mode. =head1 SEE ALSO L =head1 COPYRIGHT Copyright 2009 Simon Wilkinson This documentation is covered by the BSD License as written in the doc/LICENSE file. This man page was written by Simon Wilkinson for OpenAFS.