=for html
<div class="synopsis">
-B<bosserver> [B<-noauth>] [B<-log>] [B<-enable_peer_stats>]
- S<<< [B<-auditlog> <I<log path>>] >>> [B<-audit-interface> (file | sysvmq)]
- [B<-enable_process_stats>] [B<-allow-dotted-principals>] [B<-help>]
+B<bosserver>
+ S<<< [B<-noauth>] >>>
+ S<<< [B<-log>] >>>
+ S<<< [B<-enable_peer_stats>] >>>
+ S<<< [B<-auditlog> <I<log path>>] >>>
+ S<<< [B<-audit-interface> ( file | sysvmq )] >>>
+ S<<< [B<-enable_process_stats>] >>>
+ S<<< [B<-allow-dotted-principals>] >>>
+ S<<< [B<-cores>[=none|<I<path>>]] >>>
+ S<<< [B<-restricted>] >>>
+ S<<< [B<-rxmaxmtu> <I<bytes>>] >>>
+ S<<< [B<-rxbind>] >>>
+ S<<< [B<-syslog>[=<I<facility>>]>] >>>
+ S<<< [B<-pidfiles>[=<I<path>>]] >>>
+ S<<< [B<-nofork>] >>>
+ S<<< [B<-help>] >>>
=for html
</div>
=back
+The BOS Server is configured via the F<BosConfig> configuration file.
+Normally, this file is managed via the B<bos> command suite rather than
+edited directly. See the L<BosConfig(5)> man page for the syntax of this
+file.
+
+The BOS Server will rewrite B<BosConfig> when shutting down, so changes
+made manually to it will be discarded. Instead, to change the BOS Server
+configuration only for the next restart of B<bosserver>, create a file
+named F</usr/afs/local/BosConfig.new>. If B<BosConfig.new> exists when
+B<bosserver> starts, it is renamed to F</usr/afs/local/BosConfig>,
+removing any existing file by that name, before B<bosserver> reads its
+configuration.
+
The BOS Server logs a default set of important events in the file
F</usr/afs/logs/BosLog>. To record the name of any user who performs a
privileged B<bos> command (one that requires being listed in the
that the BOS Server initially turns off the bit (sets it to the hyphen),
but does not check it at restart.
+ /usr/afs drwxr?xr-x
+ /usr/afs/backup drwx???---
+ /usr/afs/bin drwxr?xr-x
+ /usr/afs/db drwx???---
+ /usr/afs/etc drwxr?xr-x
+ /usr/afs/etc/KeyFile -rw????---
+ /usr/afs/etc/UserList -rw?????--
+ /usr/afs/local drwx???---
+ /usr/afs/logs drwxr?xr-x
+
If the mode bits do not comply, the BOS Server writes the following
warning to the F<BosLog> file:
successfully issue a privileged B<bos> command (one that requires being
listed in the F</usr/afs/etc/UserList> file).
+=item B<-cores=>none|<I<path>>
+
+The argument none turns off core file generation. Otherwise, the
+argument is a path where core files will be stored.
+
=item B<-auditlog> <I<log path>>
-Turns on audit logging, and sets the path for the audit log.
+Turns on audit logging, and sets the path for the audit log. The audit
+log records information about RPC calls, including the name of the RPC
+call, the host that submitted the call, the authenticated entity (user)
+that issued the call, the parameters for the call, and if the call
+succeeded or failed.
=item B<-audit-interface> (file | sysvmq)
between principal names may disable this check by starting the server
with this option.
+=item B<-restricted>
+
+In normal operation, the bos server allows a super user to run any command.
+When the bos server is running in restricted mode (either due to this
+command line flag, or when configured by L<bos_setrestricted(8)>) a number
+of commands are unavailable. Note that this flag persists across reboots.
+Once a server has been placed in restricted mode, it can only be opened up
+by sending the SIGFPE signal.
+
+=item B<-rxmaxmtu> <I<bytes>>
+
+Sets the maximum transmission unit for the RX protocol.
+
+=item B<-rxbind>
+
+Bind the Rx socket to the primary interface only. If not specified, the
+Rx socket will listen on all interfaces.
+
+=item B<-syslog>[=<I<facility>>]>
+
+Specifies that logging output should go to syslog instead of the normal
+log file. B<-syslog>=I<facility> can be used to specify to which facility
+the log message should be sent.
+
+=item B<-pidfiles>[=<I<path>>]
+
+Create a one-line file containing the process id (pid) for each non-cron
+process started by the BOS Server. This file is removed by the BOS Server when
+the process exits. The optional <I<path>> argument specifies the path where
+the pid files are to be created. The default location is C</usr/afs/local>.
+
+The name of the pid files for C<simple> BOS Server process types are the BOS
+Server instance name followed by C<.pid>.
+
+The name of the pid files for C<fs> and C<dafs> BOS Server process types are
+the BOS Server type name, C<fs> or C<dafs>, followed by the BOS Server core
+name of the process, followed by C<.pid>. The pid file name for the
+C<fileserver> process is C<fs.file.pid>. The pid file name for the C<volserver>
+is C<fs.vol.pid>.
+
+BOS Server instance names are specfied using the B<bos create> command. See
+L<bos_create> for a description of the BOS Server process types and instance
+names.
+
+=item B<-nofork>
+
+Run the BOS Server in the foreground. By default, the BOS Server process will
+fork and detach the stdio, stderr, and stdin streams.
+
=item B<-help>
Prints the online help for this command. All other valid options are
The following command initializes the BOS Server and logs the names of
users who issue privileged B<bos> commands.
- % bosserver -log &
+ % bosserver -log
=head1 PRIVILEGE REQUIRED
L<bos_getlog(8)>,
L<bos_getrestart(8)>,
L<bos_restart(8)>,
+L<bos_setrestricted(8)>,
L<bos_shutdown(8)>,
L<bos_start(8)>,
L<bos_startup(8)>,