fam(1m,3)(1M) fam(1m,3)(1M) NAME fam(1m,3) - file(1,n) alteration monitor SYNOPSIS /usr/etc/fam(1m,3) [ -f | -v | -d ] [ -l | -t NFS_polling_interval ] [ -T idle_timeout ] [ -p program.version(1,3,5) ] [ -L ] [ -C ] [ -c config_file ] DESCRIPTION fam(1m,3) is a server that tracks changes to the filesystem and relays these changes to interested applications. Applications such as fm(1G) and mailbox(1) present an up-to-date view of the filesystem. In the absence of fam(1m,3), these applications and others like them are forced to poll the filesystem to detect changes. fam(1m,3) is more efficient. Applications can request fam(1m,3) to monitor any files or directories in(1,8) any filesystem. When fam(1m,3) detects changes to monitored files, it notifies the appropriate application. The FAM API provides a programmatic interface to fam(1m,3); see fam(1m,3)(3X). fam(1m,3) is informed of filesystem changes as they happen by the kernel through the imon(7M) pseudo device driver. If asked to monitor files on an NFS mounted filesystem, fam(1m,3) tries to use fam(1m,3) on the NFS server to monitor files. If fam(1m,3) cannot contact a remote fam(1m,3), it polls the files instead. fam(1m,3) also polls special files. Normally, fam(1m,3) is started by inetd(1M). It is registered with portmap(1M) as performing the sgi_fam service. OPTIONS -l Disable polling of NFS files. It does not disable use of remote fam(1m,3) on NFS servers, nor does it disable polling of local files. -t NFS_polling_interval Set the interval for polling files to NFS_polling_interval seconds. The default is six seconds. -T idle_timeout Set the idle timeout(1,3x,3x cbreak) interval to idle_time- out. fam(1m,3) exits idle_timeout seconds after its last client disconnects. A value of 0 causes fam(1m,3) to wait indefinitely for new con- nections. The default is five seconds. -f Remain in(1,8) the foreground instead of spawning a child and exiting. This option is ignored if(3,n) fam(1m,3) is started by inetd. -v Turn on verbose messages. -d Enable verbose messages and debug messages. -p program.version(1,3,5) Use the specified RPC program and version(1,3,5) numbers. -L Local-only mode. fam(1m,3) will only accept(2,8) requests from clients running on the local machine. This overrides the local_only flag in(1,8) the configuration file. This option is ignored if(3,n) fam(1m,3) is started by inetd. -C Compatibility mode. This disables authenti- cation and reduces access(2,5) security as described under SECURITY below. This over- rides the insecure_compatibility flag in(1,8) the configuration file. -c config_file Read configuration information from the given file(1,n) rather than the default, which is /etc/fam.conf. CONFIGURATION FILE In addition to its command-line options, fam(1m,3)'s behavior can also be controlled through its configuration file. By default, this is /etc/fam.conf; the -c command-line option can be used to specify an alternate file. Configuration lines are in(1,8) the format option=value. Lines beginning with # or ! are ignored. fam(1m,3) recognizes the following options: insecure_compatibility If set(7,n,1 builtins) to true, this disables authentication and reduces access(2,5) security as described under SECURITY below. This is false by default. Setting this option to true is the same as using the -C command-line option. untrusted_user This is the user name or UID of the user account which fam(1m,3) will use for unauthenti- cated clients. If a file(1,n) can't be stat(1,2)'ed by this user, fam(1m,3) will not tell unauthenticated clients about the file(1,n)'s existence. If an untrusted user is not given in(1,8) the configura- tion file(1,n), fam(1m,3) will write(1,2) an error(8,n) message to the system log and terminate. local_only If set(7,n,1 builtins) to true, fam(1m,3) will ignore requests from remote fam(1m,3)s. This is false by default. Set- ting this option to true is the same as using the -L command-line option. This option is ignored if(3,n) fam(1m,3) is started by inetd. idle_timeout This is the time(1,2,n) in(1,8) seconds that fam(1m,3) will wait before exiting after its last client disconnects. The default is five seconds. This option is overridden by the -T command- line option. nfs_polling_interval This is the interval in(1,8) seconds between polling files over an NFS filesystem. The default is six seconds. This option is over- ridden by the -t command-line option. xtab_verification If set(7,n,1 builtins) to true, fam(1m,3) will check the list of exported filesystems when remote requests are received to verify(1,8) that the requests fall on filesystems which are exported to the requesting hosts. This is true by default. If this option is set(7,n,1 builtins) to false, fam(1m,3) will ser- vice remote requests without attempting to perform the verification. If the local_only configuration option or -L command-line option is used, xtab_verification has no effect. SECURITY For backward compatibility, the -C command-line option and inse- cure_compatibility configuration option can be used to disable authen- tication. Configuring fam(1m,3) this way opens a publically known security weakness whereby a "rogue client" can obtain the names of all the files and directories on the system. Note that fam(1m,3) never opens the files it's monitoring, and cannot be used by a rogue client to read(2,n,1 builtins) the contents of any file(1,n) on the system. fam(1m,3) only gives out the names of monitored files, and only monitors files which the client can stat(1,2)(1M). Users can stat(1,2) a file(1,n) without having read(2,n,1 builtins) permission on it as long as they have search permission on the directory containing it. FILES /etc/fam.conf SEE ALSO inetd(1M), portmap(1M), fam(1m,3)(3X), imon(7M), stat(1,2)(1M). Silicon Graphics 0a