sac
Maintenance Commands sac(1M)
NAME
sac - service access controller
SYNOPSIS
sac -t sanity_interval
/usr/lib/saf/sac
DESCRIPTION
The Service Access Controller (SAC) is the overseer of the
server machine. It is started when the server machine enters
multiuser mode. The SAC performs several important functions
as explained below.
Customizing the SAC Environment
When sac is invoked, it first looks for the per-system con-
figuration script /etc/saf/_sysconfig. sac interprets _sys-
config to customize its own environment. The modifications
made to the SAC environment by _sysconfig are inherited by
all the children of the SAC. This inherited environment may
be modified by the children.
Starting Port Monitors
After it has interpreted the _sysconfig file, the sac reads
its administrative file /etc/saf/_sactab. _sactab specifies
which port monitors are to be started. For each port monitor
to be started, sac forks a child (see fork(2)) and creates a
utmpx entry with the type field set to LOGIN_PROCESS. Each
child then interprets its per-port monitor configuration
script /etc/saf/pmtag/_config , if the file exists. These
modifications to the environment affect the port monitor
and will be inherited by all its children. Finally, the
child process execs the port monitor, using the command
found in the _sactab entry. (See sacadm; this is the com-
mand given with the -c option when the port monitor is added
to the system.)
Polling Port Monitors to Detect Failure
The -t option sets the frequency with which sac polls the
port monitors on the system. This time may also be thought
of as half of the maximum latency required to detect that a
port monitor has failed and that recovery action is neces-
sary.
Administrative functions
The Service Access Controller represents the administrative
point of control for port monitors. Its administrative tasks
are explained below.
When queried (sacadm with either -l or -L), the Service
Access Controller returns the status
of the port monitors specified, which sacadm prints on the
SunOS 5.8 Last change: 11 Nov 1998 1
Maintenance Commands sac(1M)
standard output. A port monitor may be in one of six states:
ENABLED
The port monitor is currently running and is accepting
connections. See sacadm(1M) with the -e option.
DISABLED
The port monitor is currently running and is not
accepting connections. See sacadm with the -d option,
and see NOTRUNNING, below.
STARTING
The port monitor is in the process of starting up.
STARTING is an intermediate state on the way to
ENABLED or DISABLED.
FAILED
The port monitor was unable to start and remain run-
ning.
STOPPING
The port monitor has been manually terminated but has
not completed its shutdown procedure. STOPPING is an
intermediate state on the way to NOTRUNNING.
NOTRUNNING
The port monitor is not currently running. (See sacadm
with -k.) This is the normal "not running" state. When
a port monitor is killed, all ports it was monitoring
are inaccessible. It is not possible for an external
user to tell whether a port is not being monitored or
the system is down. If the port monitor is not killed
but is in the DISABLED state, it may be possible
(depending on the port monitor being used) to write a
message on the inaccessible port telling the user who
is trying to access the port that it is disabled. This
is the advantage of having a DISABLED state as well as
the NOTRUNNING state.
When a port monitor terminates, the SAC removes the utmpx
entry for that port monitor.
The SAC receives all requests to enable, disable, start, or
stop port monitors and takes the appropriate action.
The SAC is responsible for restarting port monitors that
terminate. Whether or not the SAC will restart a given port
monitor depends on two things:
+ The restart count specified for the port monitor when
the port monitor was added by sacadm; this information
is included in /etc/saf/pmtag/_sactab.
SunOS 5.8 Last change: 11 Nov 1998 2
Maintenance Commands sac(1M)
+ The number of times the port monitor has already been
restarted.
SECURITY
sac uses pam(3PAM) for session management. The PAM confi-
guration policy, listed through /etc/pam.conf, specifies the
session management module to be used for sac. Here is a par-
tial pam.conf file with entries for sac using the UNIX ses-
sion management module.
sac session required /usr/lib/security/pam_unix.so.1
If there are no entries for the sac service, then the
entries for the "other" service will be used.
OPTIONS
-t sanity_interval
Sets the frequency (sanity_interval) with which sac
polls the port monitors on the system.
FILES
/etc/saf/_sactab
/etc/saf/_sysconfig
/var/adm/utmpx
/var/saf/_log
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWcsu |
|_____________________________|_____________________________|
SEE ALSO
pmadm(1M), sacadm(1M), fork(2) pam(3PAM), pam.conf(4),
attributes(5), pam_unix(5)
SunOS 5.8 Last change: 11 Nov 1998 3