Name
resmgrd ??? resource manager daemon
Synopsis
resmgrd
[-s
socket
] [-f
configfile
] [-k] [-d]
Description
resmgrd is a resource manager that allows applications to access and
lock device files. It supports hot-plugging, i.e. devices can be added
to a resource class as they become available, and can be removed when
unplugged.
Devices are grouped in so-called resource classes. Each device in a
resource class has an associated flag that defines whether applications
are permitted to open it for reading and writing, or for reading only.
The devices in a resource class can be defined in the static configura-
tion file, but they can also be added and removed dynamically by a hot-
plugging daemon.
For most purposes, having a single resource class will be enough, but
you can have several if you want.
Access control to device files happens at the resource class level as
well. Users can be granted the right to access devices from a certain
resource class. Again, access control can be defined statically in the
configuration file, or dynamically.
Applications communicate with resmgrd through an AF_LOCAL socket. When
the client wants to access a device file, it asks the resource manager
to do so. If permitted by the access control lists, the resource man-
ager will open the device file and pass the open file descriptor back
to the client via the AF_LOCAL socket.
Additionally, applications can use the resource manager to lock and
unlock a device file. This happens via traditional UUCP-style lock
files in /var/lock. The main purpose of this is to allow applications
using serial devices to continue using UUCP-style locks.
All other operations, such as adding devices to a resource class, or
granting a user access to a class, are restricted to the administrator.
Support for file ACLs
Since patching every application for resmgr support is not
possible, especially not for binary only applications, resmgr
also supports file system ACLs in addition to the
fd-over-socket feature. When a user logs in and is granted
access to a certain class, resmgr walks all devices in that
class and installs an ACL entry on it in the filesystem. When
the user logs out, the ACL is removed again. If multiple users
log in, multiple ACLs entries are installed.
As a fallback if the underlying filesystem of a device does
not support ACLs, resmgr changes the owner of the file to the
first user that is granted access to it. This is bascially
what pam_logindevperm and pam_console do.
Options
resmgrd understands the following command line options:
-k
Kill a running resmgr daemon.
-d
Don't fork to become a daemon, enable debug output.
-f
configfile
use a different configuration file than
/etc/resmgr.conf
. This option is
mostly for debugging and testing purposes.
-s
socket
specifies the name of the socket on which the resource
manager daemon should listen. This option is mostly
for debugging and testing purposes.
Status Codes
Replies by resmgrd begin with a numeric status code, indicating success
or failure. In case of an error, the status code is followed by a human
readable explanation of the error condition.
Currently, the following status codes are defined:
100
The operation completed successfully.
200
No devices available to user.
201
There are currently no resmgr sessions active.
202
resmgrd discovered a stale lock file when trying to
create a lock file.
500
General error.
501
Syntax error in the command sent by the client.
502
Access denied. The operation was not allowed, or the
user is not permitted to open the requested device.
See Also
resmgr
(1)
resmgr.conf
(5)
