Name
resmgrd — resource manager daemon
Synopsis
resmgrd  [-s socket] [-f configfile] [-k] [-d]
Description
      resmgrd is a resource manager that allows applications to access and
      lock device files. It supports hot-plugging, i.e. devices can be added
      to a resource class as they become available, and can be removed when
      unplugged.
    
      Devices are grouped in so-called resource classes. Each device in a
      resource class has an associated flag that defines whether applications
      are permitted to open it for reading and writing, or for reading only.
      The devices in a resource class can be defined in the static configura-
      tion file, but they can also be added and removed dynamically by a hot-
      plugging daemon.
    
      For most purposes, having a single resource class will be enough, but
      you can have several if you want.
    
      Access control to device files happens at the resource class level as
      well. Users can be granted the right to access devices from a certain
      resource class. Again, access control can be defined statically in the
      configuration file, or dynamically.
    
      Applications communicate with resmgrd through an AF_LOCAL socket. When
      the client wants to access a device file, it asks the resource manager
      to do so. If permitted by the access control lists, the resource man-
      ager will open the device file and pass the open file descriptor back
      to the client via the AF_LOCAL socket.
    
      Additionally, applications can use the resource manager to lock and
      unlock a device file. This happens via traditional UUCP-style lock
      files in /var/lock. The main purpose of this is to allow applications
      using serial devices to continue using UUCP-style locks.
    
      All other operations, such as adding devices to a resource class, or
      granting a user access to a class, are restricted to the administrator.
    
Support for file ACLs
      Since patching every application for resmgr support is not
      possible, especially not for binary only applications, resmgr
      also supports file system ACLs in addition to the
      fd-over-socket feature. When a user logs in and is granted
      access to a certain class, resmgr walks all devices in that
      class and installs an ACL entry on it in the filesystem. When
      the user logs out, the ACL is removed again. If multiple users
      log in, multiple ACLs entries are installed.
    
      As a fallback if the underlying filesystem of a device does
      not support ACLs, resmgr changes the owner of the file to the
      first user that is granted access to it. This is bascially
      what pam_logindevperm and pam_console do.
      
    
Options
      resmgrd understands the following command line options:
      
-k	      Kill a running resmgr daemon.
	    
-d	      Don't fork to become a daemon, enable debug output.
	    
-f configfile	      use a different configuration file than
	      
/etc/resmgr.conf. This option is
	      mostly for debugging and testing purposes.
	    
-s socket	      specifies the name of the socket on which the resource
	      manager daemon should listen. This option is mostly
	      for debugging and testing purposes.
	    
 
    
Status Codes
      Replies by resmgrd begin with a numeric status code, indicating success
      or failure. In case of an error, the status code is followed by a human
      readable explanation of the error condition.
    
      Currently, the following status codes are defined:
      
	    100
	  
	      The operation completed successfully.
	    
	    200
	  
	      No devices available to user.
	    
	    201
	  
	      There are currently no resmgr sessions active.
	    
	    202
	  
	      resmgrd discovered a stale lock file when trying to
	      create a lock file.
	    
	    500
	  
	      General error.
	    
	    501
	  
	      Syntax error in the command sent by the client.
	    
	    502
	  
	      Access denied. The operation was not allowed, or the
	      user is not permitted to open the requested device.
	    
 
    
See Also
      
resmgr(1)      
resmgr.conf(5)    
