SAC(8) Maintenance Commands and Procedures SAC(8)
NAME
sac - service access controller
SYNOPSIS
sac -t sanity_interval /usr/lib/saf/sacDESCRIPTION
The Service Access Controller (SAC) is the overseer of the server
machine. It is started when the server machine enters multiuser mode.
The
SAC performs several important functions as explained below.
Customizing the SAC Environment
When
sac is invoked, it first looks for the per-system configuration
script
/etc/saf/_sysconfig.
sac interprets
_sysconfig to customize
its own environment. The modifications made to the
SAC environment by
_sysconfig are inherited by all the children of the
SAC. This
inherited environment may be modified by the children.
Starting Port Monitors
After it has interpreted the
_sysconfig file, the
sac reads its
administrative file
/etc/saf/_sactab.
_sactab specifies which port
monitors are to be started. For each port monitor to be started,
sac forks a child (see
fork(2)) and creates a
utmpx entry with the
type field set to
LOGIN_PROCESS. Each child then interprets its per-port
monitor configuration script
/etc/saf/pmtag/_config , if the file
exists. These modifications to the environment affect the port
monitor and will be inherited by all its children. Finally, the child
process
execs the port monitor, using the command found in the
_sactab entry. (See
sacadm; this is the command given with the
-c option when the port monitor is added to the system.)
Polling Port Monitors to Detect Failure
The
-t option sets the frequency with which
sac polls the port
monitors on the system. This time may also be thought of as half of
the maximum latency required to detect that a port monitor has failed
and that recovery action is necessary.
Administrative functions
The Service Access Controller represents the administrative point of
control for port monitors. Its administrative tasks are explained
below.
When queried (
sacadm with either
-l or
-L), the Service Access
Controller returns the status of the port monitors specified, which
sacadm prints on the standard output. A port monitor may be in one of
six states:
ENABLED The port monitor is currently running and is accepting
connections. See
sacadm(8) with the
-e option.
DISABLED The port monitor is currently running and is not
accepting connections. See
sacadm with the
-d option,
and see
NOTRUNNING, below.
STARTING The port monitor is in the process of starting up.
STARTING is an intermediate state on the way to
ENABLED or
DISABLED.
FAILED The port monitor was unable to start and remain
running.
STOPPING The port monitor has been manually terminated but has
not completed its shutdown procedure.
STOPPING is an
intermediate state on the way to
NOTRUNNING.
NOTRUNNING The port monitor is not currently running. (See
sacadm with
-k.) This is the normal "not running" state. When
a port monitor is killed, all ports it was monitoring
are inaccessible. It is not possible for an external
user to tell whether a port is not being monitored or
the system is down. If the port monitor is not killed
but is in the
DISABLED state, it may be possible
(depending on the port monitor being used) to write a
message on the inaccessible port telling the user who
is trying to access the port that it is disabled. This
is the advantage of having a
DISABLED state as well as
the
NOTRUNNING state.
When a port monitor terminates, the
SAC removes the
utmpx entry for
that port monitor.
The
SAC receives all requests to enable, disable, start, or stop port
monitors and takes the appropriate action.
The
SAC is responsible for restarting port monitors that terminate.
Whether or not the
SAC will restart a given port monitor depends on
two things:
o The restart count specified for the port monitor when the
port monitor was added by
sacadm; this information is
included in
/etc/saf/pmtag/_sactab. o The number of times the port monitor has already been
restarted.
SECURITY
sac uses
pam(3PAM) for session management. The
PAM configuration
policy, listed through
/etc/pam.conf, specifies the session
management module to be used for
sac. Here is a partial
pam.conf file
with entries for
sac using the UNIX session management module.
sac session required pam_unix_session.so.1
If there are no entries for the
sac service, then the entries for the
"other" service will be used.
OPTIONS
-t sanity_interval Sets the frequency (
sanity_interval) with which
sac polls the port monitors on the system.
FILES
o
/etc/saf/_sactab o
/etc/saf/_sysconfig o
/var/adm/utmpx o
/var/saf/_logSEE ALSO
pmadm(8),
sacadm(8),
fork(2) pam(3PAM),
pam.conf(5),
attributes(7),
pam_authtok_check(7),
pam_authtok_get(7),
pam_authtok_store(7),
pam_dhkeys(7),
pam_passwd_auth(7),
pam_unix_account(7),
pam_unix_auth(7),
pam_unix_session(7)NOTES
The
pam_unix(7) module is no longer supported. Similar functionality
is provided by
pam_authtok_check(7),
pam_authtok_get(7),
pam_authtok_store(7),
pam_dhkeys(7),
pam_passwd_auth(7),
pam_unix_account(7),
pam_unix_auth(7), and
pam_unix_session(7).
The service access controller service is managed by the service
management facility,
smf(7), under the service identifier:
svc:/system/sac:default
Administrative actions on this service, such as enabling, disabling,
or requesting restart, can be performed using
svcadm(8). The
service's status can be queried using the
svcs(1) command.
April 21, 2009 SAC(8)
