IPA_DB_SDB(8) IPA_DB_SDB(8)
NAME
ipa_db_sdb -- IPA simple database module (database part)
DESCRIPTION
ipa_db_sdb is an IPA database module with the following features:
- The module stores information in the ipa_sdb(5) database format;
- The module completely supports autorules, rules, limits and
thresholds;
- Access to database files can be granted accordingly to the user
group.
The name of the database is sdb.
CONFIGURATION FILE FORMAT
Configuration for the module is integrated into the ipa.conf(5) file.
The configuration prefix of this module is ``sdb''.
Following three parameters can be placed in global, rule or autorule
sections. Static rules inherit settings from the global section.
Dynamic rules inherit settings from their autorule sections, then from
the global section.
The sdb:db_dir parameter allows to define the main database directory
(the default value is /var/ipa_sdb):
sdb:db_dir = "/path/to/directory";
Since this parameter can be placed in rule or autorule section, then
any rule can have own main directory for its database files and direc-
tories.
The sdb:db_group parameter determines the group owner of a rule'e
directory:
sdb:db_group = <group>;
A group can be given by a name or as a numerical value. If a group is
given by the name, then the corresponding GID is determined during the
configuration file parsing phase. If some user belongs to the given
users group, then he or she will have access to statistics for a rule.
By default if the module opened some file, then it closes it only when
this file is not needed any more or when a rule becomes inactive. If
there are many rules (limits or thresholds), then the module can use
all available file descriptors. To close any opened file as quickly as
possible set the sdb:close_fd parameter to ``yes'' (the default value
is ``no''):
sdb:close_fd = <boolean>;
Next parameters can be placed only in the sdb: module's section:
sdb: {
/* Parameters. */
}
By default the module disallows using of symlinks in the database. To
allow symlinks in the database set the allow_symlinks parameter to
``yes'' (the default value is ``no''):
sdb: {
allow_symlinks = <boolean>;
}
The main database directory has a special file containing the version
number of the database format and the module checks version saved in
this file. To speedup the module startup in case if many main database
directories are used it is possible to turn off database format version
checking in the check_version parameter by setting it to ``no'' (the
default value is ``yes''):
sdb: {
check_version = <boolean>;
}
It is not recommended to turn off database format version checking.
Example:
db_mod "ipa_db_sdb.so";
sdb: {
allow_symlinks = yes;
}
global {
/* ... */
db_list = sdb;
sdb:db_dir = "/var/db/ipa_sdb";
sdb:db_group = staff;
}
rule 1 {
/* ... */
sdb:close_fd = yes;
}
rule 2 {
/* ... */
sdb:db_dir = "/home/my/ipa_sdb";
sdb:db_group = wheel;
}
autorule lan {
/* ... */
sdb:db_group = users;
}
First rule inherits values of sdb:db_dir and sdb:db_group parameters
from the global section. Second rule has own values for these parame-
ters. All rules generated from the given autorule will inherit the
value of the sdb:db_group parameter from the autorule.
SEE ALSO
ipa_sdb(5), ipa_st_sdb(8), ipa_sdb_dump(8)
AUTHOR
Andrey Simonenko <simon@comsys.ntu-kpi.kiev.ua>
BUGS
If you find any, please send email me.
July 19, 2007 IPA_DB_SDB(8)