pblocald is the local daemon that runs programs, when instructed, by the appropriate policy server daemon. A socket-listener process (typically inetd, xinetd, Solaris SMF, or pblocald -d) starts pblocald. pblocald checks the command line arguments (-m or --accept_masters), the acceptmasters setting in the settings file, or the netgroup pbacceptmasters to determine the policy server hosts from which it accepts requests.

Requests from policy server daemons that are not in this list are refused. pblocald logs all diagnostic messages in the log file that is specified by the -e command line argument or by the pblocaldlog setting.

Changes that are made to the pb.settings file after the pblocald daemon is started will not affect the operation of the daemon. If you change the pb.settings file, then you must restart the daemon for the changes to take effect. If you do not restart the daemon, then the daemon continues to operate using a snapshot of the pb.settings file that was cached at the time the daemon was started.

  • Version 3.5 and earlier: long command options not supported.
  • Version 4.0 and later: long command options supported.
pblocald [options]
   -a, --syslog_accepts
   -m, --accept_masters=host_list
   -d, --daemon
   -D, --debug=<level>
   -e, --error_log=log_file_name
   -f, --foreground
   -i, --info <argument placeholder characters>
   -p, --port=port_number
   -s, --syslog
   -V, --check_version
pblocald –v | --version
pblocald --help
-a, --syslog_accepts

Optional. Records accepted tasks in the syslog.

Version 6.2 and earlier: option not available.

Version 7.0 and later: option available.

-m, --accept_masters=host_list Optional. A list of policy server hosts from which pblocald accepts secured task requests. The list can include hostnames, IP addresses, DNS SRV lookups, and external program specifications
-d, --daemon Optional. Runs as a standalone daemon instead of from inetd or xinetd. This mode listens to the port that is defined by the -p command line argument or in the localport setting.
-D, --debug=<level>

Generate debug trace logs in the same directory pointed to by pblocaldlog.

Version 7.5 and earlier: option not available.

Version 8.0 and later: option available.

-e, --error_log=log_file_name Optional. Records diagnostic messages in the file logfile instead of using the settings file entry pblocald-log.
-f, --foreground

pblocald normally spawns a child process and dissociates from the job that it starts. Although this method is beneficial when running from inetd, xinetd, or the command line, it stops pblocald from running under the init daemon (from /etc/inittab). This option prevents pblocald from dissociating and allows it to run from the inittab.

-i -info <argument placeholder characters>

On Linux, macOS, and AIX, the pblocald process replaces the argument placeholder characters with the following information about the submitting request:

  • submitting user
  • submit host
  • pbrun's pid
  • runuser
  • runargv

The format is:

submituser@submithost pid runuser: runargv

This allows an administrator to use the ps command to view more information about the running pblocald processes.

This feature is not available on HP-UX and Solaris.

-p, --port=port_number

Optional. When running as a standalone daemon, listens to the provided port instead of the default.

-s, --syslog

Optional. Sends error messages to syslog in addition to the diagnostic message file.

-s works only if /etc/syslog.conf is configured to have syslog process auth.err (or less severe) messages.

-V, --check_version

Optional. Records diagnostic messages if a connecting client version does not match the pbmasterd version

-v, --version

Optional. Displays the program version and exit.


Optional. Displays the program's help message and exit.

The /etc/pb.settings file that contains a list of valid acceptmasters hosts.

For more information, please see the following: