pblocald is the local daemon that runs programs, when instructed, by the appropriate policy server daemon. A socket-listener process (typically inetd, xinetd, Solaris SMF, or pblocald -d) starts pblocald. pblocald checks the command line arguments (-m or --accept_masters), the acceptmasters setting in the settings file, or the netgroup pbacceptmasters to determine the policy server hosts from which it accepts requests.
Requests from policy server daemons that are not in this list are refused. pblocald logs all diagnostic messages in the log file that is specified by the -e command line argument or by the pblocaldlog setting.
Changes that are made to the pb.settings file after the pblocald daemon is started will not affect the operation of the daemon. If you change the pb.settings file, then you must restart the daemon for the changes to take effect. If you do not restart the daemon, then the daemon continues to operate using a snapshot of the pb.settings file that was cached at the time the daemon was started.
- Version 3.5 and earlier: long command options not supported.
- Version 4.0 and later: long command options supported.
pblocald [options] -a, --syslog_accepts -m, --accept_masters=host_list -d, --daemon -D, --debug=<level> -e, --error_log=log_file_name -f, --foreground -i, --info <argument placeholder characters> -p, --port=port_number -s, --syslog -V, --check_version pblocald –v | --version pblocald --help
Optional. Records accepted tasks in the syslog.
Version 6.2 and earlier: option not available.
Version 7.0 and later: option available.
|-m, --accept_masters=host_list||Optional. A list of policy server hosts from which pblocald accepts secured task requests. The list can include hostnames, IP addresses, DNS SRV lookups, and external program specifications|
|-d, --daemon||Optional. Runs as a standalone daemon instead of from inetd or xinetd. This mode listens to the port that is defined by the -p command line argument or in the localport setting.|
Generate debug trace logs in the same directory pointed to by pblocaldlog.
Version 7.5 and earlier: option not available.
Version 8.0 and later: option available.
|-e, --error_log=log_file_name||Optional. Records diagnostic messages in the file logfile instead of using the settings file entry pblocald-log.|
pblocald normally spawns a child process and dissociates from the job that it starts. Although this method is beneficial when running from inetd, xinetd, or the command line, it stops pblocald from running under the init daemon (from /etc/inittab). This option prevents pblocald from dissociating and allows it to run from the inittab.
|-i -info <argument placeholder characters>||
On Linux, macOS, and AIX, the pblocald process replaces the argument placeholder characters with the following information about the submitting request:
The format is:
submituser@submithost pid runuser: runargv
This allows an administrator to use the ps command to view more information about the running pblocald processes.
This feature is not available on HP-UX and Solaris.
Optional. When running as a standalone daemon, listens to the provided port instead of the default.
Optional. Sends error messages to syslog in addition to the diagnostic message file.
-s works only if /etc/syslog.conf is configured to have syslog process auth.err (or less severe) messages.
Optional. Records diagnostic messages if a connecting client version does not match the pbmasterd version
Optional. Displays the program version and exit.
Optional. Displays the program's help message and exit.
The /etc/pb.settings file that contains a list of valid acceptmasters hosts.