Contains the administrative list for the Basic OverSeer (BOS) Server
Description
The admin.bos file is an administrative list of all users and groups that can use the Basic OverSeer Server (BOS Server) to manage server processes on a
server machine. The admin.bos file usually includes the UUIDs of users and groups only; it is not necessary to add a server machine to the admin.bos file.
The BOS server, or bosserver process, runs on every DFS server machine in a domain. An admin.bos file must reside on each machine running the bosserver process.
A user must be represented in the admin.bos file on a machine (either directly or indirectly, through a group) to issue commands that affect the server processes on that machine (for example, to create, start, or stop processes). Because system administrators listed in the admin.bos file can issue bos commands, they can cause DFS server processes to run with DFS authorization checking disabled. Because inclusion in the admin.bos file gives an administrator such additional privileges, the administrators listed in the admin.bos file are usually a subset of the users in the administrative lists for a server machine or domain.
Each time the BOS Server is started on any machine, it automatically creates the dcelocal/var/dfs/admin.bos file if the file does not already exist. Once the file exists, principals and groups can be added to it with the bos addadmin command, and they can be removed from it with the bos rmadmin command. The bos lsadmin command can be used to list the principals and groups currently in the file. Because administrative lists are stored as binary files, you must use these commands to modify them; you cannot edit them directly.
The admin.bos file should be stored in the directory named dcelocal/var/dfs on each server machine. If it is stored in a different directory, the full pathname of the file must be specified when the BOS Server is started. Do not create multiple copies of the admin.bos file and store them in different directories on the same machine; unauthorized users may be able to use the extraneous copies to access the BOS Server.
It is recommended that a single version of the admin.bos file be created and maintained on a domain System Control machine. The upclient processes running on the domain's server machines can then reference the file via the upserver process running on the System Control machine.
Independent versions of the admin.bos file should not be maintained on each server machine in a domain. Doing so may result in a system administrator being permitted to manage processes on one machine but not on another.
(Note that a Private File Server machine might have a separate admin.bos file. The administrative users included in such a file would represent a superset of the administrative users listed in the domain's admin.bos file, the additional members being the users who are to administer the Private File Server machine.)
Related Information
Commands: bos addadmin(8dfs)