opd

Overview ¶

	runner fork/exec's the requested child process connected to a
    pty passed in from the client. If the pty doesn't exist the
    process will fail.  The cmdclient package creates a pty.  The pty
    file descriptor is passed to the cmdrunner via an SCM_RIGHTS
    ancilliary message passed via main.sock. This is done through the opd
    Run RPC. Run now blocks until the process exits and returns the exit
    code from the opd child.

	A diagram of how process spawning  works is included below:

       +---------------+    main.sock      +----------------------+
       |               +------------------>+                      |
       |      opc      +<------------------+         opd          |
       |               |                   |                      |
       |.+-----------+.|                   |.+------------------+.|
       ++             ++                   ++                    ++
       ||    cmdc     ||                   ||     cmdrunner      ||
       ++             ++                   ++                    ++
       |'+-----------+'|                   |'+------------------+'|
       +^-+--------+-^-+                   +----------------------+
        | |        | |                                    |fork/exec
        | |        | |                                    V
      in/out       | |                              .+-----------+.
        | |        | |                              +  requested  +
        | |       in/out                            +   process   +
      +-+-v--+     | |                              '+---^-+-----+'
      | tty  |     | |                                   | |
      +------+     | |                                  in/out
      +------+     | |                                   | |
      | user | +---v-+-----------------------------------+-V--------+
      +------+ |                       PTY                          |
               +----------------------------------------------------+

Opd is a daemon that authorizes and runs commands from the Vyatta operational template tree.

Usage:

-debug
	Enable debug logging

-adebug
	Enable authorization debug logging

-cpuprofile=<filename>
	Defines a file which to write a cpu profile that can be parsed with go pprof.
	When defined, the daemon will begin recording cpu profile information when it
	receives a SIGUSR1 signal. Then on a subsequent SIGUSR1 it will write the profile
	information to the defined file.

-memprofile=<filename>
	Defines a file which to write a memory profile that can be parsed with go pprof.
	When defined, a heap profile will be written when the daemon receives the
	SIGUSR2 signal.

-ruleset=<filename>
	Default: "/opt/vyatta/etc/opruleset.txt"
	When defined the default path to the operational ruleset is overridden by the
	provided filename.

-tmplpath=<path>
	Default: "/opt/vyatta/share/vyatta-op/templates"
	When defined the default path to the operational templates is overridden by
	the provided path.
-pidfile=<filename>
	When defined opd will write its pid to the defined file.
-logfile=<filename>
	When defined opd will redirect its stdout and stderr to the defined file.
-user=<user>
	When defined opd will set its loginuid to the uid of this user.
-group=<group>
	When defined opd will make its main socket owned by and writeble by this group.

SIGHUP
	Issuing SIGHUP to the daemon will trigger a reread of the operational templates
	and the authorization ruleset from their defined paths. In the case of the
	authorization ruleset if an invalid file is found the ruleset will remain unchanged.