Annotation of src/usr.bin/bgplg/bgplgsh.8, Revision 1.11
1.11 ! schwarze 1: .\" $OpenBSD: bgplgsh.8,v 1.10 2013/07/16 00:07:52 schwarze Exp $
1.1 reyk 2: .\"
1.8 reyk 3: .\" Copyright (c) 2005, 2006 Reyk Floeter <reyk@openbsd.org>
1.1 reyk 4: .\"
5: .\" Permission to use, copy, modify, and distribute this software for any
6: .\" purpose with or without fee is hereby granted, provided that the above
7: .\" copyright notice and this permission notice appear in all copies.
8: .\"
9: .\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10: .\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11: .\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12: .\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13: .\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14: .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15: .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16: .\"
1.11 ! schwarze 17: .Dd $Mdocdate: July 16 2013 $
1.6 haesbaer 18: .Dt BGPLGSH 8
1.1 reyk 19: .Os
20: .Sh NAME
21: .Nm bgplgsh
1.11 ! schwarze 22: .Nd looking glass shell for the OpenBSD Border Gateway Protocol daemon
1.1 reyk 23: .Sh SYNOPSIS
24: .Nm bgplgsh
25: .Sh DESCRIPTION
26: The
27: .Nm
28: program is a looking glass shell for the
29: .Xr bgpd 8
30: Border Gateway Protocol daemon.
31: The looking glass will provide a simple command line interface
32: with read-only access to a restricted set of
33: .Xr bgpd 8
34: and system status information, which is typically used on route
35: servers by Internet Service Providers (ISPs) and Internet eXchange
36: points (IXs).
37: .Pp
38: It requires three steps to enable the looking glass shell:
39: .Bl -enum
40: .It
41: Add
42: .Nm
43: as a valid login shell.
44: See
45: .Xr shells 5
46: for more information.
47: .Bd -literal -offset indent
48: # echo /usr/bin/bgplgsh \*(Gt\*(Gt /etc/shells
49: .Ed
50: .It
51: Create a new user for restricted looking glass access.
52: See
53: .Xr adduser 8
54: for more information about system user management.
55: .Bd -literal -offset indent
56: # adduser -shell /usr/bin/bgplgsh -batch bgplg
57: # passwd bgplg
58: .Ed
59: .It
60: Start the Border Gateway Protocol daemon with a second,
61: restricted, control socket.
62: See
1.4 sthen 63: .Xr bgpd.conf 5
1.1 reyk 64: and
65: .Xr bgplg 8
66: for more information.
67: .Pp
68: For example,
1.4 sthen 69: add the following to
70: .Pa /etc/bgpd.conf
71: to have
1.1 reyk 72: .Xr bgpd 8
1.4 sthen 73: open a second, restricted, control socket:
1.1 reyk 74: .Pp
1.9 florian 75: .Dl socket \&"/var/www/run/bgpd.rsock\&" restricted
1.1 reyk 76: .El
77: .Sh FILES
1.9 florian 78: .Bl -tag -width "/var/www/run/bgpd.rsockXX" -compact
79: .It Pa /var/www/run/bgpd.rsock
1.1 reyk 80: Position of the second, restricted, control socket of
81: .Xr bgpd 8 .
82: .El
83: .Sh SEE ALSO
84: .Xr bgpd 8 ,
85: .Xr bgplg 8
86: .Sh HISTORY
87: The
88: .Nm
89: program first appeared in
90: .Ox 4.1 .
91: The initial implementation was done in 2005 for DE-CIX, the German
92: commercial internet exchange point.
93: .Sh AUTHORS
94: The
95: .Nm
96: program was written by
1.10 schwarze 97: .An Reyk Floeter Aq Mt reyk@openbsd.org .
1.2 reyk 98: .Sh CAVEATS
99: To prevent commands from running endlessly,
100: .Nm
101: will kill the corresponding processes after a hard limit of 60 seconds.
102: For example, this can take effect when using
103: .Xr traceroute 8
104: with blackholed or bad routes.