=head1 SYNOPSIS
-B<rrdcached> [B<-l/-L> I<address>] [B<-w> I<timeout>] [B<-z> I<delay>] [B<-f> I<timeout>] [B<-j> I<dir>] [-F] [B<-b> I<dir> [B<-B>]]
+B<rrdcached>
+[B<-P>E<nbsp>I<permissions>]
+[B<-l>E<nbsp>I<address>]
+[B<-s>E<nbsp>I<group>]
+[B<-w>E<nbsp>I<timeout>]
+[B<-z>E<nbsp>I<delay>]
+[B<-f>E<nbsp>I<timeout>]
+[B<-p>E<nbsp>I<pid_file>]
+[B<-t>E<nbsp>I<write_threads>]
+[B<-j>E<nbsp>I<journal_dir>]
+[-F]
+[-g]
+[B<-b>E<nbsp>I<base_dir>E<nbsp>[B<-B>]]
=head1 DESCRIPTION
The daemon was written with big setups in mind. Those setups usually run into
IOE<nbsp>related problems sooner or later for reasons that are beyond the scope
-of this document. Check the wiki at the RRDTool homepage for details. Also
-check L<SECURITY CONSIDERATIONS> below before using this daemon! A detailed
-description of how the daemon operates can be found in the L<HOW IT WORKS>
+of this document. Check the wiki at the RRDtool homepage for details. Also
+check L</"SECURITY CONSIDERATIONS"> below before using this daemon! A detailed
+description of how the daemon operates can be found in the L</"HOW IT WORKS">
section below.
=head1 OPTIONS
Tells the daemon to bind to I<address> and accept incoming connections on that
socket. If I<address> begins with C<unix:>, everything following that prefix is
interpreted as the path to a UNIX domain socket. Otherwise the address or node
-name are resolved using L<getaddrinfo>.
+name are resolved using C<getaddrinfo()>.
For network sockets, a port may be specified by using the form
C<B<[>I<address>B<]:>I<port>>. If the address is an IPv4 address or a fully
qualified domain name (i.E<nbsp>e. the address contains at least one dot
(C<.>)), the square brackets can be omitted, resulting in the (simpler)
-C<I<address>B<:>I<port>> pattern.. The default port is B<42217/udp>.
+C<I<address>B<:>I<port>> pattern. The default port is B<42217/udp>. If you
+specify a network socket, it is mandatory to read the
+L</"SECURITY CONSIDERATIONS"> section.
The following formats are accepted. Please note that the address of the UNIX
domain socket B<must> start with a slash in the second case!
If the B<-l> option is not specified the default address,
C<unix:/tmp/rrdcached.sock>, will be used.
-=item B<-L> I<address>
+=item B<-s> I<group_name>|I<gid>
-Same as B<-l>, except creates a low-privilege socket. See B<SECURITY
-CONSIDERATIONS> for more information.
+Set the group permissions of a UNIX domain socket. The option accepts either
+a numeric group id or group name. That group will then have both read and write
+permissions (the socket will have file permissions 0750) for the socket and,
+therefore, is able to send commands to the daemon. This
+may be useful in cases where you cannot easily run all RRD processes with the same
+user privileges (e.g. graph generating CGI scripts that typically run in the
+permission context of the web server).
+
+This option affects the I<following> UNIX socket addresses (the following
+B<-l> options), i.e., you may specify different settings for different
+sockets.
+
+The default is not to change ownership or permissions of the socket and, thus,
+use the system default.
+
+=item B<-m> I<mode>
+
+Set the file permissions of a UNIX domain socket. The option accepts an octal
+number representing the bit pattern for the mode (see L<chmod(1)> for
+details).
+
+Please note that not all systems honor this setting. On Linux, read/write
+permissions are required to connect to a UNIX socket. However, many
+BSD-derived systems ignore permissions for UNIX sockets. See L<unix(7)> for
+details.
+
+This option affects the I<following> UNIX socket addresses (the following
+B<-l> options), i.e., you may specify different settings for different
+sockets.
+
+The default is not to change ownership or permissions of the socket and, thus,
+use the system default.
+
+=item B<-P> I<command>[,I<command>[,...]]
+
+Specifies the commands accepted via a network socket. This allows
+administrators of I<RRDCacheD> to control the actions accepted from various
+sources.
+
+The arguments given to the B<-P> option is a comma separated list of commands.
+For example, to allow the C<FLUSH> and C<PENDING> commands one could specify:
+
+ rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS
+
+The B<-P> option affects the I<following> socket addresses (the following B<-l>
+options). In the following example, only the IPv4 network socket (address
+C<10.0.0.1>) will be restricted to the C<FLUSH> and C<PENDING> commands:
+
+ rrdcached -l unix:/some/path -P FLUSH,PENDING -l 10.0.0.1
+
+A complete list of available commands can be found in the section
+L</"Valid Commands"> below. There are two minor special exceptions:
+
+=over 4
+
+=item *
+
+The C<HELP> and C<QUIT> commands are always allowed.
+
+=item *
+
+If the C<BATCH> command is accepted, the B<.>E<nbsp>command will automatically
+be accepted, too.
+
+=back
+
+Please also read L</"SECURITY CONSIDERATIONS"> below.
=item B<-w> I<timeout>
Sets the name and location of the PID-file. If not specified, the default,
C<I<$localststedir>/run/rrdcached.pid> will be used.
+=item B<-t> I<write_threads>
+
+Specifies the number of threads used for writing RRD files. The default
+isE<nbsp>4. Increasing this number will allow rrdcached to have more
+simultaneous I/O requests into the kernel. This may allow the kernel to
+re-order disk writes, resulting in better disk throughput.
+
=item B<-j> I<dir>
Write updates to a journal in I<dir>. In the event of a program or system
ALWAYS flush all updates to the RRD data files when the daemon is shut
down, regardless of journal setting.
+=item B<-g>
+
+Run in the foreground. The daemon will not fork().
+
=item B<-b> I<dir>
The daemon will change into a specific directory at startup. All files passed
The following commands may be made aware of the B<rrdcached> using the command
line argument B<--daemon> or the environment variable B<RRDCACHED_ADDRESS>:
-=over 4
+=over
+
+=item *
+
+dump
+
+=item *
+
+fetch
+
+=item *
+
+flush
+
+=item *
+
+graph
+
+=item *
-=item B<dump>
+graphv
-=item B<fetch>
+=item *
-=item B<flush>
+info
-=item B<graph>
+=item *
-=item B<graphv>
+last
-=item B<info>
+=item *
-=item B<last>
+lastupdate
-=item B<lastupdate>
+=item *
-=item B<update>
+update
-=item B<xport>
+=item *
+
+xport
=back
are printed to C<STDERR>. One of the steps when starting up is to fork to the
background and closing C<STDERR> - after this writing directly to the user is
no longer possible. Once this has happened, the daemon will send log messages
-to the system logging daemon using L<syslog(3)>. The facility used is
+to the system logging daemon using syslog(3). The facility used is
C<LOG_DAEMON>.
=head1 HOW IT WORKS
When appending a value to a tree node, it is checked whether it's time to write
the values to disk. Values are written to disk if
S<C<now() - First E<gt>= timeout>>, where C<timeout> is the timeout specified
-using the B<-w> option, see L<OPTIONS>. If the values are "old enough" they
+using the B<-w> option, see L</OPTIONS>. If the values are "old enough" they
will be enqueued in the "update queue", i.E<nbsp>e. they will be appended to
the linked list shown below. Because the tree nodes and the elements of the
linked list are the same data structures in memory, any update to a file that
=head1 SECURITY CONSIDERATIONS
-The client/server protocol does not have any authentication or
-authorization mechanism. Therefore, take care to restrict which users can
-connect to the daemon.
+=head2 Authentication
-Control sockets are divided into high-privilege (B<-l>) and low-privilege
-(B<-L>) sockets. High-privilege sockets accept all commands, whereas
-low-privilege sockets accept only B<FLUSH>, B<STATS>, and B<HELP>.
+There is no authentication.
-For a multi-user environment where only certain users require read/write
-access, the recommended configuration uses two sockets as follows:
+The client/server protocol does not yet have any authentication mechanism. It
+is likely that authentication and encryption will be added in a future version,
+but for the time being it is the administrator's responsibility to secure the
+traffic from/to the daemon!
-=over
+It is highly recommended to install a packet filter or similar mechanism to
+prevent unauthorized connections. Unless you have a dedicated VLAN or VPN for
+this, using network sockets is probably a bad idea!
-=item B<-l> I</protected/dir/rrd.sock>
+=head2 Authorization
-Create a high-privilege unix-domain socket. This should be protected with
-the same Unix permissions that are used to protect the RRD files. Updates
-should be directed to this socket.
+There is minimal per-socket authorization.
-=item B<-L> I<127.0.0.1>
+Authorization is currently done on a per-socket basis. That means each socket
+has a list of commands it will accept and it will accept. It will accept only
+those commands explicitly listed but it will (currently) accept these commands
+from anyone reaching the socket.
-Create a low-privilege TCP socket listening on localhost. All users on
-the local system may use this to trigger FLUSH of individual files. Users
-with read-only access should be directed to this socket.
+If the networking sockets are to be used, it is necessary to restrict the
+accepted commands to those needed by external clients. If, for example,
+external clients want to draw graphs of the cached data, they should only be
+allowed to use the C<FLUSH> command.
-=back
+=head2 Encryption
-If you (want to) use the network capability, i.E<nbsp>e. let the daemon bind to
-an IPv4 or IPv6 socket, it is B<your> job to install a packet filter or similar
-mechanism to prevent unauthorized connections. Unless you have a dedicated VLAN
-or VPN for this, using the network option is probably a bad idea!
+There is no encryption.
+
+Again, this may be added in the future, but for the time being it is your job
+to keep your private data private. Install a VPN or an encrypted tunnel if you
+statistics are confidential!
+
+=head2 Sanity checking
+
+There is no sanity checking.
The daemon will blindly write to any file it gets told, so you really should
create a separate user just for this daemon. Also it does not do any sanity
checks, so if it gets told to write values for a time far in the future, your
files will be messed up good!
+=head2 Conclusion
+
+=over 4
+
+=item *
+
+Security is the job of the administrator.
+
+=item *
+
+We recommend to allow write access via UNIX domain sockets only.
+
+=item *
+
You have been warned.
+=back
+
=head1 PROTOCOL
The daemon communicates with clients using a line based ASCII protocol which is
easy to read and easy to type. This makes it easy for scripts to implement the
-protocol and possible for users to use L<telnet> to connect to the daemon
+protocol and possible for users to use telnet to connect to the daemon
and test stuff "by hand".
The protocol is line based, this means that each record consists of one or more
After the connection has been established, the client is expected to send a
"command". A command consists of the command keyword, possibly some arguments,
and a terminating newline character. For a list of commands, see
-L<Valid Commands> below.
+L</"Valid Commands"> below.
Example:
Returns a list of metrics which can be used to measure the daemons performance
and check its status. For a description of the values returned, see
-L<Performance Values> below.
+L</"Performance Values"> below.
The format in which the values are returned is similar to many other line based
protocols: Each value is printed on a separate line, each consisting of the
=item B<UPDATE> I<filename> I<values> [I<values> ...]
Adds more data to a filename. This is B<the> operation the daemon was designed
-for, so describing the mechanism again is unnecessary. Read L<HOW IT WORKS>
+for, so describing the mechanism again is unnecessary. Read L</"HOW IT WORKS">
above for a detailed explanation.
Note that rrdcached only accepts absolute timestamps in the update values.
=head1 AUTHOR
-B<rrdcached> and this manual page have been written by Florian Forster
-E<lt>octoE<nbsp>atE<nbsp>verplant.orgE<gt>.
+Florian Forster E<lt>octoE<nbsp>atE<nbsp>verplant.orgE<gt>
+
+Both B<rrdcached> and this manual page have been written by Florian.
=head1 CONTRIBUTORS
projects / rrdtool.git / blobdiff