Man Linux: Main Page and Category List

NAME

       tcpquotad - The TCPQuota daemon.

SYNOPSIS

       tcpquotad [options]

DESCRIPTION

       This  is  the  engine  of  the  TCPQuota system. It checks the files in
       ’/proc/net/’ for connects to the outside  world  and  the  mSQL  tables
       ’allowed’  and  ’masq’. The daemon closes a host if it is not listed in
       the mSQL table ’masq’, it kills a users processes if the  user  is  not
       allowed  to  use  the  TCP  link  _OR_  if the user have gone below the
       minimum quota value.

NOTES

       The following signals have the specified effect when sent to the server
       process using the kill(1) command:

       SIGHUP
                 Causes server to reload the configuration file.

       SIGTERM SIGINT SIGQUIT SIGKILL
                 Causes the server to clean the firewall entries
                 and the masquerading table from entries, and to
                 exit cleanly

       SIGUSR1
                 Turns on debugging

       SIGUSR2
                 Turns off debugging

MSQL TABLES

       tcptab  -  This  is the main quota table in the database, this contains
       the columns: name and quota.

       name - contains the username of the user allowed
       quota - contains the quota points of the user allowed This is  measured
       in seconds.

       allowed  -  This is the table that holds the username of the users that
       are allowed to use the ’Net link.  A user can exist in the tcptab table
       without being registered here. This is so that one can turn off a user,
       without removing it’s points.  It only contain one column: name.

       name - contains the username of the user allowed

       periodtab - xx

       masq - This is the table that holds the information on which host’s and
       user’s  that  the firewall is opened for.  If one, for example executes
       the  program  openfw   without   parameters,   it   checks   the   file
       /etc/tcpquota/tcpquota.cf for the lines:

            GROUPS=GROUP1
            GROUP1=xxx yyy zzz

       Which  means  that there are one computer group (GROUP1) which contains
       the host’s xxx, yyy and zzz.  If you have logged  in  on  the  firewall
       from  host zzz it opens the host’s xxx, yyy and zzz for ’Net access for
       free (it depits the TCPQuota user ’free’, which does not need to be  an
       existing  system  user).  This  user can go under any value you set for
       MIN_QUOTA in the config file. This table contains  the  columns:  host,
       name, cnts, tic, counter, open and free

       host - Is the IP nummer of the host that the firewall is opened for.
       name  -  Is  the username of the user that have opened the firewall for
       the specified host.
       cnts - Number of connects for the specified host
       tic - Number of ticks since the table was uppdated
       counter - ....
       open - This is for used by the support programs, openfw and openhost to
       trigger the opening/closing of the firewall.

            If the support programs write a:
            3 - means that the firewall should be closed.
            2 - means that it should be opened.

            And the daemon writes a:
            1 - the firewall is opened.
            0 - the firewall is closed.

       free  -  This is 1 if the user is allowed free access to the link and 0
       if not...

       logging - Contains the logging about  who  have  changed  the  TCPQuota
       database when...
       This table contains the columns: when, user and action

       when   -   Is   the   date   when   the   database  administrator  have
       added/removed/changed quota points for another user
       user - The name of the database administrator  that  have  changed  the
       database
       action - What have the administrator done?

       logging_openfw  - Contains the logging about who have opened/closed the
       firewall for free/admin access when...
       This table contains the columns: when, user and action

       when - Is the date when the database administrator  have  opened/closed
       the firewall for access...
       user - The name of the person that have opened/closed the firewall
       action  - What have the administrator done (opened/closed, which set of
       computers)?

MSQL EXAMPLE

       Running msql (1) one can do:

            SELECT quota FROM tcptab WHERE name LIKEfree\\g

       And you’ll get something like this:

        +----------+
        | quota    |
        +----------+
        | -1008888 |
        +----------+

       This is the number of quota points the user have left to  spend...  (In
       this  perticular example, you’ll get a negative value, which means that
       this is how much the user have spend...)

            SELECT masq.host, tcptab.name, tcptab.quota FROM      tcptab, masq
       WHERE masq.host LIKE42.42.40.66      AND tcptab.name LIKEfree\\g

       You’ll get an output something like this:

        +-----------------+----------------------+----------+
        | host            | name                 | quota    |
        +-----------------+----------------------+----------+
        | 42.42.40.66     | free                 | -1008888 |
        +-----------------+----------------------+----------+

       This  means  that  the  user  free  is  allowed  free  access from host
       42.42.40.66 and have accumulated a  negative  quota  value  of  1008888
       points (seconds).

       You  naturally  have  to  exchange  the  IP number and username to your
       values... For more information on how to use mSQL can be found  in  the
       manual page for msql.

FILES

       /etc/tcpquota/tcpquota.cf  -  Main  configuration  file  for  the whole
       TCPQuota system

       /etc/tcpquota/tcpquota.cf.debug - Configuration file used when  started
       in debug mode

       /etc/init.d/tcpquota.init  -  Used to start and stop the daemon at boot
       time

       /etc/cron.weekly/tcpquotad - Cron script to  rotate  the  tcpquota  log
       files

       /var/log/tcpquotad.log - Log file for the daemon

OPTIONS

       --debug
              Run  the  daemon  in  debug mode, do not fork, print extra debug
              output.

SEE ALSO

       tcpquota.cf(5), msql(5), relshow(1)

AUTHOR

       Turbo Fredriksson, <turbo@tripnet.se>
       Martin Budsjoe, <marbud@tripnet.se>