Sync with FreeBSD. This removes the need for perl.
[dragonfly.git] / release / picobsd / doc / src / UCI.html
1 <html>
2 <! $FreeBSD: src/release/picobsd/doc/src/UCI.html,v 1.4 1999/08/28 01:33:24 peter Exp $ >
3 <! $DragonFly: src/release/picobsd/doc/src/Attic/UCI.html,v 1.2 2003/06/17 04:27:20 dillon Exp $ >
4 <body>
5 <h1><center>            Unified Configuration Interface Project
6 </center></h1>
7
8 <p>The idea behind this project is to completely replace currently
9 used configuration approach, which is based on several shell scripts, and to
10 provide ability to change system behaviour basing on set of well-defined
11 parameters' hierarchy. One of the goals is also to provide an object
12 oriented model of the OS management and structure, instead of currently
13 used (inconsistent) procedural model of system/service startup/shutdown.</p>
14
15 <p>This project involves such issues as:
16 <ul>
17 <li>
18 providing consistent view of the system and its functional subsystems as
19 a set of interrelated objects equipped with certain properties.
20 </li>
21 <li>
22 providing global approach to user interface, either command-line or with GUI
23 front-ends.
24 </li>
25 <li>
26 managing system resources and subsystems. This includes managing
27 static and dynamic interdependencies between subsystems, ability to
28 upgrade/downgrade specific subsystems on-the-fly.
29 </li>
30 </ul>
31 </p>
32
33 <p><i><b>This is work in progress</b> - I'm aware that many pieces
34 are either completely missing or misplaced. Please send any comments and
35 changes you seem appropriate either directly to me, or better to
36 freebsd-small@freebsd.org. I'll gladly welcome anyone who can help with
37 design and/or implementation.</i></p>
38
39
40 <hr>
41
42 <h1><center>            Unified Configuration Interface
43 </center></h1>
44
45 <ul>
46 <li>
47 <p>Let's first introduce the following terms:
48 <ul>
49 <li>
50 <b>management base</b> - the actual structure holding configuration and
51 information data according to defined structure. This structure will most
52 probably have a form of tree (possibly with cross-branch links or some other
53 mechanism representing mutual dependencies) - the way it's stored is
54 something which needs to be discussed.
55 </li>
56 <li>
57 <b>user interface</b> - a method (and agent) for presenting data stored in
58 management base in such a way that it can be viewed and modified by
59 legitimate users.
60 </li>
61 <li>
62 <b>system monitor</b> - an entity performing actual configuration and monitoring
63 tasks, from one side dealing with management base, and from the other
64 dealing with the system resources and subsystems, and from yet another dealing
65 either directly with the user (thus acting as a user interface),
66 or passing requests to other entity which acts as user interface.
67 </li>
68 <li>
69 <b>subsystem</b> - a package containing programs, configuration data, as well
70 as installing/deinstalling/start/stop stubs, which form together one logical
71 entity performing specific services on behalf of the system. Each subsystem
72 is viewed as an object with specific properties, dependencies, which is able
73 to generate events, service general requests common to all such subsystems,
74 and provide specific services to other subsystems.
75 </li>
76 </ul>
77 </li>
78 <li>
79 <p>One possible approach to storing the management data is to use already
80 existing framework known as MIB, as defined in applicable RFCs.</p>
81
82 <p>This approach has several advantages: it represents well thought-out work
83 of many experienced individuals and teams, it has already proven to be
84 useful, it's widely used and accepted, it's easily extensible, it's able to
85 represent quite complicated objects, etc.</p>
86
87 <p>It has some drawbacks, as well: e.g. there is no standard mechanism for
88 representing events and indirectly related objects, it tends to create
89 deep and narrow trees which require to descent several levels to change some
90 commonly used parameters, it doesn't say anything about the mutual
91 dependencies between objects and parameters (except parent-child-sibling),
92 and about required sequence to properly set their parameters, etc.</p>
93
94 <p>These issues are not directly addressed in standards, and real
95 implementations (known to me) have to implement these additional mechanisms
96 "behind the scenes", so that their workings are not obvious nor easily
97 accessible (let alone changeable).</p>
98
99 <p>So, if we decide to use it, we need to address these issues somehow.
100 The next point presents one possible approach to this dilemma.</p>
101 </li>
102 <li>
103 <p>The term "object" used in the following discussion represents a functional
104 subsystem, such as system service, usually performed by some specific
105 process (or, a set of global system parameters, in which case the system
106 monitor agent is the service itself). </p>
107
108 <p>Each object represented in management base can be characterized by
109 following properties:
110 <ul>
111 <li>
112 its internal state, possibly consisting of several parameters and currently
113 performed functions, but represented to the rest of the system as a symbolic
114 state, one of set of states common to all objects.
115 </li>
116 <li>
117 a temporary space for new sets of parameters, which are being supplied by
118 other subsystems, prior to their actual application,
119 </li>
120 <li>
121 FSM definition, describing state transitions in reaction to received events,
122 </li>
123 <li>
124 list of events it can generate and accept,
125 </li>
126 <li>
127 list of dependencies on other objects' states and services,
128 </li>
129 <li>
130 list of requests it can handle,
131 </li>
132 <li>
133 list of parameters it can accept and/or provide, with their valid ranges.
134 </li>
135 </ul>
136 </p>
137
138 <p>A few words on system startup: the system startup routines should ensure
139 that dependencies can be unwound into linear, ordered list. If it's not
140 possible, they should detect possible deadlocks at runtime, and act as an
141 arbiter between conflicting parties (or signal an error). In case of
142 unsatisfied dependency on some missing subsystem, the system monitor will
143 act appropriately as described below (in paragraph on request handling).</p>
144
145 <p>The <b>set of symbolic states</b> may consist of the following states,
146 depicting object's current internal state (as described by its FSM):
147
148 <center><table border>
149 <tr><th>Name</th><th>Meaning</th></tr>
150 <tr>
151 <td>INIT</td><td>the subsystem is initializing itself, possibly loading
152 necessary data and binaries from permanent storage.</td>
153 </tr>
154 <tr>
155 <td>CHECK</td><td>performing consistency check on newly supplied parameter values</td>
156 </tr>
157 <tr>
158 <td>READY</td><td>ready to start performing its primary function, but not started</td>
159 </tr>
160 <tr>
161 <td>START</td><td>start-up tasks (related to its primary function, as opposed
162 to INIT which is related to its own initialization)</td>
163 </tr>
164 <tr>
165 <td>STOP</td><td>stop (shutdown) tasks (when the object intends to stop
166 performing its function). This can involve unloading data and binaries from
167 main memory.</td>
168 </tr>
169 <tr>
170 <td>RUN</td><td>primary (work) phase</td>
171 </tr>
172 <tr>
173 <td>IDLE</td><td>waiting for some external event to happen</td>
174 </tr>
175 <tr>
176 <td>BUSY</td><td>the subsystem is busy (either with performing some
177 high-priority task, or just simply hung), and cannot be interrupted without
178 complete restart,</td>
179 </tr>
180 <tr>
181 <td>ERROR</td><td>this object is either improperly configured, or
182 malfunctioning</td>
183 </tr>
184 <tr>
185 <td>(other...)</td><td>(other...)</td>
186 </tr>
187 </table></center>
188 </p>
189
190 <p>The <b>set of possible actions</b> may include the following actions:</p>
191
192 <center><table border>
193 <tr><th>Name</th><th>Meaning</th></tr>
194 <tr>
195 <td>LIST_EV_REQ</td><td>get list of events the subsystem can generate</td>
196 </tr>
197 <tr>
198 <td>LIST_ACT_REQ</td><td>get list of actions the subsystem can respond to</td>
199 </tr>
200 <tr>
201 <td>GET_DEF_REQ</td><td>get definition of given parameter (the arguments, and
202 valid ranges)</td>
203 </tr>
204 <tr>
205 <td>SET_REQ</td><td>set given parameter to given value (this value will
206 be used only after COMMIT_REQ)</td>
207 </tr>
208 <tr>
209 <td>GET_REQ</td><td>get currently used value of given parameter</td>
210 </tr>
211 <tr>
212 <td>COMMIT_REQ</td><td>commit changes supplied in last transaction to currently
213 used set of parameters</td>
214 </tr>
215 <tr>
216 <td>ROLLBACK_REQ</td><td>revert last commit</td>
217 </tr>
218 <tr>
219 <td>INIT_REQ</td><td>perform initialization tasks</td>
220 </tr>
221 <tr>
222 <td>START_REQ</td><td>start performing primary function</td>
223 </tr>
224 <tr>
225 <td>STOP_REQ</td><td>stop performing primary function</td>
226 </tr>
227 <tr>
228 <td>RESTART_REQ</td><td>restart operation, possibly forcefully</td>
229 </tr>
230 <tr>
231 <td>NOTIFY_REQ</td><td>notify me of any changes in your state</td>
232 </tr>
233 <tr>
234 <td>CHECK_REQ</td><td>perform self-consistency check</td>
235 </tr>
236 <tr>
237 <td>UPGRADE_REQ</td><td>upgrade the subsystem - this possibly involves
238 downloading necessary pieces via network to permanent storage area. The
239 upgrade process should be transactional, and should save the older version
240 of the subsystem in case the DOWNGRADE_REQ should be issued.</td>
241 </tr>
242 <tr>
243 <td>DOWNGRADE_REQ</td><td>downgrade the subsystem - restore the previous
244 version of the subsystem from the copy on permanent storage.</td>
245 </tr>
246 <tr>
247 <td>UNINSTALL_REQ</td><td>uninstall the subsystem completely - possibly
248 freeing the space on permanent storage.</td>
249 </tr>
250 <tr>
251 <td>(other...)</td><td>(other...)</td>
252 </tr>
253 </table></center>
254 <p><i>(Each request includes source service identifier and credentials of
255 the sender)</i></p>
256
257 <p>The <b>set of events</b> which can be generated by subsystems may include
258 the following:</p>
259
260 <center><table border>
261 <tr><th>Name</th><th>Meaning</th></tr>
262 <tr>
263 <td>EV_ACK</td><td>positive acknowledge of the last operation</td>
264 </tr>
265 <tr>
266 <td>EV_NACK</td><td>negative acknowledge of the last operation</td>
267 </tr>
268 <tr>
269 <td>EV_CHANGE</td><td>change notification (includes the name of changed
270 parameter, and/or FSM state change)</td>
271 </tr>
272 <tr>
273 <td>EV_DEP</td><td>signal the dependency on another subsystem - ask for
274 existence of the service. Probably there should be two types of the dependency:
275 a soft one (where the subsystem can still function even if the dependency is
276 unresolved) and a hard one (when the existence and proper functioning of the
277 other subsystem is mandatory for its function).</td>
278 </tr>
279 <tr>
280 <td>(other...)</td><td>(other...)</td>
281 </tr>
282 </table></center>
283
284 <p>One of event attributes can be a flag which says that this particular event
285 is a directed, or broadcast message. In case of directed message, it should
286 be forwarded only to interested parties. Broadcast message is sent to all
287 subsystems.</p>
288
289 <p>System monitor agent will process these events and route them to
290 appropriate subsystems which are registered with it. Generally, if some
291 subsystem is dependent on some other, it will want to also receive all events
292 generated by the other subsystem.</p>
293
294 <p>In case the subsystem
295 is missing, and the system monitor received events signalling that some other
296 subsystem is depending on it, the system monitor should arrange either for
297 installing necessary pieces from some media (be it permanent storage, or the
298 network), or to send an EV_NACK to the requesting subsystem. It's the
299 responsibility of the requesting subsystem to deal with such case
300 appropriately to the type of dependency (i.e. either "hard" or "soft").
301
302 <p>Ideally, the system monitor agent will be equipped with routines to
303 serialize the management data into human-readable form, so that it's easily
304 stored, backed up, and repaired in case of inconsistencies.</p>
305 </li>
306 <li>
307 <p>Actual user interface is still quite another story: I've seen UIs which
308 merely followed the standard MIBs, and menus were composed of actual OID
309 numbers plus DESCRIPTION field. In my experience, they are (barely)
310 acceptable, though due to the usual width and depth of MIB trees you had to
311 traverse several levels down and up in order to change some (protocol-wise)
312 related parameters.</p>
313
314 <p>More acceptable UI would collect interrelated items under common menu
315 entries, irrespectibly of their actual position in the MIB tree.</p>
316
317 <p>A worthwhile goal to pursue is to create such an UI which could guide
318 you through the most common configuration tasks, while at the same time
319 allowing for unrestricted and quick use by power users. This can be done
320 either as a set of configuration "wizards" or extensive hinting, command
321 completion, etc.</p>
322 </li>
323 <li>
324 <p>The management database should be easily exportable via standard
325 protocols, such as SNMP or LDAP.</p>
326
327 <p>Most known to me (if not all) implementations of agents for these
328 protocols are (contrary to their name) quite heavy-weight - so their use
329 should be either optional, or replaced with some other light-weight
330 protocol and a proxy agent running on other machine. One example of
331 such proxy agent is existing UCD-SNMP implementation which in
332 significant part follows the sysctl(3) tree, merely exporting it as
333 a part of the MIB trees.</p>
334
335 <p>It's worthwhile to consider also use of other protocols such as
336 DHCP (and BOOTP), Service Location Protocol (SLP - RFC2165) for easy
337 integration with LAN resources, easy initial configuration, and peer
338 discovery.</p>
339 </li>
340 <li>
341 <p>All operations performed by system monitor agent should be transactional,
342 i.e. it should be possible to commit a set of changes as one logical entity,
343 and be sure that either it's applied in whole, or not at all. This includes
344 also ability to abort processing in the middle.</p>
345
346 <p>This probably means that each object (subsystem) should be able to store
347 not only its current configuration data, but also the newly supplied config
348 data that are to be applied after the transaction ends successfuly.</p>
349
350 <p>Operations should be verified against allowed values, as well as against
351 allowed credentials, and basing on this either committed or aborted.</p>
352 </li>
353 <li>
354 <p>A few notes on possible implementation of system monitor:</p>
355 <ul>
356 <li>
357 let's assume that all configuration information is read on startup
358 by some specialized daemon (this can be part of init(8) as well),
359 which then performs role of communication agent through which passes
360 all configuration information, be it request for change, request
361 for info, request for start / shutdown, or notification about the change.
362 </li>
363 <li>
364 configuration information itself is stored either in binary database, or as
365 a filesystem hierachy mimicking configuration items hierarchy.
366 </li>
367 <li>
368 each user-level program performing some task (such as routing daemon, inetd
369 etc) is either equipped with the ability to communicate with config agent, or
370 is relinked with special stub which fakes to the program necessary config
371 files and events (such as signals to reread configuration).
372 <p>This probably means also that some libc routines would have to be replaced,
373 because they assume reading configuration from certain disk files.</p>
374
375 <p>Since each such subsystem needs to implement some common actions such as
376 installing, deinstalling, start/stop etc, we could use already present
377 system of packages (with some minor modifications) to easily achieve
378 part of the goals (i.e. install/deinstall/upgrade/downgrade/stop/start).</p>
379 </li>
380 <li>
381 each subsystem performing some task requests its initial config data
382 from system monitor, at the same time registering with it to receive
383 configuration events, such as request to re-read data, to provide currently
384 used config data, return status, react for signals, restarts, etc...
385 </li>
386 <li>
387 system monitor acts as a meeting point for all producers and consumers
388 of events and config data. It needs to maintain a table of registered
389 subsystems, set of events they provide, set of events they want to receive,
390 etc.. Basing on this table, it  routes appropriate information to
391 appropriate parties.
392 </li>
393 <li>
394 user interface is then just one of clients of system monitor, albeit possessing
395 special privileges.
396 </li>
397 <li>
398 one of important tasks of system monitor, in case given
399 object (subsystem) registers with it to be notified about certain events, is
400 to ensure that such type of event can be possibly generated. This is to
401 prevent subsystems from waiting for events coming from other non-existent
402 subsystems. See the discussion above on satisfying dependencies.
403 </li>
404 </ul>
405 <i><p>NOTE: this is one possible approach - a centralized one. It's worth to
406 consider other approach, distributed, in which case each object (subsystem)
407 sends and listens to the data at a meeting point specific to each other
408 object. This eliminates (or drastically minimizes) the role of system
409 monitor which is a single point of failure in centralized case.</p></i>
410 </li>
411 </ul>
412
413 <hr>
414
415 <p>Here is my initial proposal for the User Interface hierarchy:</p>
416
417 <ul>
418 <li>
419 System configuration.
420         <ol>
421         <li>
422         Boot device and file <br>
423         <small>Name of the boot device (possibly networked) and boot
424         image.</small>
425                 <ol>
426                 <li>
427                 (Enumeration of available devices)
428                         <ol>
429                         <li>
430                         (Enumeration of available files)
431                         </li>
432                         </ol>
433                 </li>
434                 </ol>
435         </li>
436         <li>
437         Config file <br>
438         <small>Configuration file management - loading and saving, either
439         local or remote (if applicable). </small>
440                 <ol>
441                 <li>
442                 Load / Save
443                         <ol>
444                         <li>
445                         Source / Destination <br>
446                         (Enumeration of available storage places, possibly
447                         networked)
448                         </li>
449                         </ol>
450                 </li>
451                 <li>
452                 Edit directly (geek mode)
453                 </li>
454                 </ol>
455         </li>
456         <li>
457         Subsystems <br>
458                 <ol>
459                 <li>
460                 Module management <br>
461                 <small>Optional hardware drivers and protocol modules
462                 management.</small>
463                         <ol>
464                         <li>
465                         (Enumeration of available loadable modules)
466                                 <ol>
467                                 <li>
468                                 Load / unload / status
469                                 </li>
470                                 </ol>
471                         </li>
472                         </ol>
473                 </li>
474                 <li>
475                 Package management<br>
476                 <small>Management of basic and optional system services.</small>
477                         <ol>
478                         <li>
479                         (Enumeration of locally available packages)
480                                 <ol>
481                                 <li>
482                                 Start / Stop / Status / Configure
483                                 </li>
484                                 </ol>
485                         </li>
486                         </ol>
487                 </li>
488                 <li>
489                 Default source of service packages<br>
490                 <small>Where to automatically get the missing packages from.
491                 </small>
492                         <ol>
493                         <li>
494                         (Enumeration of available media) <br>
495                         (local and remote disks, ftp, http)
496                         </li>
497                         </ol>
498                 </li>
499                 </ol>
500         </li>
501         <li>
502         Resource management
503                 <ol>
504                 <li>
505                 Memory consumption <br>
506                 <small>This is entry point to a subtree, which allows to set
507                 up various resource limits for subsystems, services and
508                 processes.</small>
509                 </li>
510                 <li>
511                 Space consumption<br>
512                 <small>(Things like minimal free space on permanent storage..)
513                 </small>
514                 </li>
515                 <li>
516                 Task priorities
517                 <small>This includes not only currently running tasks, but all
518                 which can possibly be started.</small>
519                         <ol>
520                         <li>
521                         List / Modify
522                         </li>
523                         </ol>
524                 </li>
525                 </ol>
526         </li>
527         <li>
528         System console
529         </li>
530         <li>
531         Virtual consoles (if applicable)
532         </li>
533         <li>
534         System Date / Time Zone
535         </li>
536         <li>
537         Banner
538         </li>
539         <li>
540         Logging
541                 <ol>
542                 <li>
543                 Local logging
544                 </li>
545                 <li>
546                 Remote logging
547                 </li>
548                 </ol>
549         </li>
550         </ol>
551 </li>
552 <li>
553 Network configuration.
554         <ol>
555         <li>
556         Hostname and Domain
557         </li>
558         <li>
559         Interfaces
560                 <ol>
561                 <li>
562                 (Enumeration of physical interfaces) <br>
563                 (Enumeration of virtual interfaces, if applicable) <br>
564                 (Options for creating virtual interfaces, if applicable)
565                         <ol>
566                         <li>
567                         Interface options (speed, media, encapsulation,
568                         description, etc.)
569                         </li>
570                         <li>
571                         ARP
572                         </li>
573                         <li>
574                         Bridging
575                         </li>
576                         <li>
577                         IP
578                                 <ol>
579                                 <li>
580                                 Adress / netmask / alias
581                                 </li>
582                                 </ol>
583                         </li>
584                         <li>
585                         IPX
586                         </li>
587                         <li>
588                         AppleTalk
589                         </li>
590                         </ol>
591                 </li>
592                 </ol>
593         </li>
594         <li>
595         Protocol Options
596                 <ol>
597                 <li>
598                 IP, UDP, TCP, ARP, IPX, ATM ... <br>
599                 (Enumeration of available protocols)
600                         <ol>
601                         <li>
602                         (Enumeration of protocol specific options, such as
603                         buffer sizes, algorithms, ARP tables etc)
604                                 <ol>
605                                 <li>
606                                 List / Add / Delete / Modify / Set (where
607                                 applicable)
608                                 </li>
609                                 </ol>
610                         </li>
611                         </ol>
612                 </li>
613                 </ol>
614         </li>
615         <li>
616         Routes
617                 <ol>
618                 <li>
619                 List
620                 </li>
621                 <li>
622                 Static
623                         <ol>
624                         <li>
625                         Add / Delete / List
626                                 <ol>
627                                 <li>
628                                 (route expression)
629                                 </li>
630                                 </ol>
631                         </li>
632                         </ol>
633                 </li>
634                 <li>
635                 Dynamic
636                         <ol>
637                         <li>
638                         (Enumeration of available routing protocols)
639                                 <ol>
640                                 <li>
641                                 Add / Delete / List
642                                         <ol>
643                                         <li>
644                                         (route expression)
645                                         </li>
646                                         </ol>
647                                 </li>
648                                 </ol>
649                         </li>
650                         </ol>
651                 </li>
652                 </ol>
653         </li>
654         <li>
655         Network services
656                 <ol>
657                 <li>
658                 DNS
659                         <ol>
660                         <li>
661                         Hosts
662                                 <ol>
663                                 <li>
664                                 Add / Delete / List
665                                         <ol>
666                                         <li>
667                                         (hosts definitions)
668                                         </li>
669                                         </ol>
670                                 </li>
671                                 </ol>
672                         </li>
673                         <li>
674                         Resolvers
675                                 <ol>
676                                 <li>
677                                 Add / Delete / List
678                                         <ol>
679                                         <li>
680                                         (hosts addresses)
681                                         </li>
682                                         </ol>
683                                 </li>
684                                 </ol>
685                         </li>
686                         <li>
687                         Local DNS server config
688                         </li>
689                         </ol>
690                 </li>
691                 <li>
692                 PPP
693                         <ol>
694                         <li>
695                         Server
696                         </li>
697                         <li>
698                         Client
699                         </li>
700                         </ol>
701                 </li>
702                 <li>
703                 NFS
704                         <ol>
705                         <li>
706                         Server
707                         </li>
708                         <li>
709                         Client
710                         </li>
711                         </ol>
712                 </li>
713                 <li>
714                 NIS
715                 </li>
716                 <li>
717                 DHCP
718                         <ol>
719                         <li>
720                         Add / Delete / Reserve / List
721                                 <ol>
722                                 <li>
723                                 (IP address expressions)
724                                 </li>
725                                 </ol>
726                         </li>
727                         </ol>
728                 </li>
729                 <li>
730                 SNMP
731                         <ol>
732                         <li>
733                         Protocol version
734                         </li>
735                         <li>
736                         Send traps to...
737                         </li>
738                         <li>
739                         Access Control Lists <br>
740                         <small>(This is either full-blown ACL system in case
741                         of SNMPv2, or a community string for SNMPv1.)</small>
742                         </li>
743                         </ol>
744                 </li>
745                 <li>
746                 Printing
747                         <ol>
748                         <li>
749                         Local / Remote
750                                 <ol>
751                                 <li>
752                                 Printers
753                                         <ol>
754                                         <li>
755                                         Add / Modify / Delete / List
756                                         </li>
757                                         </ol>
758                                 </li>
759                                 <li>
760                                 Queues
761                                         <ol>
762                                         <li>
763                                         Priority / Delete / List
764                                         </li>
765                                         </ol>
766                                 </li>
767                                 </ol>
768                         </li>
769                         </ol>
770                 </li>
771                 <li>
772                 SMB services
773                 </li>
774                 <li>
775                 Network Address Translation
776                 </li>
777                 <li>
778                 Packet filters
779                 </li>
780                 <li>
781                 Bandwidth Manager
782                 </li>
783                 <li>
784                 NTP
785                 </li>
786                 <li>
787                 Remote Access
788                 </li>
789                 </ol>
790         </li>
791         </ol>
792 <li>
793 User management.
794         <ol>
795         <li>
796         User accounts
797                 <ol>
798                 <li>
799                 Add / Delete / Modify / List
800                         <ol>
801                         <li>
802                         Name / Password / ACL
803                         </li>
804                         </ol>
805                 </li>
806                 </ol>
807         </li>
808         <li>
809         User profiles
810                 <ol>
811                 <li>
812                 Access Control Lists.
813                         <ol>
814                         <li>
815                         Add / Delete / Modify / List
816                                 <ol>
817                                 <li>
818                                 Name / Template / Definition
819                                 </li>
820                                 </ol>
821                         </li>
822                         </ol>
823                 </li>
824                 <li>
825                 ACL Templates
826                         <ol>
827                         <li>
828                         Add / Delete / Modify / List
829                                 <ol>
830                                 <li>
831                                 Name
832                                         <ol>
833                                         <li>
834                                         Command restrictions list
835                                         </li>
836                                         <li>
837                                         Location restrictions list
838                                         </li>
839                                         <li>
840                                         Resources restrictions list
841                                         </li>
842                                         <li>
843                                         Time restrictions list
844                                         </li>
845                                         <li>
846                                         Authentication methods
847                                                 <ol>
848                                                 <li>
849                                                 Unix passwd
850                                                 </li>
851                                                 <li>
852                                                 S/Key
853                                                 </li>
854                                                 <li>
855                                                 Kerberos
856                                                 </li>
857                                                 <li>
858                                                 Radius
859                                                 </li>
860                                                 <li>
861                                                 TACACS
862                                                 </li>
863                                                 </ol>
864                                         </li>
865                                         </ol>
866                                 </li>
867                                 </ol>
868                         </li>
869                         </ol>
870                 </li>
871                 </ol>
872         </li>
873         </ol>
874 </li>
875 <li>
876 Other services
877         <ol>
878         <li>
879         Cron tasks
880         </li>
881         </ol>
882 </li>
883 <li>
884 Filesystems.
885         <ol>
886         <li>
887         Local / Remote
888                 <ol>
889                 <li>
890                 (Enumeration of available FS-s)
891                         <ol>
892                         <li>
893                         FS / Mounting point / Options
894                         </li>
895                         </ol>
896                 </li>
897                 <li>
898                 Swap Partition / Swap File
899                         <ol>
900                         <li>
901                         Create / Turn on
902                         </li>
903                         </ol>
904                 </ol>
905         </li>
906         </ol>
907 </li>
908 <li>
909 Environment
910         <ol>
911         <li>
912         Set / Unset / List
913         </li>
914         </ol>
915 </li>
916 <li>
917 System status
918         <ol>
919         <li>
920         (Enumeration of available status items)
921         </li>
922         </ol>
923 </li>
924 <li>
925 Diagnostics
926         <ol>
927         <li>
928         Debug
929                 <ol>
930                 <li>
931                 (Enumeration of subsystems hierarchy, those of which can
932                 provide debugging data)
933                         <ol>
934                         <li>
935                         Set / Clear / Level
936                         </li>
937                         </ol>
938                 </li>
939                 </ol>
940         </li>
941         <li>
942         System messages
943         </li>
944         <li>
945         Ping / traceroute / rtquery
946         </li>
947         </ol>
948 </li>
949 </ul>
950
951 <hr>
952 <i>
953 <p>Please send your comments to <A HREF="mailto:abial@freebsd.org">
954 Andrzej Bialecki</a></p>
955 <p>Last modified:
956 @DATE@
957 </p>
958 </i>
959
960 </body>
961 </html>