Unix (all-caps UNIX for the trademark) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, developed in the 1970s at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and others.

Rbcafe » Unix



dynamic_pager — dynamic pager external storage manager


dynamic_pager [-E] [-F filename] [-S filesize] [-H high-water-trigger]
[-L low-water-trigger] [-P priority]


The dynamic_pager daemon manages a pool of external swap files which the
kernel uses to support demand paging. This pool is expanded with new
swap files as load on the system increases, and contracted when the swap-
ping resources are no longer needed. The dynamic_pager daemon also pro-
vides a notification service for those applications which wish to receive
notices when the external paging pool expands or contracts.


-E Encrypt the data in the swap files.

-F The base name of the filename to use for the external paging
files. By default this is /private/var/vm/swapfile.

-S The fixed filesize [in bytes] to use for the paging files. By
default dynamic_pager uses variable sized paging files, using
larger sized files as paging demands increase. The -S, -H and -L
options disable that default and cause dynamic_pager to use a
series of fixed sized external paging files.

-H If there are less than high-water-trigger bytes free in the
external paging files, the kernel will signal dynamic_pager to
add a new external paging file.

-L If there are more than low-water-trigger bytes free in the exter-
nal paging files, the kernel will coalese in-use pages and signal
dynamic_pager to discard an external paging file.
Low-water-trigger must be greater than high-water-trigger +

-P This option is currently unimplemented.


/private/var/vm/swapfile* Default external paging files.


Rbcafe » Unix



diskarbitrationd — disk arbitration daemon


diskarbitrationd [-d]


diskarbitrationd listens for connections from clients, notifies clients
of the appearance of disks and filesystems, and governs the mounting of
filesystems and the claiming of disks amongst clients.

diskarbitrationd is accessed via the Disk Arbitration framework.


-d Report detailed information in /var/log/diskarbitrationd.log.
This option forces diskarbitrationd to run in the foreground.

The file /etc/fstab is consulted for user-defined mount points, indexed
by filesystem, in the mount point determination for a filesystem. Each
filesystem can be identified by its UUID or by its label, using the con-
structs « UUID » or « LABEL », respectively. For example:

UUID=DF000C7E-AE0C-3B15-B730-DFD2EF15CB91 /export ufs ro
UUID=FAB060E9-79F7-33FF-BE85-E1D3ABD3EDEA none hfs rw,noauto
LABEL=The\040Volume\040Name\040Is\040This none msdos ro




Rbcafe » Unix



cupsd.conf – server configuration file for cups


The cupsd.conf file configures the CUPS scheduler, cupsd(8). It is
normally located in the /etc/cups directory.

Each line in the file can be a configuration directive, a blank line,
or a comment. Comment lines start with the # character. The configura-
tion directives are intentionally similar to those used by the popular
Apache web server software and are described below.


The following directives are understood by cupsd. Consult the CUPS
Software Administrators Manual for a detailed description:

Defines the access log filename.

Allows access from the named hosts or addresses.

Specifies the authentication class (User, Group, System)

Specifies the authentication group.

Specifies the authentication type (None, Basic, Digest)

Specifies whether to purge job history data automatically when it
is no longer required for quotas.

Specifies a broadcast address for outgoing printer information

Allows incoming printer information packets from the named host or

Denies incoming printer information packets from the named host or

Specifies the maximum interval between printer information broad-

Specifies the order of printer information access control
(allow,deny or deny,allow)

Specifies a server to poll for printer information.

Specifies the port to listen to for printer information packets.

Specifies the protocols to use for printer registration and dis-
covery. Using BrowseProtocols sets the BrowseLocalProtocols and
BrowseRemoteProtocols directives to the specified value.

Specifies the protocols to use for the sending or registration of
local printers.

Specifies the protocols to use for printer discovery of remote

Specifies that printer information packets should be relayed from
one host or network to another.

Specifies whether remote printers will use short names (« printer »)
or not (« printer@server »). This option is ignored if more than one
remote printer exists with the same name.

Specifies the maximum interval between printer information updates
before remote printers will be removed from the list of available

Specifies whether or not remote printer browsing should be

Specifies the security classification of the server.

Specifies whether to allow users to override the classification of
individual print jobs.

Specifies the permissions for all configuration files that the
scheduler writes.

Specified the directory where data files can be found.

Specifies the default character set to use for text.

Specifies the default language to use for text and web content.

Denies access to the named host or address.

Specifies the root directory for the internal web server docu-

Specifies the level of encryption that is required for a particu-
lar location.

Specifies the error log filename.

Specifies the interval between retries of fax jobs in seconds.

Specifies the number of retries that are done for fax jobs.

Specifies whether the file pseudo-device can be used for new
printer queues.

Specifies the maximum cost of filters that are run concurrently.

Specifies the scheduling priority (« nice » value) of filters that
are run to print a job.

Specifies the search path for fonts.

Specifies the group name or ID that will be used when executing
external programs.

Specifies whether to hide members of implicit classes.

Specifies whether or not to do reverse lookups on client

Specifies whether or not to create implicit classes for local and
remote printers, e.g. « AnyPrinter » from « Printer »,
« Printer@server1 », and « Printer@server2 ».

Specifies whether or not to create implicit classes from identical
remote printers.

Includes the named file.

Specifies whether or not to support HTTP Keep-Alive.

Specifies the connection timeout for HTTP Keep-Alive.

Specifies the HTTP methods that are being limited inside a loca-

Specifies the maximum size of any print job request.

Listens to the specified address and port.

Specifies access control for the named location.

Specifies the permissions for all log files that the scheduler

Specifies the logging level (none, warn, error, info, debug, or

Specifies the maximum number of simultaneous clients to support.

Specifies the maximum number of simultaneous clients to support
from a single address.

Specifies the maximum number of copies that a user can print of
each job.

Specifies the maximum number of simultaneous jobs to support.

Specifies the maximum number of simultaneous jobs per printer to

Specifies the maximum number of simultaneous jobs per user to sup-

Specifies the maximum size of the log files before they are
rotated (0 to disable rotation)

Specifies the maximum request/file size in bytes (0 for no limit)

Specifies the order of HTTP access control (allow,deny or

Specifies the page log filename.

Specifies a port number to listen to for HTTP requests.

Specifies whether or not to preserve job files after they are

Specifies whether or not to preserve the job history after they
are printed.

Specifies the filename for a printcap file that is updated auto-
matically with a list of available printers (needed for legacy

Specifies the format of the printcap file.

Specifies whether to generate option panel definition files on
some operating systems.

Specifies the username that is associated with unauthenticated
root accesses.

Specifies the directory to store print jobs and other HTTP request

Specifies that user or group authentication is required.

Specifies the maximum amount of memory to use when converting
images and PostScript files to bitmaps for a printer.

Specifies that the scheduler should run as the unpriviledged user
set with the User directive.

Specifies whether all or any limits set for a Location must be
satisfied to allow access.

Specifies the email address of the server administrator.

Specifies the directory where backends, CGIs, daemons, and filters
may be found.

Specifies the encryption certificate to use.

Specifies the encryption key to use.

Specifies the fully-qualified hostname of the server.

Specifies the directory where the server configuration files can
be found.

Listens on the specified address and port for encrypted connec-

Listens on the specified port for encrypted connections.

Specifies the group to use for System class authentication.

Specifies the directory where temporary files are stored.

Specifies the HTTP request timeout in seconds.

Specifies the user name or ID that is used when running external


Rbcafe » Unix



crypt, setkey, encrypt, des_setkey, des_cipher, — DES encryption



*crypt(const char *key, const char *setting);

setkey(char *key);

encrypt(char *block, int flag);

des_setkey(const char *key);

des_cipher(const char *in, char *out, long salt, int count);


The crypt() function performs password encryption, based on the NBS Data
Encryption Standard (DES). Additional code has been added to deter key
search attempts. The first argument to crypt() is a null-terminated
string, typically a user’s typed password. The second is in one of two
forms: if it begins with an underscore (« _ ») then an extended format is
used in interpreting both the key and the setting, as outlined below.

Extended crypt:

The key is divided into groups of 8 characters (the last group is null-
padded) and the low-order 7 bits of each each character (56 bits per
group) are used to form the DES key as follows: the first group of 56
bits becomes the initial DES key. For each additional group, the XOR of
the encryption of the current DES key with itself and the group bits
becomes the next DES key.

The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt. These are encoded as
printable characters, 6 bits per character, least significant character
first. The values 0 to 63 are encoded as « ./0-9A-Za-z ». This allows
24 bits for both count and salt.

Traditional crypt:

The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit DES key.

The setting is a 2-character array of the ASCII-encoded salt. Thus only
12 bits of salt are used. count is set to 25.


The salt introduces disorder in the DES algorithm in one of 16777216 or
4096 possible ways (ie. with 24 or 12 bits: if bit i of the salt is set,
then bits i and i+24 are swapped in the DES E-box output).

The DES key is used to encrypt a 64-bit constant using count iterations
of DES. The value returned is a null-terminated string, 20 or 13 bytes
(plus null) in length, consisting of the setting followed by the encoded
64-bit encryption.

The functions, encrypt(), setkey(), des_setkey() and des_cipher() provide
access to the DES algorithm itself. setkey() is passed a 64-byte array
of binary values (numeric 0 or 1). A 56-bit key is extracted from this
array by dividing the array into groups of 8, and ignoring the last bit
in each group. That bit is reserved for a byte parity check by DES, but
is ignored by these functions.

The block argument to encrypt() is also a 64-byte array of binary values.
If the value of flag is 0, block is encrypted otherwise it is decrypted.
The result is returned in the original array block after using the key
specified by setkey() to process it.

The argument to des_setkey() is a character array of length 8. The least
significant bit (the parity bit) in each character is ignored, and the
remaining bits are concatenated to form a 56-bit key. The function
des_cipher() encrypts (or decrypts if count is negative) the 64-bits
stored in the 8 characters at in using abs(3) of count iterations of DES
and stores the 64-bit result in the 8 characters at out (which may be the
same as in ). The salt specifies perturbations to the DES E-box output
as described above.

The function crypt() returns a pointer to the encrypted value on success,
and NULL on failure. The functions setkey(), encrypt(), des_setkey(),
and des_cipher() return 0 on success and 1 on failure.

The crypt(), setkey() and des_setkey() functions all manipulate the same
key space.


Rbcafe » Unix



configd — System Configuration Daemon


configd [-bdv] [-B bundleID] [-V bundleID] [-t bundle-path]


The configd daemon is responsible for many configuration aspects of the
local system. configd maintains data reflecting the desired and current
state of the system, provides notifications to applications when this
data changes, and hosts a number of configuration agents in the form of
loadable bundles.

Each configuration agent is responsible for a well-defined aspect of con-
figuration management. The agents look to one or more input sources
(preferences, low-level kernel events, configd notifications, etc) and,
through a set of policy modules, interacts with the system to establish
the desired operational configuration.

Access to the data maintained by configd is via the SystemConfigura-
tion.framework SCDynamicStore APIs.


The command line options are as follows:

-b Don’t actually load any bundles.
-B bundleID Prevents the loading of the bundle with the specified bundleID.
-d Run configd in the foreground without forking. This is useful for debugging.
-v Puts configd into verbose mode. Displays debugging information about bundles as they are being loaded.
-V bundleID Turns verbose mode on for the bundle with the specified bundleID.
-t bundle-path Loads only the bundle specified by bundle-path.


At the present time, the majority of the configuration agents (or bun-
dles) hosted by configd are used to establish and maintain the network
configuration. These agents include:


This bundle is responsible for establishing and maintaining the AppleTalk
network configuration on the system.


This bundle is responsible for monitoring kernel events and conveying
changes to the network state (e.g. link status) to other configuration
agents and interested applications.


This bundle provides a name to each of the system’s network interfaces.
The bundle queries the IOKit Registry for a list of network devices
attached to the system and gives them BSD style names such as « en0 ».


This agent is responsible for establishing and maintaining IPv4 addresses
on the system. These addresses may be manually specified in the network
preferences or acquired using DHCP (or BOOTP).


This agent is responsible for establishing and maintaining IPv6 addresses
on the system.


This agent is responsible for establishing and maintaining the primary
network service, the default route, the active DNS configuration, and the
active network proxies on the system.


This agent is responsible for establishing and maintaining the media
type, media options, and MTU for ethernet interfaces.


This agent is responsible for conveying the network configuration prefer-
ences specified by the administrator to the various configuration agents
(AppleTalk, IPv4, IPv6, …).


This agent is responsible for establishing and maintaining PPP connec-
tions on the system.


/System/Library/SystemConfiguration/Directory of configd bundles
/Library/Preferences/SystemConfiguration/Default directory for system configuration persistent store files.
…/preferences.plist System configuration
…/NetworkInterfaces.plist Network interface –> BSD interface mappings
…/VirtualNetworkInterfaces.plist Virtual network interface (VLAN) configuration


Log messages generated by configd and any configuration agents will are
sent to the system log daemon by syslog(3). The syslog facility used is
LOG_DAEMON. If the -d option is specified, log messages with written to
stdout (or stderr if the priority is greater than LOG_NOTICE).


configd was designed to run without any intervention but if you insist on
sending a signal to the daemon then the following are available:

SIGHUP This signal, typically used to tell a daemon to reload it’s con-
figuration, is ignored (there is no configuration).

SIGTERM This signal initiates a « graceful » shutdown of the daemon.


scutil(8), scselect(8)


The configd daemon appeared in Mac OS X Public Beta.


Unless started with the -d option, configd will register with
mach_init(8) such that the daemon will be restarted in the event of a
crash. This registration will be removed during « graceful » shutdowns of
the daemon.

This daemon and its current behavior may change without notice. Do not
rely on its existence or its behavior. Consider it an unsupported com-


Rbcafe » Unix



cksum – checksum and count the bytes in a file


cksum [–help] [–version] [file…]


This manual page documents the GNU version of cksum.
cksum computes a cyclic redundancy check (CRC) for each
named file, or the standard input if none are given or
when a file named `-‘ is given. It prints the CRC for
each file along with the number of bytes in the file, and
the file name unless no arguments were given.

cksum is typically used to make sure that files have been
transferred by unreliable means (such as netnews) have not
been corrupted, by comparing the cksum output for the
received files with the cksum output for the original
files. The CRC algorithm is specified by the POSIX.2
standard. It is not compatible with the BSD or System V
sum programs; it is more robust.

–help Print a usage message and exit with a status code
indicating success.

Print version information on standard output then


Rbcafe » Unix



charset – Set an ACM for use in one of the G0/G1 charset


charset [-v] G0|G1 [cp437|iso01|vt100|user|]


The linux console has 2 slots for charsets, labeled G0 and
G1. charset changes the slot in use by the current VT to
either G0 or G1, and fills the slot either with one of the
3 predefined ACMs (cp437, iso01, vt100) or with a user-
defined ACM.

You can ask for the current user-defined ACM by specifying
user, or ask a new ACM to be loaded from a file into the
user slot, by specifying a filename.

You will note that, although each VT has its own slot set-
tings, there is only one user-defined ACM for all the VTs.
That is, whereas you can have tty1 using G0=cp437 and
G1=vt100, at the same time as tty2 using G0=iso01 and
G1=iso02 (user-defined), you cannot have at the same time
tty1 using iso02 and tty2 using iso03. This is a limita-
tion of the linux kernel.

Note that you can emulate such a setting using the fil-
term(1) utility, with your console in UTF8-mode, by
telling filterm to translate screen output on-the-fly to

You’ll find filterm(1) in the konwert(1) package, by
Marcin Kowalczyk, which is available from


-v be verbose. charset will then print what it does
as it does it.


charset cannot determine which of the 2 slots is in use at
a given time, so you have to tell him which one you want,
even if you don’t want to change to the other one. This
is a limitation of the console driver.


consolechars(8), unicode_start(1), filterm(1).


Rbcafe » Unix



blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt,
BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options – Blow-
fish encryption


#include (openssl/blowfish.h)

void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
BF_KEY *key, int enc);
void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int enc);
void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num,
int enc);
void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num);
const char *BF_options(void);

void BF_encrypt(BF_LONG *data,const BF_KEY *key);
void BF_decrypt(BF_LONG *data,const BF_KEY *key);


This library implements the Blowfish cipher, which was invented and
described by Counterpane.

Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of
data. It uses a variable size key, but typically, 128 bit (16 byte)
keys are a considered good for strong encryption. Blowfish can be used
in the same modes as DES (see des_modes(7)). Blowfish is currently one
of the faster block ciphers. It is quite a bit faster than DES, and
much faster than IDEA or RC2.

Blowfish consists of a key setup phase and the actual encryption or
decryption phase.

BF_set_key() sets up the BF_KEY key using the len bytes long key at

BF_ecb_encrypt() is the basic Blowfish encryption and decryption func-
tion. It encrypts or decrypts the first 64 bits of in using the key
key, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. The vector pointed at
by in and out must be 64 bits in length, no less. If they are larger,
everything after the first 64 bits is ignored.

The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and
BF_ofb64_encrypt() all operate on variable length data. They all take
an initialization vector ivec which needs to be passed along into the
next call of the same function for the same message. ivec may be ini-
tialized with anything, but the recipient needs to know what it was
initialized with, or it won’t be able to decrypt. Some programs and
protocols simplify this, like SSH, where ivec is simply initialized to
zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes
long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to
encrypt an variable number of bytes (the amount does not have to be an
exact multiple of 8 ). The purpose of the latter two is to simulate
stream ciphers, and therefore, they need the parameter num, which is a
pointer to an integer where the current offset in ivec is stored
between calls. This integer must be initialized to zero when ivec is

BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.
It encrypts or decrypts the 64 bits chunks of in using the key sched-
ule, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8
byte long initialization vector.

BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
It encrypts or decrypts the bytes in in using the key schedule, putting
the result in out. enc decides if encryption (BF_ENCRYPT) or decryp-
tion (BF_DECRYPT) shall be performed. ivec must point at an 8 byte
long initialization vector. num must point at an integer which must be
initially zero.

BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
It uses the same parameters as BF_cfb64_encrypt(), which must be ini-
tialized the same way.

BF_encrypt() and BF_decrypt() are the lowest level functions for Blow-
fish encryption. They encrypt/decrypt the first 64 bits of the vector
pointed by data, using the key key. These functions should not be used
unless you implement ‘modes’ of Blowfish. The alternative is to use
BF_ecb_encrypt(). If you still want to use these functions, you should
be aware that they take each 32-bit chunk in host-byte order, which is
little-endian on little-endian platforms and big-endian on big-endian


None of the functions presented here return any value.


Applications should use the higher level functions EVP_EncryptInit(3)
etc. instead of calling the blowfish functions directly.


Rbcafe » Unix



base64 – Encoding « base64 »


package require Tcl 8.2
package require Trf 2.1p2
base64 options… data


The command base64 is one of several data encodings provided by the
package trf. See trf-intro for an overview of the whole package.

This encoding transforms every block of three bytes into a block of
four bytes, each of which is printable, i.e. 7bit ASCII. This implies
that the result is valid UTF-8 too. The command uses essentially the
same algorithm as for uuencode, except for a different mapping from
6-bit fragments to printable bytes.

base64 options… data

-mode encode|decode

This option has to be present and is always understood by
the encoding.

For immediate mode the argument value specifies the oper-
ation to use. For an attached encoding it specifies the
operation to use for writing. Reading will automatically
use the reverse operation. See section IMMEDIATE versus
ATTACHED for explanations of these two terms.

Beyond the argument values listed above all unique abbre-
viations are recognized too.

Encode converts from arbitrary (most likely binary) data
into the described representation, decode does the
reverse .

-attach channel

The presence/absence of this option determines the main
operation mode of the transformation.

If present the transformation will be stacked onto the
channel whose handle was given to the option and run in
attached mode. More about this in section IMMEDIATE ver-

If the option is absent the transformation is used in
immediate mode and the options listed below are recog-
nized. More about this in section IMMEDIATE versus

-in channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the data to transform has to be read from.

If the transformation is in immediate mode and this
option is absent the data to transform is expected as the
last argument to the transformation.

-out channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the generated transformation result is written

If the transformation is in immediate mode and this
option is absent the generated data is returned as the
result of the command itself.


[1] The encoding is equivalent to PGP’s ASCII armor and was also
accepted as one of the MIME encodings for encapsulation of
binary data. See RFC 2045
tor.org/rfc/rfc2045.txt) for details and the specification of
this encoding.

[2] The encoding buffers 2 bytes.


The transformation distinguishes between two main ways of using it.
These are the immediate and attached operation modes.

For the attached mode the option -attach is used to associate the
transformation with an existing channel. During the execution of the
command no transformation is performed, instead the channel is changed
in such a way, that from then on all data written to or read from it
passes through the transformation and is modified by it according to
the definition above. This attachment can be revoked by executing the
command unstack for the chosen channel. This is the only way to do this
at the Tcl level.

In the second mode, which can be detected by the absence of option
-attach, the transformation immediately takes data from either its com-
mandline or a channel, transforms it, and returns the result either as
result of the command, or writes it into a channel. The mode is named
after the immediate nature of its execution.

Where the data is taken from, and delivered to, is governed by the
presence and absence of the options -in and -out. It should be noted
that this ability to immediately read from and/or write to a channel is
an historic artifact which was introduced at the beginning of Trf’s
life when Tcl version 7.6 was current as this and earlier versions have
trouble to deal with \0 characters embedded into either input or out-


Page 3 sur 41234
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité