Server Setting Items
#
Setting Item ListThe setting items for the hcpd daemon are below.
System Operating Environment Settings, Transmission Method Related
Description | Configuration Name |
---|---|
Protocol version (fixed to 2) | ProtocolVersion |
TCP service listen address setting | TCPListenAddress |
HpFP service listen address | HPFPListenAddress |
HpFP service listen address (bi-port type, deprecated) | UDPListenAddress |
WebSocket(SSL/TLS) service listen address | WSSListenAddress |
WSS options | WSSOptions |
WSS TLS 1.3 Cipher Suites | WSSCipherSuites |
WSS TLS 1.2 or earlier Cipher Suites | WSSCipherList |
WebSocket(no SSL/TLS) service listen address | WSListenAddress |
Listen service bonding | ListenServiceBonding |
Communication Data Compression Function
Description | Configuration Name |
---|---|
Header compression (reserved) | HeaderCompress |
Content compression (reserved) | ContentCompress |
Data Flow Control, Bandwidth Control
Description | Configuration Name |
---|---|
Maximum total receiving rate (entire system) | MaxTotalReceiveRate |
Maximum total sending rate (entire system) | MaxTotalSendRate |
Maximum receiving rate (per connection) | MaxReceiveRatePerConnection |
Maximum sending rate (per connection) | MaxSendRatePerConnection |
Data Flow Control, File Lock Function
Description | Configuration Name |
---|---|
Use file lock | FileLock |
Number of trials to lock files | FileLockTrials |
The trial interval (in seconds) | FileLockTrialInterval |
Data Flow Control, Temporary File Save Function (Atomic File Save)
Description | Configuration Name |
---|---|
Atomically file saving | AtomicLikeSaving |
Threshold for atomically file saving | AtomicLikeSavingThreshold |
Reject requests to overwriting temporary files which already exist when atomically file saving | AtomicLikeSavingRejectOverwriteRequest |
Data Flow Control, Data Buffer Setting
Description | Configuration Name |
---|---|
Maximum buffer allocation size (entire system) | MaxTotalBufferSize |
Maximum buffer allocation size (per connection) | MaxBufferSizePerConnection |
TCP sending buffer | TCPServiceSocketSendBuffer |
HpFP service extension buffer size | UDPServiceExtensionBufferSize |
Data Flow Control, Transfer File Size Control
Description | Configuration Name |
---|---|
Maximum receiving file size | MaxReceiveFileSize |
Maximum sending file size | MaxSendFileSize |
Data Flow Control, Message Data Size Control
Description | Configuration Name |
---|---|
Initial header block size | InitHeaderBlockSize |
Initial content block size | InitContentBlockSize |
Maximum header block size | MaxHeaderBlockSize |
Maximum content block size | MaxContentBlockSize |
Max file entry request | MaxRequestFileEntryAtOnce |
Data Flow Control, Disk I/O Speed Control
Description | Configuration Name |
---|---|
Disk I/O reading rate per session | MaxReadRatePerConnection |
Disk I/O writing rate per session | MaxWriteRatePerConnection |
Code Transformation, Communication Encoding Negotiation
Description | Configuration Name |
---|---|
Transport character encoding | TransportCharEncoding |
Code Transformation, Host Character Encoding
Description | Configuration Name |
---|---|
Host character encoding | HostEncoding |
Authentication
Description | Configuration Name |
---|---|
LPA (Local Password Authentication) authentication | LocalPasswordAuthentication |
PAM (Pluggable Authenticaton Module) authentication | PAMAuthentication |
RSA (Rivest-Shamir-Adleman cryptosystem) authentication | PubkeyAuthentication |
Windows authentication | WinLogonUserAuthentication |
Control applying system authentication (PAM auth, Windows logon) | PerformSystemAuthenticationRegardlessUsers |
Specify directory for searching public keys (RSA auth) | AuthorizedKeysSearchDir |
Specify file for finding a public key (RSA auth) | AuthorizedKeysFile |
Specify command for finding a public key (RSA auth) | AuthorizedKeysCommand |
Specify user to run the command (RSA auth) | AuthorizedKeysCommandUser |
Specify file of CA (Certificate Authorities) certificates | CACertificateFile |
Specify directory including CA (Certificate Authorities) certificates (Reserved) | CACertificatePath |
Specify file of CRL (Certificate Revocation List) | CARevocationFile |
Specify directory including CRLs (Reserved) | CARevocationPath |
Control performing OCSP (Online Certificate Status Protocol) on client authentication | OCSPRevocationEnabled |
Specify file configuring users hcpd recognizes | LocalUserFile |
Specify file holding credentials of LPA (Local Password Authentication) | LocalPasswordFile |
Specify user name pattern to allow login | AllowUsers |
Specify group name pattern to allow login | AllowGroups |
Specify user name pattern to deny login | DenyUsers |
Specify group name pattern to deny login | DenyGroups |
Encryption
Description | Configuration Name |
---|---|
Encryption method for message communication | AcceptableCryptMethod |
Digest method for validation of message and file data | AcceptableDigestMethod |
Setting requirement of MAC (Message Authentication Code) | RequireDataIntegrityChecking |
Security Negotiation by Encryption Communications
Description | Configuration Name |
---|---|
Enable server certificate security or not | UseServerCertificateSecurity |
Set requirement of the security to clients | RequireServerCertificateSecurity |
Server key path for the server certificate security | ServerKeyFile |
Server certificate path for the server certificate security | ServerCertificateFile |
Path of intermediate certificates for the server certificate (one or more) | ServerCertificateChainFile |
Access Control
Description | Configuration Name |
---|---|
Fallback control from user home (for backward compatibility) | UserDirectoryFallbackAvailable |
Access rejection when a directory of user home is not found | RejectOnUserHomeDirectoryNotFound |
Access Control, Privilege Separation
Description | Configuration Name |
---|---|
Set privilege separation | UsePrivilegeSeparation |
Minimum UID applicable for privilege separated sessions | PrivilegeSeparationMinimumUID |
Minimum GID applicable for privilege separated sessions | PrivilegeSeparationMinimumGID |
Default user on privilege separation (applied when any user is not determined) | PrivilegeSeparationUser |
Umask on privilege separation for authenticated users | PrivilegeSeparationUmask |
Umask on privilege separation for anonymous | PrivilegeSeparationUmaskAnonymous |
Apply user's access rights to file permissions on destination (not on privilege separation) | ApplyUserPermission |
Disable supplemental groups | NoSupplementalGroupInPrivilegeSeparation |
Access Control, ACLïŒAccess Control ListïŒFunction
Description | Configuration Name |
---|---|
Define ACL (Access Control List) | AccessList |
Define Allow rules on ACL | Allow |
Define Deny rules on ACL | Deny |
Access Control, Admission Control
Description | Configuration Name |
---|---|
Limit of connections (total) | MaxTotalConnection |
Limit of TCP connections | MaxTcpConnection |
Limit of UDP (HpFP) connections | MaxUdpConnection |
Limit of Web Socket connections | MaxWsConnection |
Limit of connections each user | MaxConnectionPerUser |
Limit of connections to accept each second | MaxConnectionPerSec |
Access Control, Document Point
Description | Configuration Name |
---|---|
Define a document point | DocPoint |
Specify a path on file system on the document point | DocPath |
Set reading access configuration | PermitAccessRead |
Set writing access configuration | PermitAccessWrite |
Set overwriting access configuration | PermitAccessOverwrite |
Set deleting access configuration | PermitAccessDelete |
Set reading in random access configuration (Reserved) | PermitAccessRandomRead |
Set writing in random access configuration (Reserved) | PermitAccessRandomWrite |
Various Monitoring, Timeout Control
Description | Configuration Name |
---|---|
Set transport timeout | TransportTimeout |
Set idling timeout | IdleTimeout |
Performance Evaluation
Description | Configuration Name |
---|---|
Memory copy parallelism (when disabling local disk I/O) | MemoryTransferConcurrency |
Log Management
Description | Configuration Name |
---|---|
Set syslog option | SyslogOption |
Set syslog facility | SyslogFacility |
System log configuration | SystemLog |
System log level | SystemLogLevel |
Application statistics configuration | ApplicationStatLog |
Transport statistics configuration | TransportStatLog |
System statistics configuration | SystemStatLog |
File operation logging configuration | FileOperationLog |
Save statistics logs to files determined from each user (when privilege separation being enabled) | StatLogPerUserInPrivilegeSeparation |
Set to output a security detail on application statistics | ApplicationStatLogSecurityEx |
System Operating Environment Settings, CPU Thread Control
Description | Configuration Name |
---|---|
Limit number of threads to use (Linux) | MaxConcurrentThread |
System Operating Environment Settings, Application Linked Function
Description | Configuration Name |
---|---|
Specify a script to call when running a command is finished | CallbackScript |
Others
Description | Configuration Name |
---|---|
Ensure to transfer files to the destination directory (for backward compatibility) | EnsureDestinationInFileTransfer |
#
System Operating Environment Settings, Transmission Method Related#
TCPListenAddress=========================================================================Supported OS : Linux.x86 / WindowsFormat : TCPListenAddress <tcp_service_addr>[:<tcp_service_port>[:<mcd>]][ <acl_name>]-------------------------------------------------------------------------tcp_service_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------tcp_service_portFormat : <decimal_number>Default : 874Range of Values : decimal_number is 1-65535.-------------------------------------------------------------------------mcdDefault : physical-CPUs + 1, logical-CPUs/2 + 1, 25 or 1Range of Values : 1 - 65535-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : name of access control list=========================================================================
The available TCP services to allow to connect from client computers are defined.
tcp_service_addr is available IP address for TCP service.
tcp_service_port is available port for TCP service.
mcd is optional. This options specifies a number of connections provided for each client session on the service. When 1 is set, sessions will work with a single connection. When 2 or more are set, they will do with the number of connections. When you do not specify it, hcpd will determine a value from the number of physical cores, the number of logical cores and the license configuration.
- physical-CPUs + 1 (physical-CPUs \< logical-CPUs and physical-CPUs > 1 under 25 maximum)
- logical-CPUs/2 + 1 (physical-CPUs = logical-CPUs and logical-CPUs/2 > 1 under 25 maximum)
- 1 (Otherwise. For example, the license dose not include this function or physical-CPUs and logical-CPUs do not meet the above conditions)
acl_name is an optional setting. It is a name of an access control list (see AccessList) that you would like to set to the TCP service. When this option is not set or the specified name is not found in access control lists, an unamed access control list will be set to the TCP service.
--Example :TCPListenAddress 0.0.0.0:1874--
#
HPFPListenAddress=========================================================================Supported OS : Linux.x86 / WindowsFormat : HPFPListenAddress <hpfp_service_addr>[:<hpfp_service_port>[:<hpfp_sndbuf>[:<hpfp_rcvbuf>[:<hpfp_mss>[:<mcd>]]]]][ <acl_name>]-------------------------------------------------------------------------hpfp_service_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------hpfp_service_portFormat : <decimal_number>Default : 65520Range of Values : decimal_number is 1-65535.-------------------------------------------------------------------------hpfp_sndbufFormat : ( DEFAULT | D | <decimal_number>[[(T|G|M|K)]B] )Default : 100MBRange of Values : unsigned double-length integer (byte) D stands for DEFAULT.-------------------------------------------------------------------------hpfp_rcvbufFormat : ( DEFAULT | D | <decimal_number>[[(T|G|M|K)]B] )Default : 200MBRange of Values : unsigned double-length integer (byte) D stands for DEFAULT.-------------------------------------------------------------------------hpfp_mssFormat : ( DEFAULT | D | NONE | N | <decimal_number>[[(T|G|M|K)]B] )Default : NONERange of Values : unsigned integer (byte) D stands for DEFAULT. N stands for NONE.-------------------------------------------------------------------------mcdDefault : physical-CPUs + 1, logical-CPUs/2 + 1, 25 or 1Range of Values : 1 - 65535-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : name of access control list=========================================================================
The available HpFP services to allow to connect from client computers are defined.
hpfp_service_addr specifies the IP address for HpFP service.
hpfp_service_port is the port number of UDP transport for HpFP protocol in the optional setting.
hpfp_sndbuf is the transmission buffer size in the optional setteing. âDâ stands for default.
hpfp_rcvbuf is the buffer size for received data by HpFP protocol in the optional setting. âDâ stands for default.
hpfp_mss is the MSS for HpFP protocol in the optional setting. âDâ stands for default.In âNâ, the setting value is determined by the MTU searching using HpFP protocol.
mcd is optional. This options specifies a number of connections provided for each client session on the service. When 1 is set, sessions will work with a single connection. When 2 or more are set, they will do with the number of connections. When you do not specify it, hcpd will determine a value from the number of physical cores, the number of logical cores and the license configuration.
- physical-CPUs + 1 (physical-CPUs \< logical-CPUs and physical-CPUs > 1 under 25 maximum)
- logical-CPUs/2 + 1 (physical-CPUs = logical-CPUs and logical-CPUs/2 > 1 under 25 maximum)
- 1 (Otherwise. For example, the license dose not include this function or physical-CPUs and logical-CPUs do not meet the above conditions)
acl_name is an optional setting, as in TCP service. It is a name of an access control list (see AccessList) that you would like to set to the HpFP service. When this option is not set or the specified name is not found in access control lists, an unamed access control list will be set to the HpFP service.
--Example :HPFPListenAddress 0.0.0.0:10000--
#
UDPListenAddress=========================================================================Supported OS : Linux.x86 / WindowsFormat : UDPListenAddress <hpfp_service_addr>[:<hpfp_service_port>[:<hpfp_udp_port>[:<hpfp_sndbuf>[:<hpfp_rcvbuf>[:<hpfp_mss>[:<mcd>]]]]]][ <acl_name>]-------------------------------------------------------------------------hpfp_service_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------hpfp_service_portFormat : <decimal_number>Default : 884Range of Values : decimal_number is 1-65535.-------------------------------------------------------------------------hpfp_udp_portFormat : ( DEFAULT | D | <decimal_number> )Default : 65520Range of Values : decimal_number is 1-65535. D stands for DEFAULT.-------------------------------------------------------------------------hpfp_sndbufFormat : ( DEFAULT | D | <decimal_number>[[(T|G|M|K)]B] )Default : 100MBRange of Values : unsigned double-length integer (byte) D stands for DEFAULT.-------------------------------------------------------------------------hpfp_rcvbufFormat : ( DEFAULT | D | <decimal_number>[[(T|G|M|K)]B] )Default : 200MBRange of Values : unsigned double-length integer (byte) D stands for DEFAULT.-------------------------------------------------------------------------hpfp_mssFormat : ( DEFAULT | D | NONE | N | <decimal_number>[[(T|G|M|K)]B] )Default : NONERange of Values : unsigned integer (byte)D stands for DEFAULT. N stands for NONE.-------------------------------------------------------------------------mcdDefault : physical-CPUs + 1, logical-CPUs/2 + 1, 25 or 1Range of Values : 1 - 65535-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : name of access control list=========================================================================
This option is deprecated.
The available HpFP (UDP) services to allow to connect from client computers are defined. This provides a manner of using HpFP services where a serviceâs port number and a UDP transportâs port number are defined respectively, but not a single UDP transportâs number.
hpfp_service_addr specifies the IP address for HpFP service.
hpfp_service_port is a port number of the HpFP service in the optional setting.
hhpfp_udp_port is the port number of UDP transport for HpFP protocol in the optional setting. âDâ stands for default.
hpfp_sndbuf is the transmission buffer size in the optional setteing. âDâ stands for default.
hpfp_rcvbuf is the buffer size for received data by HpFP protocol in the optional setting. âDâ stands for default.
hpfp_mss is the MSS for HpFP protocol in the optional setting. âDâ stands for default.In âNâ, the setting value is determined by the MTU searching using HpFP protocol.
mcd is optional. This options specifies a number of connections provided for each client session on the service. When 1 is set, sessions will work with a single connection. When 2 or more are set, they will do with the number of connections. When you do not specify it, hcpd will determine a value from the number of physical cores, the number of logical cores and the license configuration.
- physical-CPUs + 1 (physical-CPUs \< logical-CPUs and physical-CPUs > 1 under 25 maximum)
- logical-CPUs/2 + 1 (physical-CPUs = logical-CPUs and logical-CPUs/2 > 1 under 25 maximum)
- 1 (Otherwise. For example, the license dose not include this function or physical-CPUs and logical-CPUs do not meet the above conditions)
acl_name is an optional setting, as in TCP service. It is a name of an access control list (see AccessList) that you would like to set to the HpFP(UDP) service. When this option is not set or the specified name is not found in access control lists, an unamed access control list will be set to the HpFP(UDP) service.
--Example :UDPListenAddress 0.0.0.0:1884:10000--
#
WSSListenAddress=========================================================================Supported OS : Linux.x86 / WindowsFormat : WSSListenAddress <wss_service_addr>[:<wss_service_port>[:<wss_opt_name>[:<wss_cs_name>[:<wss_clist_name>[:<wss_privkey_name>[:<wss_cert_name>[:<mcd>[:<use_hcpcm>]]]]]]]][ <acl_name>]-------------------------------------------------------------------------wss_service_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------wss_service_portDefault : 443Range of Values : port number-------------------------------------------------------------------------wss_opt_nameFormat : ( DEFAULT | D | <opt_name> )Default : empty stringRange of Values : name of WSSOptions. D stands for DEFAULT.-------------------------------------------------------------------------wss_cs_nameFormat : ( DEFAULT | D | <cipher_suites_name> )Default : empty stringRange of Values : name of WSSCipherSuites. D stands for DEFAULT.-------------------------------------------------------------------------wss_clist_nameFormat : ( DEFAULT | D | <cipher_list_name> )Default : empty stringRange of Values : name of WSSCipherLlist. D stands for DEFAULT.-------------------------------------------------------------------------wss_privkey_nameFormat : ( DEFAULT | D | <server_key_file_name> )Default : empty stringRange of Values : name of ServerKeyFile-------------------------------------------------------------------------wss_cert_nameFormat : ( DEFAULT | D | <server_cert_file_name> )Default : empty stringRange of Values : name of ServerCertificateFile-------------------------------------------------------------------------mcdDefault : physical-CPUs + 1, logical-CPUs/2 + 1, 25 or 1Range of Values : 1 - 65535-------------------------------------------------------------------------use_hcpcmDefault : noRange of Values : yes, no-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : name of access control list=========================================================================
The available WebSocket services (SSL/TLS) to allow to connect from client computers are defined.
wss_service_addr specifies the IP address for WebSocket service.
wss_service_port is available port for WebSocket service in the optional settings. A port number of 443 will be chosen when you omit this option.
wss_opt_name is optinal. This option specifies a name of WSSOptions. D indicates the default value. When this is the empty string, the WSSOptions that dose not have any name will be chosen.
wss_cs_name is optinal. This option specifies a name of WSSCipherSuites. D indicates the default value. When this is the empty string, the WSSCipherSuites that dose not have any name will be chosen.
wss_clist_name is optinal. This option specifies a name of WSSCipherList. D indicates the default value. When this is the empty string, the WSSCipherList that dose not have any name will be chosen.
wss_privkey_name is optional. This option specifies a name of ServerKeyFile that includes a server key (a private key) for SSL/TLS communication. D indicates the default value. When this is the empty string, the ServerKeyFile that dose not have any names will be chosen.
wss_cert_name is optional. This option specifies a name of ServerCertificateFile that includes a server certificate for SSL/TLS communication. D indicates the default value. When this is the empty string, the ServerCertificateFile that dose not have any names will be chosen.
mcd is optional. This options specifies a number of connections provided for each client session on the service. When 1 is set, sessions will work with a single connection. When 2 or more are set, they will do with the number of connections. When you do not specify it, hcpd will determine a value from the number of physical cores, the number of logical cores and the license configuration.
- physical-CPUs + 1 (physical-CPUs \< logical-CPUs and physical-CPUs > 1 under 25 maximum)
- logical-CPUs/2 + 1 (physical-CPUs = logical-CPUs and logical-CPUs/2 > 1 under 25 maximum)
- 1 (Otherwise. For example, the license dose not include this function or physical-CPUs and logical-CPUs do not meet the above conditions)
use_hcpcm is optional. This option enables encryption on application layer by AcceptableCryptMethod in addtion to SSL/TLS communication. D indicates the default value.
acl_name is an optional setting, as in TCP service. It is a name of an access control list (see AccessList) that you would like to set to the WebSocket services (SSL/TLS). When this option is not set or the specified name is not found in access control lists, an unamed access control list will be set to the WebSocket services (SSL/TLS).
--Example :WSSListenAddress 0.0.0.0:8443--
#
WSSOptions=========================================================================Supported OS : Linux.x86 / WindowsFormat : WSSOptions <opt_value>[ <opt_name>]-------------------------------------------------------------------------opt_valueFormat : ( NONE | <openssl_opt_values> )Default : NONERange of Values : list of SSL/TLS option names defined by OpenSSL-------------------------------------------------------------------------opt_nameDefault : noneRange of Values : string=========================================================================
This option specified OpenSSL options that will be used on SSL/TLS communication. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_options.htmlSSL_CTX_set_options
--Example :WSSOptions SSL_OP_NO_COMPRESSION:SSL_OP_NO_SSLv3--
#
WSSCipherSuites=========================================================================Supported OS : Linux.x86 / WindowsFormat : WSSCipherSuites <cs_value>[ <cs_name>]-------------------------------------------------------------------------cs_valueFormat : ( NONE | <openssl_cipher_suite_values> )Default : NONERange of Values : list of Cipher Suites parameters defined by OpenSSL-------------------------------------------------------------------------cs_nameDefault : noneRange of Values : string=========================================================================
This options specifie Cipher Suites parameters of OpenSSL that will be used on TLS v1.3 communication. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man1/ciphers.htmlciphers
Ciphte Suite names defined by "TLS v1.3 cipher suites"
--Example :WSSCipherSuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256--
#
WSSCipherList=========================================================================Supported OS : Linux.x86 / WindowsFormat : WSSCipherList <clist_value>[ <clist_name>]-------------------------------------------------------------------------clist_valueFormat : ( NONE | <openssl_cipher_list> )Default : NONERange of Values : Cipher List parameters defined by OpenSSL-------------------------------------------------------------------------clist_nameDefault : noneRange of Values : string=========================================================================
This option specifies Cipher List parameters of OpenSSL that will be used on SSL/TLS communication under TLS 1.2. Please use names described in the following URL.
https://www.openssl.org/docs/man1.1.1/man1/ciphers.htmlciphers
Cipher List in a format defined by "CIPHER LIST FORMAT2 and "CIPHER STRINGS".
--Example :WSSCipherList RC4-MD5:RC4-SHA:AES128-SHA:AES256-SHA:HIGH:!DSS:!aNULL--
#
WSListenAddress=========================================================================Supported OS : Linux.x86 / WindowsFormat : WSListenAddress <ws_service_addr>[:<ws_service_port>[:<mcd>]][ <acl_name>]-------------------------------------------------------------------------ws_service_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------ws_service_portDefault : 80Range of Values : 1 - 65535-------------------------------------------------------------------------mcdDefault : physical-CPUs + 1, logical-CPUs/2 + 1, 25 or 1Range of Values : 1 - 65535-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : name of access control list=========================================================================
The available WebSocket services (no SSL/TLS) to allow to connect from client computers are defined.
ws_service_addr specifies an IP address for the WebSocket service.
ws_service_port specifies a port number of the WebSocket service.
mcd is optional. This options specifies a number of connections provided for each client session on the service. When 1 is set, sessions will work with a single connection. When 2 or more are set, they will do with the number of connections. When you do not specify it, hcpd will determine a value from the number of physical cores, the number of logical cores and the license configuration.
- physical-CPUs + 1 (physical-CPUs \< logical-CPUs and physical-CPUs > 1 under 25 maximum)
- logical-CPUs/2 + 1 (physical-CPUs = logical-CPUs and logical-CPUs/2 > 1 under 25 maximum)
- 1 (Otherwise. For example, the license dose not include this function or physical-CPUs and logical-CPUs do not meet the above conditions)
acl_name is an optional setting, as in TCP service. It is a name of an access control list (see AccessList) that you would like to set to the WebSocket services (no SSL/TLS). When this option is not set or the specified name is not found in access control lists, an unamed access control list will be set to the WebSocket services (no SSL/TLS).
--Example :WSListenAddress 0.0.0.0:8080--
#
ListenServiceBonding=========================================================================Supported OS : Linux / WindowsFormat : ListenServiceBonding <service_name>[ ... <service_name>]-------------------------------------------------------------------------service_nameDefault : noneRange of Values : names of TCPListenAddress, HpFPListenAddress, etc.=========================================================================
This specifies how hcpd makes bonding of services under multiple connection mode on sessions. Please specifies a name of service or names of services over which you want to make bonding of connections for sessions. You can see the names by -t option.
You can also use this option to make hybrid connections using TCP and HpFP for sessions.
Only one option can be described.
Clients connect to a server in oridinary way specifying the server host name and its port number of TCP or HpFP, etc. After the connection established, clients automatically make a nubmer of new connections with the server up to the limit defined at services counting the first connection.
--Example :ListenServiceBonding tcp1 udp1--
#
Communication Data Compression Function#
HeaderCompress (reserved)#
ContentCompress (reserved)#
Data Flow Control, Bandwidth Control#
MaxTotalReceiveRate=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxTotalReceiveRate <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The traffic shaping control on the receiving bandwidth for the transport is configured (entire system). This function realizes the bandwidth control between the TCP/HpFP (UDP) layer and the application layer.
--Example :MaxTotalReceiveRate 1Gbit--
This function realizes the bandwidth control between the TCP/HpFP (UDP) layer and the application layer.When the value is over 5Gbps, it is processed as unlimited (without shaping). Other bandwidth shaping options are as well.
#
MaxTotalSendRate=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxTotalSendRate <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The traffic shaping control on the sending bandwidth for the transport is configured (entire system). This function realizes the bandwidth control between the TCP/HpFP (UDP) layer and the application layer.
--Example :MaxTotalSendRate 1Gbit--
#
MaxReceiveRatePerConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxReceiveRatePerConnection <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The traffic shaping control on the receiving bandwidth for the transport by each client session is configured (per connection). This function realizes the bandwidth control between the TCP/HpFP (UDP) layer and the application layer.
--Example :MaxReceiveRatePerConnection 100Mbit--
#
MaxSendRatePerConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxSendRatePerConnection <bandwidth>-------------------------------------------------------------------------bandwidthDefault : 10GbitRange of Values : unsigned double-length integer=========================================================================
The traffic shaping control on the sending bandwidth for the transport by each client session is configured (per connection). This function realizes the bandwidth control between the TCP/HpFP (UDP) layer and the application layer.
--Example :MaxSendRatePerConnection 100Mbit--
#
Data Flow Control, File Lock Function#
FileLock=========================================================================Supported OS : Linux.x86 / WindowsFormat : FileLock <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
In writing /reading files, whether to use the file lock is configured.
When yes is set, hcp acquires a file lock to write to files and read from them. On the Linux platform, this locking mechanism works well among softwares which use the same one since it is advisory lock.
When it is ânoâ, hcp dose not acuqire the lock to do. This option is usable when some hang-ups occurs on network filesystems like NFS or some errors occurs on acquiring file locks. Please be careful of conflicts on destinations when multiple hcp commands run at one time.
When the lock request is processed properly and in waiting just to acquire the lock,the following log will be recorded (FileLockRetries is 0) or the processing will be stopped by detecting the maximum number of trials (FileLockRetries is more than 0).
2018/07/05 16:34:10 00007f638bd97740:INFO :Acquiring a lock to the file was rejected at the first trial.2018/07/05 16:34:13 00007f638bd97740:INFO :Acquiring a lock to the file continues to be rejected about few seconds.
The operation is stopped by detecting the attempts have reached to the maximum number (FileLockRetries is over 0).
--Example :FileLock yes--
#
FileLockTrials=========================================================================Supported OS : Linux.x86 / WindowsFormat : FileLockTrials <num-trials>-------------------------------------------------------------------------num-trialsDefault : 0Range of Values : unsigned integer=========================================================================
The number of the maximum trials of acquiring the file lock is set. When 0, it is locked until the file lock acquired.
--Example :FileLockTrials 5--
The old name of FileLockRetries
is available.
#
FileLockTrialInterval=========================================================================Supported OS : Linux.x86 / WindowsFormat : FileLockTrialInterval <trial-interval>-------------------------------------------------------------------------trial-intervalDefault : 3Range of Values : unsigned integer=========================================================================
The interval time to request the file lock is set (sec).
--Example :FileLockTrialInterval 10--
The old name of FileLockRetryInterval
is available.
#
Data Flow Control, Temporary File Save Function (Atomic File Save)#
AtomicLikeSaving=========================================================================Supported OS : Linux.x86 / WindowsFormat : AtomicLikeSaving <flag-available> <temp-file-suffix>[ <temp-file-prefix>]-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------temp-file-suffixDefault : .tmpRange of Values : up to 16 characters, NONE, RANDn-------------------------------------------------------------------------temp-file-prefixDefault : NONERange of Values : up to 16 characters, NONE, RANDn=========================================================================
It configures the settings for atomically file saving (two-step file saving by creating a temporary file) when transferring files.
flag-available specifies enabled/disenabled for atomically file saving.
temp-file-suffix specifies the suffix of temporary files created when enabled. When âNONEâ, the suffix is not added.
temp-file-prefix specifies the prefix of temporary files created when enabled. When âNONEâ, the prefix is not added.
On the Linux versions, the write access right in the final destination is checked before creating temporary files.
With the resume function (-r option), files transferred part of the way are transferred from the beginning.
When RANDn is set, a file name which dose not conflict to existing files will be produced using a random string. The default length of the random string is 6.
#
AtomicLikeSavingThreshold=========================================================================Supported OS : Linux.x86 / WindowsFormat : AtomicLikeSavingThreshold <threshold>-------------------------------------------------------------------------thresholdDefault : 100KBRange of Values : signed double-length integer=========================================================================
The file size threshold is set to enable file saving atomically.
This setting does not cover files under the threshold. â0 bytesâ means all files are covered.
#
AtomicLikeSavingRejectOverwriteRequest=========================================================================Supported OS : Linux.x86 / WindowsFormat : AtomicLikeSavingRejectOverwriteRequest <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
It configures whether to reject a request (specified by clientâs setting) to overwrite temporary files created in atomically saving.
It should be set to ânoâ to accept overwriting requests when there is no risk of collision of the temporary file name, by checking the application rules on file name, and the prefix/suffix string.
#
Data Flow Control, Data Buffer Setting#
MaxTotalBufferSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxTotalBufferSize <max-total-buf-size>-------------------------------------------------------------------------max-total-buf-sizeDefault : 4GBRange of Values : signed double-length integer=========================================================================
The maximum memory buffer size for file data processing on the hcpd daemon is configured.
--Example :MaxTotalBufferSize 8GB--
#
MaxBufferSizePerConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxBufferSizePerConnection <max-buf-size-per-con>-------------------------------------------------------------------------max-buf-size-per-conDefault : 100MBRange of Values : unsigned double-length integer=========================================================================
The maximum memory buffer size for file data processing by each client session is configured.
--Example :MaxBufferSizePerConnection 512MB--
#
TCPServiceSocketSendBuffer=========================================================================Supported OS : Linux.x86 / WindowsFormat : TCPServiceSocketSendBuffer <snd-buf-size>-------------------------------------------------------------------------snd-buf-sizeFormat : <decimal_number>[[(T|G|M|K)]B]Default : 0Range of Values : unsigned double-length integer (byte)=========================================================================
Specifies a TCP sending buffer size in bytes. 0 indicates no specification of this option.
You need this option to make a performance tuning of TCP on 100G environment. No need to use in ordinary cases.
--Example :TCPServiceSocketSendBuffer 128MB--
#
UDPServiceExtensionBufferSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : UDPServiceExtensionBufferSize <ext-buf-size>-------------------------------------------------------------------------ext-buf-sizeDefault : 2GBRange of Values : unsigned double-length integer (byte)=========================================================================
The extension buffer size for HpFP (UDP) service is specified.
The size of the buffer for the traffic in the HpFP session is extended up to the specified size (hpfp_sndbuf
or hpfp_rcvbuf
in UDPListenAddress
) by adjusting to coincide with the increase of the latency, packet loss, and the volume of the traffic. The maximum total buffer size to extend is specified by this value.
When â0â, this extension doesnât work.
The initial buffer size (the buffer size before extended) is 1MB.
--Example :UDPServiceExtensionBufferSize 4GB--
#
Data Flow Control, Transfer File Size Control#
MaxReceiveFileSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxReceiveFileSize <file-size>-------------------------------------------------------------------------file-sizeDefault : 8EB - 1B (Unlimited. The maximum value of signed double-length integer)Range of Values : signed double-length integer=========================================================================
The maximum file size to allow to receive is configured.
--Example :MaxReceiveFileSize 1GB--
#
MaxSendFileSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxSendFileSize <file-size>-------------------------------------------------------------------------file-sizeDefault : 8EB - 1B (Unlimited. The maximum value of signed double-length integer)Range of Values : signed double-length integer=========================================================================
The maximum file size to allow to send is configured.
--Example :MaxSendFileSize 1GB--
#
Data Flow Control, Message Data Size Control#
InitHeaderBlockSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : InitHeaderBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 50KBRange of Values : unsigned double-length integer=========================================================================
The initial header block size is configured.
--Example :InitHeaderBlockSizeă10KB--
The maximum size of the header block including plural massages such as file request is given. This option is applied as soon as the transmission starts.
#
InitContentBlockSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : InitContentBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 1MBRange of Values : unsigned double-length integer=========================================================================
The initial content block size is configured.
In environments over 10Gbps, when the communication performance hits a peak by making the most of it, changing InitContentBlockSize along with MaxContentBlockSize may reach an even better performance.
--Example :InitContentBlockSizeă2MB--
The maximum size of the header block including file data is given. This option is applied as soon as the transmission starts.
#
MaxHeaderBlockSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxHeaderBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 50KBRange of Values : unsigned double-length integer=========================================================================
The maximum size of the header block to expand is configured.
--Example :MaxHeaderBlockSize 100KB--
Once the transmission starts, the occupied bandwidth is measured and the header block size is changed into the available size.
#
MaxContentBlockSize=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxContentBlockSize <block-size>-------------------------------------------------------------------------block-sizeDefault : 1MBRange of Values : unsigned double-length integer=========================================================================
The maximum size of the content block to expand is configured.
In environments over 10Gbps, when the communication performance hits a peak by making the most of it, changing MaxContentBlockSize along with InitContentBlockSize may reach an even better performance.
--Example :MaxContentBlockSize 4MB--
Once the transmission starts, the occupied bandwidth is measured and the content block size is changed into the available size.
#
MaxRequestFileEntryAtOnce=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxRequestFileEntryAtOnce <max-file-req-at-once>-------------------------------------------------------------------------max-file-req-at-onceDefault : 50Range of Values : signed integer=========================================================================
The maximum number of requested files to allow to send simultaneously is configured.
--Example :MaxRequestFileEntryAtOnce 1000--
#
Data Flow Control, Disk I/O Speed Control#
MaxReadRatePerConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxReadRatePerConnection <read-rate>-------------------------------------------------------------------------read-rateDefault : 10Ebit (Unlimited)Range of Values : unsigned double-length integer (up to 10Ebit)=========================================================================
This option specifies limitation of reading data from files on file transfer. This will be applied to each session which performs the file transfer. It is recognized as unlimited when the value is the maximum value in bps or over it.
In some environment, long time running of reading and writing might make overheat on SSDs (especially the writing side). So this option is useful for avoiding it.
--Example :MaxReadRatePerConnection 10Gbit--
#
MaxWriteRatePerConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxWriteRatePerConnection <write-rate>-------------------------------------------------------------------------write-rateDefault : 10Ebit (Unlimited)Range of Values : unsigned double-length integer (up to 10Ebit)=========================================================================
This option specifies limitation of writing data to files on file transfer. This will be applied to each session which performs the file transfer. It is recognized as unlimited when the value is the maximum value in bps or over it.
In some environment, long time running of reading and writing might make overheat on SSDs (especially the writing side). So this option is useful for avoiding it.
--Example :MaxWriteRatePerConnection 10Gbit--
#
Code Transformation, Communication Encoding Negotiation#
TransportCharEncoding=========================================================================Supported OS : Linux.x86 / WindowsFormat : TransportCharEncoding <encodings>-------------------------------------------------------------------------encodingsFormat : <encoding>[ ...]Default : UTF8-------------------------------------------------------------------------encodingRange of Values : US-ASCII, UTF8, UTF16, UTF32=========================================================================
The string encoding method used in the transport is configured.
--Example :TransportCharEncoding UTF8 UTF16 US-ASCII--
It is applied to strings, such as file paths exchanged between clients. The encoding which is consistent with the one in the client configuration is chosen.
#
Code Transformation, Host Character Encoding#
HostEncoding=========================================================================Supported OS : Linux.x86 / WindowsFormat : HostEncoding <encoding>-------------------------------------------------------------------------encodingDefault : UTF-8 (Linux) CP932 (Windows)Range of Values : encoding name supported by system and encoding conversion library (platform-dependent)=========================================================================
The string encoding method for the host computer is configured.
--Example :HostEncoding EUC-JP--
It is used to translate file paths into inner strings descriptions for the software.
#
Authentication#
LocalPasswordAuthentication=========================================================================Supported OS : Linux.x86 / WindowsFormat : LocalPasswordAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
LPA(Local Password Authentication) authentication is specified. LPA authentication is enabled by inputting âyesâ. If even one authentication is enabled including this authentication method of inputting âyesâ, the authentication is always required to access from clients.(Anonymous access prohibited)
--Example :LocalPasswordAuthentication yes--
#
PAMAuthentication=========================================================================Supported OS : Linux.x86Format : PAMAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
PAM(Pluggable Authenticaton Module) authentication is specified. PAM authentication is enabled by inputting âyesâ.
--Example :PAMAuthentication no--
PAM authentication is valid for software distributed in RPM packages for Linux platforms.
PAM authentication depends on the system configuration. The PAM configuration files as below are appropriately configured according to the operating system environment where the service runs.
/etc/pam.d/hcpd
#
PubkeyAuthentication=========================================================================Supported OS : Linux.x86 / WindowsFormat : PubkeyAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yes (Linux.x86), no (Windows)Range of Values : yes, no=========================================================================
RSA(Rivest-Shamir-Adleman cryptosystem) authentication is specified. RSA authentication is enabled by inputting âyesâ.
--Example :PubkeyAuthentication no--
#
WinLogonUserAuthentication=========================================================================Supported OS : WindowsFormat : WinLogonUserAuthentication <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Windows authentication is specified. Windows authentication is enabled by inputting âyesâ.
--Example :WinLogonUserAuthentication no--
Windows authentication is valid for software distributed in RPM packages for Windows platforms.
In the Windows authentication, the user ID and the password (including the domain name) will be just passed to the system standard API authentication function.
#
PerformSystemAuthenticationRegardlessUsers=========================================================================Supported OS : Linux.x86 / WindowsFormat : PerformSystemAuthenticationRegardlessUsers <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
This option specifies wheter hcpd executes the system authentication (PAM or Windows Logon) regardless of the user definitions at /etc/hcp/users.
--Example :PerformSystemAuthenticationRegardlessUsers yes--
#
AuthorizedKeysSearchDir=========================================================================Supported OS : Linux.x86 / WindowsFormat : AuthorizedKeysSearchDir <search-dir>-------------------------------------------------------------------------search-dirDefault : /etc/hcp/authkeys (Linux.x86) C:/ProgramData/Clealink/HCP Tools/authkeys (Windows)Range of Values : path string of file system or NONE=========================================================================
This option specifies a search directory to find out a userâs public key for RSA authentication. Please set NONE if you do not want to perform the search.
--Example :AuthorizedKeysSearchDir /etc/hcp/authkeys--
The file name as below in the specified directory is searched as the file which the public key is stored in.
<user name>.pub
The old name of âAuthorizedKeySearchDirâ is available.
#
AuthorizedKeysFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : AuthorizedKeysFile <file-path>-------------------------------------------------------------------------file-pathDefault : ~/.hcp/authorized_keys (Linux.x86) ~/_hcp/authorized_keys (Windows)Range of Values : file path with a tilde which shows the user directory or NONE=========================================================================
Specifies the key store file in the user home directory to find the userâs public key for the RSA authentication. Please set NONE if you do not want to perform the search.
TOKENS of %%, %h, %U and %u is available defined under the following sshd_config.
https://man7.org/linux/man-pages/man5/sshd_config.5.htmlTOKENS - AuthorizedKeysFile
The old name of âAuthorizedKeyFileâ is available.
#
AuthorizedKeysCommand=========================================================================Supported OS : Linux.x86Format : AuthorizedKeysCommand <cmd-path>-------------------------------------------------------------------------cmd-pathDefault : noneRange of Values : command (or script) path to search for user's public keys=========================================================================
Specifies the path of command (or script) to find the userâs public key for the RSA authentication. A username will be given to the command as the first argument. If you enable this configuration, hcpd requires AuthorizedKeysCommandUser.
--Example :AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys--
TOKENS of %%, %h, %U and %u is available defined under the following sshd_config.
https://man7.org/linux/man-pages/man5/sshd_config.5.htmlTOKENS - AuthorizedKeysCommand
#
AuthorizedKeysCommandUser=========================================================================Supported OS : Linux.x86Format : AuthorizedKeysCommandUser <username>-------------------------------------------------------------------------usernameDefault : noneRange of Values : user name that runs the command to search for user's public keys=========================================================================
Specifies the user name that runs the command, specified by AuthorizedKeysCommand, to find the userâs public key.
--ExampleïŒAuthorizedKeysCommandUser nobody--
In general, it is recommended to use a user that works only for finding the public key and dose not have any other role on the system.
https://man7.org/linux/man-pages/man5/sshd_config.5.htmlAuthorizedKeysCommandUser
#
CACertificateFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : CACertificateFile <file-path>-------------------------------------------------------------------------file-pathDefault : /etc/hcp/cacert.pem (Linux.x86) C:/ProgramData/Clealink/HCP Tools/cacert.pem (Windows)Range of Values : path string of file system=========================================================================
The file path of the CA certificate for the client authentication is specified.
--Example :CACertificateFile /etc/hcp/cacert.pem--
The certificate in the PEM format is supported.
#
CACertificatePath (reserved)=========================================================================Supported OS : Linux.x86 / WindowsFormat : CACertificatePath <dir-path>-------------------------------------------------------------------------dir-pathDefault : /etc/ssl (Linux.x86) C:/ProgramData/Clealink/HCP Tools/ssl (Windows)Range of Values : path string of file system=========================================================================
p. The directory path of the CA certificate for the server certificate is specified.
--Example :CACertificatePath /etc/ssl--
The certificate in the PEM format is supported.
#
CARevocationFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : CARevocationFile <file-path>-------------------------------------------------------------------------file-pathDefault : /etc/hcp/crl.pem (Linux.x86) C:/ProgramData/Clealink/HCP Tools/crl.pem (Windows)Range of Values : path string of file system =========================================================================
The file where CRL for client authentication is stored is configured.
--Example :CARevocationFile /etc/hcp/crl.pem--
The certification revocation list (CRL) in the PEM format is supported.
#
CARevocationPath (reserved)=========================================================================Supported OS : Linux.x86 / WindowsFormat : CARevocationPath <dir-path>-------------------------------------------------------------------------dir-pathDefault : /etc/ssl (Linux.x86) C:/ProgramData/Clealink/HCP Tools/ssl (Windows)Range of Values : path string of file system=========================================================================
the directory where CRL for client authentication is stored is configured.
--Example :CARevocationPath /etc/ssl--
The certification revocation list (CRL) in the PEM format is supported.
#
OCSPRevocationEnabled=========================================================================Supported OS : Linux.x86 / WindowsFormat : OCSPRevocationEnabled <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
OCSP (Online Certificate Status Protocol) for client authentication is configured. It is enabled by inputting âyesâ.
--Example :OCSPRevocationEnabled no--
#
LocalUserFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : LocalUserFile <file-path>[ <usage>]-------------------------------------------------------------------------file-pathDefault : /etc/hcp/users (Linux.x86) C:/ProgramData/Clealink/HCP Tools/users (Windows)Range of Values : path string of file system-------------------------------------------------------------------------usageDefault : overwriteRange of Values : overwrite, define=========================================================================
The file which defines the user information is configured.
file-path specifies a path of the file.
usage specifies how to use the file from the following options.
- overwrite
- define
When overwrite is set, the file will be used to overwrite how to authenticate users.
When define is set, hcpd recognizes users described in the file are available to login. So it rejects users who are not described in the file.
--Example :LocalUserFile /etc/hcp/users define--
#
LocalPasswordFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : LocalPasswordFile <file-path>-------------------------------------------------------------------------file-pathDefault : /etc/hcp/passwd (Linux.x86) C:/ProgramData/Clealink/HCP Tools/passwd (Windows)Range of Values : path string of file system=========================================================================
The file which defines the user credentials (password hash) used in LPA authentication is configured.
--Example :LocalPasswordFile /etc/hcp/passwd--
#
AllowUsers=========================================================================Supported OS : Linux.x86Format : AllowUsers [<username-pattern>...]-------------------------------------------------------------------------username-patternFormat : <name-pattern>[@<host-pattern>]-------------------------------------------------------------------------name-patternDefault : noneRange of Values : string including wildcards ('*' or '?')-------------------------------------------------------------------------host-patternDefault : noneRange of Values : CIDR form network address string=========================================================================
This option specifies a name pattern of system users who are accepted to login (multiple specification is available).
username-pattern specifies a user name pattern and a CIDR form network address as option.
name-pattern specifies a pattern string representing user names. You can use a wildcard â*â representing any strings and another wildcard â?â representing any one character. When a user name input by a user matches with this pattern, hcpd accepts the login trial and performs authentication.
host-pattern specifies a CIDR form network address string. When the option is set, hcpd accepts the login trial if the name-pattern matches with the input user name and the network address includes the peer address of clients.
If hcpd confirms a pattern meets the above conditions, it terminates evaluation of patters and accepts the login trial. When DenyUsers is also configured, the evaluation will be performed in the order from DenyUsers to AllowUsers. If no patterns meet the conditions when AllowUsers or AllowGroups are set, hcpd rejects the login trial.
The following configurations will be disabled whem this option is set.
- PrivilegeSeparationMinimumUID
- PrivilegeSeparationMinimumGID
--Example :AllowUsers seg1-*@192.168.0.0/24--
#
AllowGroups=========================================================================Supported OS : Linux.x86Format : AllowGroups [<groupname-pattern>...]-------------------------------------------------------------------------groupname-patternDefault : noneRange of Values : string including wildcards ('*' or '?')=========================================================================
This option specifies a name pattern of system groups who are accepted to login (multiple specification is available).
groupname-pattern specifies a pattern string representing group names. You can use a wildcard â*â representing any strings and another wildcard â?â representing any one character. When a primary group or supplemental groups the user belongs to matches with this pattern, hcpd accepts the login trial and performs authentication.
If hcpd confirms a pattern meets the above conditions, it terminates evaluation of patters and accepts the login trial. When DenyGroups is also configured, the evaluation will be performed in the order from DenyGroups to AllowGroups. If no patterns meet the conditions when AllowUsers or AllowGroups are set, hcpd rejects the login trial.
The following configurations will be disabled whem this option is set.
- PrivilegeSeparationMinimumUID
- PrivilegeSeparationMinimumGID
--Example :AllowGroups seg1-users--
#
DenyUsers=========================================================================Supported OS : Linux.x86Format : DenyUsers [<username-pattern>...]-------------------------------------------------------------------------username-patternFormat : <name-pattern>[@<host-pattern>]-------------------------------------------------------------------------name-patternDefault : noneRange of Values : string including wildcards ('*' or '?')-------------------------------------------------------------------------host-patternDefault : noneRange of Values : CIDR form network address string=========================================================================
This option specifies a name pattern of system users who are rejected to login (multiple specification is available).
username-pattern specifies a user name pattern and a CIDR form network address as option.
name-pattern specifies a pattern string representing user names. You can use a wildcard â*â representing any strings and another wildcard â?â representing any one character. When a user name input by a user matches with this pattern, hcpd rejects the login trial and performs authentication.
host-pattern specifies a CIDR form network address string. When the option is set, hcpd rejects the login trial if the name-pattern matches with the input user name and the network address includes the peer address of clients.
When AllowUsers is also configured, the evaluation will be performed in the order from DenyUsers to AllowUsers. If a pattern meets the conditions, hcpd rejects the login trial without evaluating the remaining patterns.
The following configurations will be disabled whem this option is set.
- PrivilegeSeparationMinimumUID
- PrivilegeSeparationMinimumGID
--Example :DenyUsers seg1-*@192.168.0.0/24--
#
DenyGroups=========================================================================Supported OS : Linux.x86Format : DenyGroups [<groupname-pattern>...]-------------------------------------------------------------------------groupname-patternDefault : noneRange of Values : string including wildcards ('*' or '?')=========================================================================
This option specifies a name pattern of system groups who are rejected to login (multiple specification is available).
groupname-pattern specifies a pattern string representing group names. You can use a wildcard â*â representing any strings and another wildcard â?â representing any one character. When a primary group or supplemental groups the user belongs to matches with this pattern, hcpd rejects the login trial and performs authentication.
When AllowGroups is also configured, the evaluation will be performed in the order from DenyGroups to AllowGroups. If a pattern meets the conditions, hcpd rejects the login trial without evaluating the remaining patterns.
The following configurations will be disabled whem this option is set.
- PrivilegeSeparationMinimumUID
- PrivilegeSeparationMinimumGID
--Example :DenyGroups guest-users--
#
Encryption#
AcceptableCryptMethod=========================================================================Supported OS : Linux.x86 / WindowsFormat : AcceptableCryptMethod <method-names>-------------------------------------------------------------------------method-namesFormat : <method-name>[ ...]Default : AES256/GCM AES256/CTR/VMAC AES256/CBC AES128/CBC-------------------------------------------------------------------------method-nameRange of Values : PLAIN, AES128/CBC, AES192/CBC, AES256/CBC, AES128/CBC/HMAC,AES192/CBC/HMAC, AES256/CBC/HMAC, AES128/CBC/VMAC, AES192/CBC/VMAC,AES256/CBC/VMAC, AES128/CBC/VMAC64, AES192/CBC/VMAC64, AES256/CBC/VMAC64,AES128/CTR/HMAC, AES192/CTR/HMAC, AES256/CTR/HMAC, AES128/CTR/VMAC,AES192/CTR/VMAC, AES256/CTR/VMAC, AES128/CTR/VMAC64, AES192/CTR/VMAC64,AES256/CTR/VMAC64, AES128/GCM, AES192/GCM, AES256/GCM=========================================================================
The cryptographic algorithm is configured.
When specified AES128/CBC, it is interpreted as AES128/CBC/HMAC.(They are the same algorithm. AES192/CBC and AES256/CBC are as well.)
When communicating with a host with versions that do not support the new algorithms, such as CTR/GCM mode and VMAC mode, these new algorithms that donât match the other host are ignored in the connection negotiation. However, still, the communications donât go to errors.
CTR/VMAC or GCM are recommended on network over 1Gbps, e.g. AES256/GCM, AES256/CTR/VMAC. Encrypted communication using CBC or HMAC, e.g. AES256/CTR/HMAC, AES256/CBC/HMAC, might make a bottle neck in performance on network over 1Gbps generally. VMAC64 checks data integrity with 64 bit, less than 128 bit in VMAC mode, which leads to better performance but less secured data integrity.
--Example :AcceptableCryptMethod AES256/CBC PLAIN--
It is used to encrypt the messages communicated with a client. The algorithm is chosen to match the client configuration.
#
AcceptableDigestMethod=========================================================================Supported OS : Linux.x86 / WindowsFormat : AcceptableDigestMethod <method-names>-------------------------------------------------------------------------method-namesFormat : <method-name>[ ...]Default : XXH3 MM128 SHA256 SHA160-------------------------------------------------------------------------method-nameRange of Values : NONE, SHA160, SHA224, SHA256, SHA384, SHA512, MD5, MM32, MM128,XXH3, XXH128, XXH64, XXH32=========================================================================
The digest algorithm for data communication and verification of transferred files is configured.
--Example :AcceptableDigestMethod SHA256 MM128 NONE--
It is used to verify the messages, files, and data blocks communicated between clients. The algorithm which is consistent with the one in the client configuration is chosen.
In the case of encryption communications using HMAC like AES256/CBC/HMAC, the algorithms (MD5, MM32, MM128, XXH3, XXH128, XXH64, XXH32) other than the security digest algorithms are regarded as nothing configured.
MM32 and MM128 are deprecated. Please use XXH3 instaed.
#
RequireDataIntegrityChecking=========================================================================Supported OS : Linux.x86 / WindowsFormat : RequireDataIntegrityChecking <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
When encrypted communication between server and clients, whether the server requests to check the integrity of communicating data (Data integrity test) by MAC (Message Authentication Code) is set.
When ânoâ, in the case that clients request not to check the data, accept the request and keep communicating.
When âyesâ, reject the request.
âyesâ (default) is recommended. This commnad is used to improve the performance in encrypted communication. Please be aware of the risk that the communicating data is not supposed to be check when elected âno.â
--Example :RequireDataIntegrityChecking no--
#
Security Negotiation by Encryption Communications#
UseServerCertificateSecurity=========================================================================Supported OS : Linux.x86 / WindowsFormat : UseServerCertificateSecurity <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
The server certificate security function is available. When âyesâ is set, secured communications based on the PKI technology between clients are provided by the server certification specified in ServerCertificateFile or the public key resolved by the ServerKeyFile path.
--Example :UseServerCertificateSecurity no--
#
RequireServerCertificateSecurity=========================================================================Supported OS : Linux.x86 / WindowsFormat : RequireServerCertificateSecurity <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Security communications for clients by server certification security function is available. When âyesâ is set and the client requests the communication without this function (plain communicaion), the connection is denied.
--Example :RequireServerCertificateSecurity no--
#
ServerKeyFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : ServerKeyFile <file-path>[ <serv-key-name>]-------------------------------------------------------------------------file-pathDefault : /etc/hcp/key/server.key (Linux.x86) C:/ProgramData/Clealink/HCP Tools/key/server.key (Windows)Range of Values : path string of file system-------------------------------------------------------------------------serv-key-nameDefault : noneRange of Values : string=========================================================================
The server private key path used in server certification security function is specified. When the public key exists in the private key path with the suffix âpubâ, secured communications are provided by using this pair of keys, not by the setting of ServerCertificateFile.
server-key-name is optional. This option sets a name to the key. WSSListenAddress services use the name to refer to the key.
--Example :ServerKeyFile /etc/hcp/key/server.keyServerKeyFile /etc/hcp/key/server.wss.key wss-key--
When client users accesse to the server for the first time, the following question is asked to make sure that the public key is registered as known_hosts.
A secure connection for host 127.0.0.1 can't be established.RSA key fingerprint is SHA256: 0fzb9DY4qxXWPm/L/4cBKKK+FQ9577NIRYxRquZ6eWA=.Are you sure you want to continue connecting [yes/no] ?
By inputting âyesâ, the key is supposed to be registered as a registered host in the path. In the case of the same public key of the same host, this procedure is skipped from next time.
<userhomedirectory>/.hcp/known_hosts (Linux)<userhomedirectory>/_hcp/known_hosts (Windows)
#
ServerCertificateFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : ServerCertificateFile <file-path>[ <serv-cert-name>]-------------------------------------------------------------------------file-pathDefault : /etc/hcp/cert/server.crt (Linux.x86) C:/ProgramData/Clealink/HCP Tools/cert/server.crt (Windows)Range of Values : path string of file system-------------------------------------------------------------------------serv-cert-nameDefault : noneRange of Values : string=========================================================================
the server certificate path is specified.
serv-cert-name is optional. This option sets a name to the certificate. WSSListenAddress use the name to refer to the certificate.
If you need intermedate certificates, please place certificates into the file in the order from the server certificate to the intermediate one.
--Example :ServerCertificateFile /etc/hcp/cert/server.crtServerCertificateFile /etc/hcp/cert/server.wss.crt wss-cert--
#
ServerCertificateChainFile=========================================================================Supported OS : Linux.x86 / WindowsFormat : ServerCertificateChainFile <file-path>-------------------------------------------------------------------------file-pathDefault : /etc/hcp/cert/chain.crt (Linux.x86) C:/ProgramData/Clealink/HCP Tools/cert/chain.crt (Windows)Range of Values : path string of file system=========================================================================
Multiple intermediate certificates in the server certificate path are specified.Intermediate certificates are sent to clients in the order they are stored in the fil after sending the server certificate.
--Example :ServerCertificateChainFile /etc/hcp/cert/chain.crt--
#
Access Control#
UserDirectoryFallbackAvailable=========================================================================Supported OS : Linux.x86 / WindowsFormat : UserDirectoryFallbackAvailable <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
Whether to allow the fallbacks of the user home directory and the working directory is configured. When the home directory recognized as the registered authentication doesnât exist, whether to move backward to the directory described in the root document is specified. This option is invalid (no) in software version 1.1.0 and later on the client.
--Example :UserDirectoryFallbackAvailable yes--
#
RejectOnUserHomeDirectoryNotFound=========================================================================Supported OS : Linux.x86 / WindowsFormat : RejectOnUserHomeDirectoryNotFound <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
When the user home directory canât be found, whether to reject is set. This option is set to enable (yes) on the software before Ver.1.2.0.
--Example :RejectOnUserHomeDirectoryNotFound yes--
#
Access Control, Privilege Separation#
UsePrivilegeSeparation=========================================================================Supported OS : Linux.x86 / WindowsFormat : UsePrivilegeSeparation <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
The privilege separation for the client sessions is configured. In âyesâ, processing in the sessions is executed in a process different from the server standby process. In the divided processes, the user identification information (UID/GID and supplemental groups) based on the authentication result is set as userâs access rights. If you want to change the specification of UID/GID from the default, please add an entry to /etc/hcp/users to overwrite it.
--Example :UsePrivilegeSeparation no--
Supplemental groups can be applied up to 1000 groups. When they are over the number of groups, supplemental groups will be ignored (only UID and primary group GID applied). When the privilege separation is disabled, the processes on client sessions are operated following execution rights of each service.
On the Windows services, when authentication is performed by LPA or RSA authentication rather than Windows logon authentication, client sessions works in the serviceâs access rights (privilege separation will not applied to them).
#
PrivilegeSeparationMinimumUID=========================================================================Supported OS : Linux.x86 / WindowsFormat : PrivilegeSeparationMinimumUID <min-uid>-------------------------------------------------------------------------min-uidDefault : 0Range of Values : unsigned integer=========================================================================
The minimum value of UID in which sessions can be executed in privilege separation enabled is configured, which is useful to control executions by users who has special rights.
This option will be disabled when the following options are configured.
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
--Example :PrivilegeSeparationMinimumUID 1000--
#
PrivilegeSeparationMinimumGID=========================================================================Supported OS : Linux.x86 / WindowsFormat : PrivilegeSeparationMinimumGID <min-gid>-------------------------------------------------------------------------min-gidDefault : 0Range of Values : unsigned integer=========================================================================
The minimum value of GID in which sessions can be executed in privilege separation enabled is configured, which is useful to control executions by users who has special rights.
This option will be disabled when the following options are configured.
- AllowUsers
- AllowGroups
- DenyUsers
- DenyGroups
--Example :PrivilegeSeparationMinimumGID 1000--
#
PrivilegeSeparationUser=========================================================================Supported OS : Linux.x86 / WindowsFormat : PrivilegeSeparationUser <username>-------------------------------------------------------------------------usernameDefault : noneRange of Values : user names in the system=========================================================================
In privilege separation working, the specified userâs identification information will be applied when hcpd cannot determine any userâs access rights to apply.
When user name isnât specified, a user name (nobody or everyone) depend on the platform is used.
--Example :PrivilegeSeparationUser nobody--
#
PrivilegeSeparationUmask=========================================================================Supported OS : Linux.x86 / WindowsFormat : PrivilegeSeparationUmask <umask_val>[ <dir_umask_val>]-------------------------------------------------------------------------umask_valDefault : 0022Range of Values : from 0000 to 0777 in octal values-------------------------------------------------------------------------dir_umask_valDefault : noneRange of Values : from 0000 to 0777 in octal values- dir_umask_val is experimantal.=========================================================================
This option specifies a umask value applied to processes executing different from the server stanby process on privilege separation.
umask_val specifies a umask value to apply. When dir_umask_val is not set, this value will be applied to both files and directories in the process.
dir_umask_val specifies a umask value to apply for directories. When this option is set, umask_val will be applied to files and dir_umask_val will be applied to directories. A common value of umask (umask_val & dir_umask_val) will be applied to the process and differenct from the common value will be applied respectively by HCP on creating files and directories. Please be careful of application of unexpected umask to files and directories which are not handled by HCP (so, this option is experimental).
If you want to set umask each user, please edit /etc/hcp/users.
--Example :PrivilegeSeparationUmask 0002--
#
PrivilegeSeparationUmaskAnonymous=========================================================================Supported OS : Linux.x86 / WindowsFormat : PrivilegeSeparationUmaskAnonymous <umask_val>[ <dir_umask_val>]-------------------------------------------------------------------------umask_valDefault : 0002Range of Values : from 0000 to 0777 in octal values-------------------------------------------------------------------------dir_umask_valDefault : noneRange of Values : from 0000 to 0777 in octal values- dir_umask_val is experimental.=========================================================================
This option specifies a umask value applied to processes executing in anonymous different from the server stanby process on privilege separation.
umask_val specifies a umask value to apply. When dir_umask_val is not set, this value will be applied to both files and directories in the process.
dir_umask_val specifies a umask value to apply for directories. When this option is set, umask_val will be applied to files and dir_umask_val will be applied to directories. A common value of umask (umask_val & dir_umask_val) will be applied to the process and differenct from the common value will be applied respectively by HCP on creating files and directories. Please be careful of application of unexpected umask to files and directories which are not handled by HCP (so, this option is experimental).
--Example :PrivilegeSeparationUmaskAnonymous 0022--
#
ApplyUserPermission=========================================================================Supported OS : Linux.x86 / WindowsFormat : ApplyUserPermission <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
When privilege separation isnât used, whether to use the authenticated user identification information (UID/GID) is applied for the file permission to the destination is configured.
--Example :ApplyUserPermission yes--
#
NoSupplementalGroupInPrivilegeSeparation=========================================================================Supported OS : Linux.x86Format : NoSupplementalGroupInPrivilegeSeparation <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
This option disables supplemental groups on the privilege separation.
--Example :NoSupplementalGroupInPrivilegeSeparation yes--
#
Access Control, ACLïŒAccess Control ListïŒFunction#
AccessList=========================================================================Supported OS : Linux.x86 / WindowsFormat : AccessList <acl_name>-------------------------------------------------------------------------acl_nameDefault : noneRange of Values : characters=========================================================================
The access control list is defined.
acl_name is an optional setting. The access control list is specified.
--Example :AccessList acl1--
When acl_name is not used, it is treated as the unnamed access control list. Only one unnamed access control list can be defined.
#
Allow=========================================================================Supported OS : Linux.x86 / WindowsFormat : Allow (<ip_addr> <net_mask>|any)[ <hpfp_cong_mode_modifier>]-------------------------------------------------------------------------ip_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------net_maskDefault : noneRange of Values : subnet mask-------------------------------------------------------------------------hpfp_cong_mode_modifierFormat : <modifier>[...] modifier := (+|-)(M|S|A)[...]Default : none=========================================================================
The access permission on the access control list is defined.
ip_addr is IP address.
net_mask is net mask.
âanyâ means all network.
hpfp_cong_mode_modifier specifys the overwriting of the HpFP congestion control mode.
In the HpFP congestion control mode, M, S, and A stands for MODEST, FAIR_FAST_START, and AGGRESSIVE respectively.
â+â means enabling the HpFP congestion control mode which is described after â+â, when the connection which matches with one of this allowed access list is received.
â-â means canceling the HpFP congestion control mode which is described after â-â.
--Example : Allow 192.168.1.0 255.255.255.0 -A+M--
When the input network includes the client IP address, it is allowed to be accessed.
#
Deny=========================================================================Supported OS : Linux.x86 / WindowsFormat : Deny (<ip_addr> <net_mask>|any)-------------------------------------------------------------------------ip_addrDefault : noneRange of Values : IP address-------------------------------------------------------------------------net_maskDefault : noneRange of Values : subnet mask=========================================================================
Denying to access is defined in the access control list.
--Example : Deny 192.168.1.0 255.255.255.0--
When the input network includes the client IP address, it is denied to be accessed.
#
Access Control, Admission Control#
MaxTotalConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxTotalConnection <max-total-con>-------------------------------------------------------------------------max-total-conDefault : 150Range of Values : signed integer=========================================================================
The maximum number of connections is configured.
--Example :MaxTotalConnection 5--
#
MaxTcpConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxTcpConnection <max-tcp-con>-------------------------------------------------------------------------max-tcp-conDefault : 50Range of Values : signed integer=========================================================================
The maximum number of TCP connections is configured.
--Example :MaxTcpConnection 5--
#
MaxUdpConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxUdpConnection <max-udp-con>-------------------------------------------------------------------------max-udp-conDefault : 50Range of Values : signed integer=========================================================================
The maximum number of HpFP (UDP) connections is configured.
--Example :MaxUdpConnection 5--
#
MaxWsConnection=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxWsConnection <max-ws-con>-------------------------------------------------------------------------max-ws-conDefault : 50Range of Values : signed integer=========================================================================
The maximum number of WebSocket connections is configured.
--Example :MaxWsConnection 5--
#
MaxConnectionPerUser=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxConnectionPerUser <max-con-per-user>-------------------------------------------------------------------------max-con-per-userDefault : 50Range of Values : signed integer=========================================================================
The maximum number of connections by each user is configured.
--Example :MaxConnectionPerUser 1--
#
MaxConnectionPerSec=========================================================================Supported OS : Linux.x86 / WindowsFormat : MaxConnectionPerSec <max-con-per-sec>-------------------------------------------------------------------------max-con-per-secDefault : 25Range of Values : signed integer=========================================================================
The maximum number of connections per second is configured.
--Example :MaxConnectionPerSec 10--
#
Access Control, Document Point#
DocPoint=========================================================================Supported OS : Linux.x86 / WindowsFormat : DocPoint <doc_point_name>-------------------------------------------------------------------------doc_point_nameDefault : noneRange of Values : characters=========================================================================
This option specifies an area on the file system of the server to provide available accesses to clients under a directory and its children. It includes some configurations to set write and read permission.
doc_point_name shows the name of this document point.
When the user home directory canât be found, this document point is used as the home directory.
--Example :DocPoint /home DocPath /home PermitAccessRead yes PermitAccessWrite yes PermitAccessOverwrite yes PermitAccessDelete yesDocPointEnd--
DocPath, PermitAccessRead, PermitAccessWrite, PermitAccessOverwrite, PermitAccessDelete
When you configure two or more DocPoints, list the descriptions like the following example.
--Example :DocPoint /home ......DocPointEnd
DocPoint /dev ......DocPointEnd--
#
DocPath=========================================================================Supported OS : Linux.x86 / WindowsFormat : DocPath <doc_path>-------------------------------------------------------------------------doc_pathDefault : noneRange of Values : path string of file system=========================================================================
The directory path for the document point is specified.
--Example : DocPath /home--
The access to the files and directories is permitted by this directory path.
#
PermitAccessRead=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessRead <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission to read the files in the document point is set.
--Example : PermitAccessRead yes--
When ânoâ is set, the files in the document point are prohibited to read. For example, it makes reading errors of files on file transfer.
#
PermitAccessWrite=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessWrite <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission to write the files in the document point is set.
--Example : PermitAccessWrite yes--
When ânoâ is set, the files in the document point are prohibited to write. For example, it makes writing errors of files on file transfer.
#
PermitAccessOverwrite=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessOverwrite <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission to overwrite the files in the document point is set.
--Example : PermitAccessOverwrite yes--
When ânoâ is set, the files in the document point are prohibited to overwrite. For example, it makes errors on overwriting to files which already exist.
#
PermitAccessDelete=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessDelete <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission to delete the files in the document point is set.
--Example : PermitAccessDelete yes--
When ânoâ is set, the files in the document point are prohibited to delete.
#
PermitAccessRandomRead (reserved)=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessRandomRead <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission for the random read access in the document point is set.
--Example : PermitAccessRandomRead yes--
#
PermitAccessRandomWrite (reserved)=========================================================================Supported OS : Linux.x86 / WindowsFormat : PermitAccessRandomWrite <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
The permission for the random write access in the document point is set.
--Example : PermitAccessRandomRead yes--
#
Various Monitoring, Timeout Control#
TransportTimeout=========================================================================Supported OS : Linux.x86 / WindowsFormat : TransportTimeout <timeout>-------------------------------------------------------------------------timeoutDefault : 180Range of Values : unsigned integer=========================================================================
The timeout in seconds of the transport is set. When communication data including Keep-Alive data is unreached in the specified time on a session, it will end closing its connections as it is supposed to be unavailable to continue communication.
0 indicates disabling the timeout.
--Example :TransportTimeout 60--
#
IdleTimeout=========================================================================Supported OS : Linux.x86 / WindowsFormat : IdleTimeout <timeout>-------------------------------------------------------------------------timeoutDefault : 0 (no timeout)Range of Values : unsigned integer=========================================================================
The timeout in seconds of the idle time for a session is set. When operations (command basis execution) in connection to the server is not taken place for the specified time, the connection from the server is closed. It is applied when users operate simultaneously from remote by the terminal function (provided by API library), where user can input plural commands.
0 indicates disabling the timeout.
--Example :IdleTimeout 180 --
#
Performance Evaluation#
MemoryTransferConcurrency=========================================================================Supported OS : Linux.x86 / WindowsFormat : MemoryTransferConcurrency <num-concur> <wait-type> <busy-sleep-nsec>-------------------------------------------------------------------------num-concurDefault : auto (smaller value of physical-CPUs/2 or 16) Range of Values : unsigned integer-------------------------------------------------------------------------wait-typeDefault : condRange of Values : cond, busy-------------------------------------------------------------------------busy-sleep-nsecDefault : 1Range of Values : unsigned integer=========================================================================
When you use -n option on the hcp command which starts the command on memory-to-memory transfer mode, this option configures how to copy memory data of file payloads in concurrent way at the sender side.
num-concur specifies a number of concurrent copies. 1 indicates the standar memory copy by memcpy without concurrency.
wait-type specifies a waiting method on memory copy threads in its idling state. cond is to perform a conditinal wait on that idling state and busy is to perform a busy wait on it. When busy is set, CPU usage might be up to a multiplication of the number of CPUs and 100%.
busy-sleep-nsec specifies a waiting time in nano seconds on the busy wait.
This options is defined for a performance tuning to remove performance limitation by a single threaded memory copy on 100Gbps network environment.
--Example :MemoryTransferConcurrency 1 cond 1 # To disableMemoryTransferConcurrency 12 busy 1 # Busy wait, 4 concurrent and wait in 1 nano seconds--
#
Log Management#
SyslogOption=========================================================================Supported OS : Linux.x86 / WindowsFormat : SyslogOption <syslog-options>-------------------------------------------------------------------------syslog-optionsFormat : syslog-option[ ...]Default : CONS PID-------------------------------------------------------------------------syslog-optionRange of Values : CONS, NDELAY, NOWAIT, ODELAY, PERROR, PID=========================================================================
Syslog option (or options) are configured.
Each option is available for syslog option with prefix âLOG_â.
--Example :SyslogOption PID--
#
SyslogFacility=========================================================================Supported OS : Linux.x86 / WindowsFormat : SyslogFacility <syslog-facility>-------------------------------------------------------------------------syslog-facilityDefault : DAEMONRange of Values : AUTH, CRON, DAEMON, FTP, LOCAL0 - LOCAL7, LPR, MAIL, NEWS, USER, UUCP=========================================================================
Syslog facility is set.
Each facility is available for syslog facility with prefix âLOG_â.
--Example :SyslogFacility FTP--
#
SystemLog=========================================================================Supported OS : Linux.x86 / WindowsFormat : SystemLog <log-level>[ <flag-available>][ <log-rotation-conf>][ <log-path>]-------------------------------------------------------------------------log-levelDefault : INFORange of Values : EMERG, ALERT, CRIT, ERR, WARNING, INFO, DEBUG-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm-------------------------------------------------------------------------log-pathDefault : /var/log/hcpd.logRange of Values : path string of file system=========================================================================
System log settings
log-level is set.
When âyesâ in flag-available, logs are output.
log-rotation-conf specifies on log rotation. When this option is not specified, log rotations donât take place. When FileSize is set, log rotations take place setting the file-size to the threshold. When DatePattern is set, log rotations take place based on the date.
file-size specifies the threshold of the file size in bytes.
backups specifies the maximum number of generations for log rotation to store when FileSize is set.
date-pattern specifies the pattern of the log rotation based on the date.
When FileSize is set, the number of the generations is supposed to be added as the suffix to the pathname of the log files as follows during log rotation.
<specified path> // the path of the log currently being written<specified path>.1<specified path>.2...<specified path>.n // "n" is the number set in backups
When the number of the log rotations exceeds the number specified in âbackupsâ, the exceeded generationâs files are deleted.
When DatePattern is specified, the time and date are supposed to be added as the suffix to the pathname of the log files, following the specified pattern during log rotation.
// in the case of yyyy-MM-dd<specified path> // the path of the log currently being written<specified path>.2019-12-10 // the log for 2019/12/10<specified path>.2019-12-09...<specified path>.2019-11-30...
Log rotation takes place based on the unit of the specified pattern. In the month unit case, a log file records throughout that month, starting at 0:00 on the first day of that month and ending at right before 0:00 on the first day of the following month.
Example :from 2019/11/01 00:00:00 to 2019/12/01 00:00:00(It doesn't include 2019/12/01 00:00:00)
In the minute unit, a log file records throughout the minute, from 0 seconds in that minute to right before 0 seconds in the following minute.
Example :from 2019/11/01 10:30:00 to 2019/11/01 10:31:00(It doesn't include 2019/11/01 10:31:00)
After the specified duration, the log writing request triggers the log to rotate before the log writing. The log file is renamed by adding a suffix of that duration.
// yyyy-MM-dd-HH-mm rotation case2019/12/10 00:00 the server starts2019/12/10 00:05 the server stops2019/12/10 00:07 the server restarts...--<specified path><specified path>.2019-12-10-00-11<specified path>.2019-12-10-00-10 // No record from 00:09 to 00:10<specified path>.2019-12-10-00-08<specified path>.2019-12-10-00-07 // recorded from the server-restart<specified path>.2019-12-10-00-05 // recorded until the server-stop in 00:05 (In restarting, the log rotation is judged based on the update time of the log file.)...<specified path>.2019-12-10-00-00
The server using the privilege separation rotates logs periodically (about each 128 ms). Therefore the log content which should be in the following file may be output in the current file, because rotations may be delayed due to this 128 ms delay.
log-path specifies the log path. When specified together with the command parameter â-lâ, the command parameter is effective.
--Example1 :SystemLog WARNING FileSize 10MB 10Example2 :SystemLog WARNING DatePattern yyyy-MM-ddExample3 :SystemLog WARNING // the same as SystemLogLevel--
#
SystemLogLevel=========================================================================Supported OS : Linux.x86 / WindowsFormat : SystemLogLevel <log-level>-------------------------------------------------------------------------log-levelDefault : INFORange of Values : EMERG, ALERT, CRIT, ERR, WARNING, INFO, DEBUG=========================================================================
The system log level is set, which does not affect any syslog functions.
When you describe SystemLog, this option override the log level.
--Example :SystemLogLevel WARNING--
#
ApplicationStatLog=========================================================================Supported OS : Linux.x86 / WindowsFormat : ApplicationStatLog <flag-available>[ <log-rotation-conf>]-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm=========================================================================
The configuration on the application statistics is set.
When âyesâ in âflag-availableâ, the application statistics information is output.
log-rotation-conf specifies the rotation rule. It works in the same way as the rotation behavior set in âSystemLogâ. However, unlike the âSystemLogâ logs donât rotate periodically when using the privilege separation.
Based on the paths specified in âFileSizeâ and âDatePatternasâ as each criterion, the rotations are carried out as below.
// FileSize cases<specified path>.application<specified path>.application.1<specified path>.application.2...<specified path>.application.n// DatePattern cases<specified path>.application<specified path>.application.2019-12-10<specified path>.application.2019-12-09...
The header of the statistics information is not included in rotated files.
--Example1 :ApplicationStatLog noExample2 :ApplicationStatLog yes FileSize 10MB 10Example3 :ApplicationStatLog yes DatePattern yyyy-MM-dd--
#
TransportStatLog=========================================================================Supported OS : Linux.x86 / WindowsFormat : TransportStatLog <flag-available>[ <log-rotation-conf>]-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm=========================================================================
The configuration on the transport statistics is set.
When âyesâ in flag-available, the transport statistics data is output.
log-rotation-conf specifies the rotation rule. It works in the same way as the rotation behavior set in âSystemLogâ. When using the privilege separation, logs rotate periodically.
Based on the paths specified in âFileSizeâ and âDatePatternasâ as each criterion, the rotations are carried out as below.
// FileSize cases<specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number><specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number>.1<specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number>.2...<specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number>.n// DatePattern cases<specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number><specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number>.2019-12-10<specified path>.transport.tcp.service_<service number>.<service port number>.thread_<thread number>.2019-12-09...
The header of the statistics information is not included in rotated files.
--Example1 :TransportStatLog yesExample2 :TransportStatLog yes FileSize 10MB 10Example3 :TransportStatLog yes DatePattern yyyy-MM-dd--
#
SystemStatLog=========================================================================Supported OS : Linux.x86 / WindowsFormat : SystemStatLog <flag-available>[ <log-rotation-conf>]-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm=========================================================================
The configuration on the system statistics is set.
When âyesâ in flag-available, the system statistics data is output.
log-rotation-conf specifies the rotation rule. It works in the same way as the rotation behavior set in âSystemLogâ. However, unlike the âSystemLogâ logs donât rotate periodically when using the privilege separation.
Based on the paths specified in âFileSizeâ and âDatePatternasâ as each criterion, the rotations are carried out as below.
// FileSize cases<specified path>.system<specified path>.system.1<specified path>.system.2...<specified path>.system.n// DatePattern cases<specified path>.system<specified path>.system.2019-12-10<specified path>.system.2019-12-09...
The header of the statistics information is not included in rotated files.
--Example1 :SystemStatLog yesExample2 :SystemStatLog yes FileSize 10MB 10Example3 :SystemStatLog yes DatePattern yyyy-MM-dd--
#
FileOperationLog=========================================================================Supported OS : Linux.x86 / WindowsFormat : FileOperationLog <flag-available>[ <log-rotation-conf>][ <log-path>]-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------log-rotation-confFormat : ( FileSize <file-size> <backups> | DatePattern <date-pattern> )-------------------------------------------------------------------------file-sizeDefault : noneRange of Values : signed double-length integer-------------------------------------------------------------------------backupsDefault : noneRange of Values : unsigned integer-------------------------------------------------------------------------date-patternDefault : noneRange of Values : yyyy-MM, yyyy-MM-dd, yyyy-MM-dd-HH, yyyy-MM-dd-HH-mm-------------------------------------------------------------------------log-pathDefault : noneRange of Values : path string of file system=========================================================================
The configuration on the file operation logging is set.
When âyesâ in flag-available, the file operation logs are output.
log-rotation-conf specifies the rotation rule. It works in the same way as the rotation behavior set in âSystemLogâ. When using the privilege separation, logs rotate periodically.
Based on the paths specified in âFileSizeâ and âDatePatternasâ as each criterion, the rotations are carried out as below.
// FileSize cases<log path><log path>.1<log path>.2...<log path>.n// DatePattern cases<log path><log path>.2019-12-10<log path>.2019-12-09...
The header of the statistics information is not included in rotated files.
log-path specifies a path of a file to which you want to output file operation logs. When it is not set, the following value will be used.
/var/log/hcpd.file.operation.log (Linux.x86)C:/ProgramData/Clealink/HCP Tools/hcpd.file.operation.log (Windows)
The file operation logs include the following I/O processing records.
- Finish of reading a file
- Finish of writing a file
- Remove a file (including removing by synchronization)
- Creation of a directory
- Rename a file
- Creation of a hard link
- Creation of a symbolic link
- List files
And the following records will be produced as records including acknowledgements by the application (HCP).
- Completion of a file upload
- Completion of a file download
- Completion of synchronization of files
- Completion of removing a file
- Completion of creating a directory
- Completion of renaming a file
- Completion of creating a hard link
- Completion of creating a symbolic link
The records include the following fields in common.
- Date and time
- Peer IP address and port number
- User name
Paths of files are recorded in the specification of each operation.
The format of the logs is in the following specification.
=========================================================================Format:yyyy/mm/dd HH:MM:SS.<usec> <remote-ip> <username> <hcp-operation-name>[ <sub-operation-label>] <path>...yyyy/mm/dd HH:MM:SS.<usec> <remote-ip> <username> <file-io-operation-name>\[<hcp-operation-name>\] <path>...-------------------------------------------------------------------------usecRange of Values : micro seconds (000000 - 999999)-------------------------------------------------------------------------remote-ipRange of Values : peer IP address and port number-------------------------------------------------------------------------usernameRange of Values : User name and authentication method-------------------------------------------------------------------------hcp-operation-nameRange of Values : FT, FS, FR, LR, DC, FM, FL-------------------------------------------------------------------------sub-operation-labelRange of Values : U, D, H, S-------------------------------------------------------------------------file-io-operation-nameRange of Values : FileRead, FileWritten, FileDeleted, DirectoryCreated, FileRenamed, LinkCreated, SymbolicLinkCreated, ListFilesRawFormat=========================================================================
hcp-operation-name indicates a type of the following applications.
- FT (File transfer)
- FS (Delete file on file synchronization)
- FR (File remove)
- LR (List files. Output of ls or dir)
- DC (Directory creation)
- FM (File move)
- FL (Link creation)
sub-operation-label indicates a sub type of some applications.
- U (Upload. Used in FT)
- D (Download. Used in FT)
- H (Hard link creation. Used in FL)
- S (Symbolic link creation. Used in FL)
file-io-operation-name indicates a type of the following file I/O operations.
- FileRead (Finish of reading a file)
- FileWritten (Finish of wrting a file)
- FileDeleted (Finish of removing a file)
- DirectoryCreated (Finish of creating a directory)
- FileRenamed (Finish of renaming a file)
- LinkCreated (Finish of creating a hard link)
- SymbolicLinkCreated (Finish of creating a symbolic link)
- ListFilesRawFormat (To run ls or dir)
--Output example:2020/01/31 10:34:52.277120 127.0.0.1:51660 user[PAM] FileWritten[FT] /home/user/file_nodiskio_02020/01/31 10:34:52.277175 127.0.0.1:51660 user[PAM] FT U /home/user/file_nodiskio_02020/01/31 10:35:14.946750 127.0.0.1:51662 user[PAM] FileRead[FT] /home/user/file_nodiskio_02020/01/31 10:35:15.002770 127.0.0.1:51662 user[PAM] FT D /home/user/file_nodiskio_02020/01/31 10:35:30.002700 127.0.0.1:51662 user[PAM] FS /home/user/dir_sync/stat.log2020/01/31 10:35:30.013558 127.0.0.1:51664 user[PAM] FileDeleted[FS] /home/user/dir_sync/stat.log2020/01/31 10:35:47.713558 127.0.0.1:51664 user[PAM] FileDeleted[FR] /home/user/stat.3.log2020/01/31 10:35:47.765413 127.0.0.1:51664 user[PAM] FR /home/user/stat.3.log2020/01/31 10:38:45.686206 127.0.0.1:51670 user[PAM] DirectoryCreated[DC] /home/user/hmkdir132020/01/31 10:38:45.789370 127.0.0.1:51670 user[PAM] DC /home/user/hmkdir132020/01/31 10:39:22.411968 127.0.0.1:51674 user[PAM] FileRenamed[FM] /home/user/stat.log /home/user/stat2.log2020/01/31 10:39:22.463710 127.0.0.1:51674 user[PAM] FM /home/user/stat.log /home/user/stat2.log2020/01/31 10:40:00.087660 127.0.0.1:51678 user[PAM] SymbolicLinkCreated[FL] /home/user/stat2.log /home/user/stat.log2020/01/31 10:40:00.165831 127.0.0.1:51678 user[PAM] FL S /home/user/stat2.log /home/user/stat.log2020/01/31 10:40:13.693415 127.0.0.1:51680 user[PAM] LinkCreated[FL] /home/user/stat2.log /home/user/stat.h.log2020/01/31 10:40:13.746160 127.0.0.1:51680 user[PAM] FL H /home/user/stat2.log /home/user/stat.h.log2020/02/06 13:54:21.282066 127.0.0.1:50186 user[PAM] ListFilesRawFormat[LR] /home/user/hmkdir42020/02/06 13:54:21.282104 127.0.0.1:50186 user[PAM] ListFilesRawFormat[LR] /home/user/hmkdir5--
--Example1 :FileOperationLog yesExample2 :FileOperationLog yes FileSize 10MB 10Example3 :FileOperationLog yes DatePattern yyyy-MM-ddExample4 :FileOperationLog yes FileSize 10MB 10 /var/tmp/hcpd.file.operation.log--
#
StatLogPerUserInPrivilegeSeparation=========================================================================Supported OS : Linux.x86 / WindowsFormat : StatLogPerUserInPrivilegeSeparation <flag-available>-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no=========================================================================
In the case of the privilege separation, whether to record the statistics log for each user, is chosen.
--Example :StatLogPerUserInPrivilegeSeparation yes--
#
ApplicationStatLogSecurityEx=========================================================================Supported OS : Linux.x86 / WindowsFormat : ApplicationStatLogSecurityEx <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
Whether to output the detailed information on the security in the application statistics log is set.
--Example :ApplicationStatLogSecurityEx no--
#
System Operating Environment Settings, CPU Thread Control#
MaxConcurrentThread=========================================================================Supported OS : Linux.x86Format : MaxConcurrentThread <max-threads>-------------------------------------------------------------------------max-threadsDefault : 0Range of Values : signed integer=========================================================================
The maximum number of threads is configured.
#
System Operating Environment Settings, Application Linked Function#
CallbackScript=========================================================================Supported OS : Linux.x86Format : CallbackScript <flag-available>[ <script-path>[ <data-store-path>]]-------------------------------------------------------------------------flag-availableDefault : noRange of Values : yes, no-------------------------------------------------------------------------script-pathDefault : noneRange of Values : path string of file system-------------------------------------------------------------------------data-store-pathDefault : noneRange of Values : path string of file system=========================================================================
This option specifies a script (or a binary program) to run after application runs.
flag-available enables this option. âyesâ means calling the script.
script-path specifies a path of the script. When a tilde(~) is described at the head, it will be expanded to the home directory of a user who runs the application.
data-store-path specifies a path of saving data given at the run-time of the script which is information of parameters or a result of application running. When a tilde(~) is described at the head, it will be expanded to the home directory of a user who runs the application.
After all of processing on each application running is finished, hcpd runs the following command line.
=========================================================================Command format : <script-path> <exit-code> <start-date-and-time> <end-date-and-time> <remote-ip> <username> <hcp-operation-name> <param-saved-path> <output-saved-path>-------------------------------------------------------------------------script-pathRange of Values : path string of file system (already expanded of tilde)-------------------------------------------------------------------------exit-codeRange of Values : exit code-------------------------------------------------------------------------start-date-and-timeRange of Values : date and time in the format of YYYY/MM/DD hh:mm:ss-------------------------------------------------------------------------end-date-and-timeRange of Values : date and time in the format of YYYY/MM/DD hh:mm:ss-------------------------------------------------------------------------remote-ipRange of Values : peer IP address and port number-------------------------------------------------------------------------usernameRange of Values : user name and authentication method-------------------------------------------------------------------------hcp-operation-nameRange of Values : hcp, hrm, hcp-ls, hmkdir, hpwd, hmv, hln, transfer, remove, listraw, mkd, pwd, move, link, cwd-------------------------------------------------------------------------param-saved-pathRange of Values : path string of file system-------------------------------------------------------------------------output-saved-pathRange of Values : path string of file system=========================================================================
script-path is a script path on hcpd.conf with expanding tilde(~).
exit-code is a reason code representing a result that application runs. The reason code is identical to a reason code recorded in the application statistics.
start-date-and-time is a date and time that application starts.
end-date-and-time is a date and time that application finishes.
hcp-operation-name indicates a type of the following applications (or operations of API).
- hcp (File transfer command)
- hrm (File removing command)
- hcp-ls (File listing command)
- hmkdir (Directory creation command)
- hpwd (Working directory printing command)
- hmv (File moving command)
- hln (Link creation command)
- transfer (API file transfer operation)
- remove (API file removing operation)
- listraw (API file listing operation)
- mkd (API directory creation operation)
- pwd (API working directory printing operation)
- move (API file moving operation)
- link (API link creation operation)
param-saved-path is a path of a file where information of input parameters is saved. The file includes options of the operation and path information from running result records (.hcp.out) the server recognizes.
--Output example:[user@localhost ~]$ cat .hcp/callback/hcp.cb.20200206_152252_468.13521.paramOPT copy_mode ALLCOPYOPT overwrite_mode FORCEOPT fail_action_mode HALTOPT preserve_permission noOPT recursive yesOPT any_dirs noOPT regex noOPT verify_payload noOPT copy_symlink noOPT follow_symlink noOPT no_copy_empty_file noOPT no_copy_empty_dir noOPT no_copy_dot_file noOPT no_copy_dot_dir noOPT copy_hidden noOPT check_archive noOPT resuming noOPT no_app_io yes num_files 1 file_size 1024OPT no_sess_io noSRC /home/user--
output-saved-path is a path of a file where a running result is saved. The file includes records representing a running result of each file.
--Output example:[user@localhost ~]$ cat .hcp/callback/hcp.cb.20200206_152252_468.13521.out OK 0000 FT 00000001 /home/user/file_nodiskio_0--
--Example :CallbackScript yes /var/tmp/hcp_callback.sh /var/tmp/hcp_callback--
#
Others#
EnsureDestinationInFileTransfer=========================================================================Supported OS : Linux.x86 / WindowsFormat : EnsureDestinationInFileTransfer <flag-available>-------------------------------------------------------------------------flag-availableDefault : yesRange of Values : yes, no=========================================================================
When the destination directory doesnât exist during file transfers, how to control the file transfer, whether a new directory is created is set. This option is fixed to ânoâ from the software version 1.1.0.
--Example :EnsureDestinationInFileTransfer no--