hpux inetd man page on unix.com

inetd(1M) inetd(1M)

NAME
inetd - Internet services daemon

SYNOPSIS
proc_limit] count [interval] ]

DESCRIPTION
The daemon is the Internet superserver, which invokes Internet server processes as needed. It must be running before other hosts can con-
nect to the local host through and The daemon also supports services based on the Remote Procedure Call (RPC) protocol (NFS), such as and
If RPC servers are started by the server (see portmap(1M)) must be started before

The daemon is designed to invoke all the Internet servers as needed, thus reducing load on the system. It is normally started at system
boot time. Only one can run at any given time.

The daemon starts servers for both stream and datagram type services. For stream services, listens for connection requests on Internet
stream sockets. When a connection is requested for one of its sockets, decides which service the socket will support, forks a process,
invokes an appropriate server for the connection, and passes the connected socket to the server as and Then returns to listening for con-
nection requests.

For datagram services, waits for activity on Internet datagram sockets. When an incoming datagram is detected, forks a process, invokes an
appropriate server, and passes the socket to the server as and Then waits, ignoring activity on that datagram socket, until the server
exits.

The daemon is normally started by the script, which is invoked during the boot-time initialization. Otherwise, can be started only by the
superuser.

The Internet daemon and the servers it starts inherit the and environment variables and the of the process that started If is started by
the superuser, it inherits the superuser's umask, and passes that umask to the servers it starts.

Services currently supported by inetd will work in an environment with a few changes to the configuration file (See inetd.conf(4)). When
invoked, reads and configures itself to support whatever services are included in that file (see inetd.conf(4)). The daemon also performs
a security check if the file exists (see inetd.sec(4)). If the Internet daemon refuses a connection for security reasons, the connection
is shut down. Most RPC-based services, if their first connection is refused, attempt to connect four more times at 5-second intervals
before timing out. In such cases, refuses the connection from the same service invocation five times. This is visible in the system log
if connection logging and logging for the daemon facility are both enabled (see syslogd(1M)).

The daemon provides several "trivial" services internally by use of routines within itself. The services are (character generator), (human
readable time), and (machine readable time in the form of the number of seconds since midnight, January 1, 1900). The daemon provides both
TCP- and UDP-based servers for each of these services. See inetd.conf(4) for instructions on configuring internal servers.

Options
recognizes the following options. These options can be used only by a superuser.

Enable user level auditing.
Services started by will be audited based on the user's audit specification (see audusr(1M), userdbset(1M), and the user
field in inetd.conf(4)). If a service is audit unaware (see audit(4)), it will not be audited if the user's audit specifica-
tion is disabled.

If auditing for root is disabled, audit unaware services, such as
invoked by for the specified username will not be audited even though auditing for the username is enabled.

Reconfigure the Internet daemon; in other words, force the current
to reread This option sends the signal to the Internet daemon that is currently running. Any configuration errors that occur
during the reconfiguration are logged to the daemon facility.

Kill the current
This option sends the signal to the Internet daemon that is currently running, causing it to exit gracefully. This option is
the preferred method of killing

By default,
starts with connection logging disabled. If no is running, the option causes the to start with connection logging enabled.
Otherwise the option causes to send the signal to the that is already running, which causes it to toggle the state of connec-
tion logging.

By default,
spawns any number of child processes to serve incoming connections. When is started with the option, does not spawn a child
process if the number of child processes already running in the system has reached the proc_limit value. spawns a new child
process only when the number of running child processes is less than the proc_limit value. If an invalid value or zero is
specified for the option, spawns any number of child processes to serve incoming connections.

identifies a UDP service as broken or in an infinite loop when it receives
count number of connections in interval seconds of time. When finds any such broken service, it discards the packet request-
ing the socket connection, and refuses access to that service. tries enabling that service after 10 minutes and accepts con-
nections for that service. This is applicable to all UDP services other than and Using the option, you can specify the val-
ues for count and interval, which need to be decimal numbers. If you invoke without this option or specify invalid values
for this option, the default values 40 and 60 are taken for count and interval, respectively.

This option is similar to the
option, but it suppresses the hostname while logging into the syslog file. If is not running, the option causes to start
with suppressed hostname logging enabled. If is running, the option causes to send signal to that is already running. This
causes to toggle the state of suppressed hostname logging.

When is running with either of or of logging enabled, the Internet daemon logs attempted connections to services. It also logs connection
attempts which fail the security check. This information can be useful when trying to determine if someone is repeatedly trying to access
your system from a particular remote system (in other words, trying to break into your system). Successful connection attempts are logged
to the daemon facility at the info log level. Connection attempts failing the security check are logged at the notice log level. also
logs whether the connection logging has been enabled or disabled at the info log level.

DIAGNOSTICS
The following diagnostics are returned by the Internet daemon before it disconnects from the terminal.

An attempt was made to start an Internet daemon when one was already running.
It is incorrect to call the Internet daemon a second time without the or option.

An attempt was made to reconfigure an Internet daemon when none was running.

This message occurs if
is called with and another Internet daemon is running but cannot be reconfigured. This occurs if the original Internet dae-
mon died without removing its semaphore.

Use the command to remove the semaphore left by the previous Internet daemon; then restart the daemon.

The following diagnostics are logged to the daemon facility. Unless otherwise indicated, messages are logged at the error log level.

The Internet daemon is unable to access the configuration file
The error message preceding this one specifies the reason for the failure.

There is an error on the specified line in
The line in the configuration file is skipped. This error does not stop the Internet daemon from reading the rest of the
file and configuring itself accordingly.

Fix the line with the error and reconfigure the Internet daemon by executing the command.

system_call
failed. See the corresponding manual entry for a description of system_call. The reason for the failure is explained in
message.

None of the services/servers listed in the configuration file
could be set up properly, due to configuration file errors.

The number of active services listed in the configuration file
exceeds the "hard" limit that can be supported by the system (see setrlimit(2)).

Reduce the number of services listed in the configuration file, then reconfigure the Internet daemon by running the command

file
can be either or If a backslash is not immediately followed by an end of line, it is ignored and the information up to the
end of line is accepted. In this case, the next line of the file is not appended to the end of the current line. Unless all
the information required is present on a single line, configuration file error messages are also output. This message is
logged at the warning log level.

The call to the library routine
(see getservent(3N)) failed. The service is not listed in

Include that service in or eliminate the entry for the service in

When
tries to start 40 servers within 60 seconds for a datagram service, other than or it assumes that the server is failing to
handle the connection. To avoid entering a potentially infinite loop, issues this message, discards the packet requesting
the socket connection, and refuses further connections for this service. After 10 minutes, tries to reinstate the service,
and once again accepts connections for the service. provides command-line option to modify the default values 40 and 60.

Any one of the three errors above makes the service unusable.
For another host to communicate with the server host through this service, the Internet daemon needs to be reconfigured after
any of these error messages.

If this error occurs, the service is temporarily unusable.
After 10 minutes, tries again to make the service usable by binding to the Internet socket for the service.

The remote host failed to pass the security test for the indicated service.
This information can be useful when trying to determine if someone is repeatedly trying to access your system from a particu-
lar remote system (in other words, trying to break into your system). This message is logged at the warning log level.

When connection logging is enabled,
this message indicates a successful connection attempt to the specified service. This message is logged at the notice log
level.

Keeps track of the services added when reconfiguring the Internet daemon.
This message is logged at the info log level.

Lists the new user IDs, servers or executables
used for the service when reconfiguring the Internet daemon. This message is logged at the info log level.

Keeps track of the services deleted
when reconfiguring the Internet daemon. This message is logged at the info log level.

Indicates a hostname resolution failure.

Security File (inetd.sec) Errors
The following errors, prefixed by are related to the security file

For example, field 2 of the Internet address
is incorrect.

The entry in the allow/deny field is not one of the keywords
or No security for this service is implemented by since the line in the security file is ignored. This message is logged at
the warning log level.

RPC Related Errors for NFS Users
These errors are specific to RPC-based servers:

Error on the specified line of
The program or version number for an RPC service is missing. This error does not stop the Internet daemon from reading the
rest of the file and configuring itself accordingly. However, the service corresponding to the error message will not be
configured correctly.

Fix the line with the error, then reconfigure the Internet daemon by executing the command.

Error on the specified line of
The program number for an RPC service is not a number. This error does not stop the Internet daemon from reading the rest of
the file and configuring itself accordingly. However, the service corresponding to the error message will not be correctly
configured.

Fix the line with the error, then reconfigure the Internet daemon by executing the command.

AUTHOR
was developed by HP and the University of California, Berkeley.

NFS was developed by Sun Microsystems, Inc.

FILES
List of Internet server processes.
Optional security file.

SEE ALSO
umask(1), portmap(1M), syslogd(1M), getservent(3N), inetd.conf(4), inetd.sec(4), protocols(4), services(4), environ(5).

inetd(1M)

hpux man page for inetd