👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for inetd (netbsd section 8)

INETD(8)			   BSD System Manager's Manual				 INETD(8)

NAME
     inetd, inetd.conf -- internet ``super-server''

SYNOPSIS
     inetd [-d] [-l] [configuration file]

DESCRIPTION
     inetd should be run at boot time by /etc/rc (see rc(8)).  It then opens sockets according to
     its configuration and listens for connections.  When a connection is found on one of its
     sockets, it decides what service the socket corresponds to, and invokes a program to service
     the request.  After the program is finished, it continues to listen on the socket (except in
     some cases which will be described below).  Essentially, inetd allows running one daemon to
     invoke several others, reducing load on the system.

     The options available for inetd:

     -d      Turns on debugging.

     -l      Turns on libwrap connection logging.

     Upon execution, inetd reads its configuration information from a configuration file which,
     by default, is /etc/inetd.conf.  The path given for this configuration file must be abso-
     lute, unless the -d option is also given on the command line.  There must be an entry for
     each field of the configuration file, with entries for each field separated by a tab or a
     space.  Comments are denoted by a ``#'' at the beginning of a line.  There must be an entry
     for each field (except for one special case, described below).  The fields of the configura-
     tion file are as follows:

	   [addr:]service-name
	   socket-type[:accept_filter]
	   protocol[,sndbuf=size][,rcvbuf=size]
	   wait/nowait[:max]
	   user[:group]
	   server-program
	   server program arguments

     To specify an Sun-RPC based service, the entry would contain these fields:

	   service-name/version
	   socket-type
	   rpc/protocol[,sndbuf=size][,rcvbuf=size]
	   wait/nowait[:max]
	   user[:group]
	   server-program
	   server program arguments

     To specify a UNIX-domain (local) socket, the entry would contain these fields:

	   path
	   socket-type
	   unix[,sndbuf=size][,rcvbuf=size]
	   wait/nowait[:max]
	   user[:group]
	   server-program
	   server program arguments

     For Internet services, the first field of the line may also have a host address specifier
     prefixed to it, separated from the service name by a colon.  If this is done, the string
     before the colon in the first field indicates what local address inetd should use when lis-
     tening for that service, or the single character ``*'' to indicate INADDR_ANY, meaning 'all
     local addresses'.	To avoid repeating an address that occurs frequently, a line with a host
     address specifier and colon, but no further fields, causes the host address specifier to be
     remembered and used for all further lines with no explicit host specifier (until another
     such line or the end of the file).  A line
	   *:
     is implicitly provided at the top of the file; thus, traditional configuration files (which
     have no host address specifiers) will be interpreted in the traditional manner, with all
     services listened for on all local addresses.

     The service-name entry is the name of a valid service in the file /etc/services.  For
     ``internal'' services (discussed below), the service name must be the official name of the
     service (that is, the first entry in /etc/services).  When used to specify a Sun-RPC based
     service, this field is a valid RPC service name in the file /etc/rpc.  The part on the right
     of the ``/'' is the RPC version number.  This can simply be a single numeric argument or a
     range of versions.  A range is bounded by the low version to the high version -
     ``rusers/1-3''.

     The socket-type should be one of ``stream'', ``dgram'', ``raw'', ``rdm'', or ``seqpacket'',
     depending on whether the socket is a stream, datagram, raw, reliably delivered message, or
     sequenced packet socket.

     Optionally, an accept_filter(9) can be specified by appending a colon to the socket-type,
     followed by the name of the desired accept filter.  In this case inetd will not see new con-
     nections for the specified service until the accept filter decides they are ready to be han-
     dled.

     The protocol must be a valid protocol as given in /etc/protocols or the string ``unix''.
     Examples might be ``tcp'' and ``udp''.  Rpc based services are specified with the
     ``rpc/tcp'' or ``rpc/udp'' service type.  ``tcp'' and ``udp'' will be recognized as ``TCP or
     UDP over default IP version''.  It is currently IPv4, but in the future it will be IPv6.  If
     you need to specify IPv4 or IPv6 explicitly, use something like ``tcp4'' or ``udp6''.  If
     you would like to enable special support for faithd(8), prepend a keyword ``faith'' into
     protocol, like ``faith/tcp6''.

     In addition to the protocol, the configuration file may specify the send and receive socket
     buffer sizes for the listening socket.  This is especially useful for TCP as the window
     scale factor, which is based on the receive socket buffer size, is advertised when the con-
     nection handshake occurs, thus the socket buffer size for the server must be set on the lis-
     ten socket.  By increasing the socket buffer sizes, better TCP performance may be realized
     in some situations.  The socket buffer sizes are specified by appending their values to the
     protocol specification as follows:

	   tcp,rcvbuf=16384
	   tcp,sndbuf=64k
	   tcp,rcvbuf=64k,sndbuf=1m

     A literal value may be specified, or modified using 'k' to indicate kilobytes or 'm' to
     indicate megabytes.  Socket buffer sizes may be specified for all services and protocols
     except for tcpmux services.

     The wait/nowait entry is used to tell inetd if it should wait for the server program to
     return, or continue processing connections on the socket.	If a datagram server connects to
     its peer, freeing the socket so inetd can receive further messages on the socket, it is said
     to be a ``multi-threaded'' server, and should use the ``nowait'' entry.  For datagram
     servers which process all incoming datagrams on a socket and eventually time out, the server
     is said to be ``single-threaded'' and should use a ``wait'' entry.  comsat(8) (biff(1)) and
     ntalkd(8) are both examples of the latter type of datagram server.  tftpd(8) is an excep-
     tion; it is a datagram server that establishes pseudo-connections.  It must be listed as
     ``wait'' in order to avoid a race; the server reads the first packet, creates a new socket,
     and then forks and exits to allow inetd to check for new service requests to spawn new
     servers.  The optional ``max'' suffix (separated from ``wait'' or ``nowait'' by a dot or a
     colon) specifies the maximum number of server instances that may be spawned from inetd
     within an interval of 60 seconds.	When omitted, ``max'' defaults to 40.  If it reaches this
     maximum spawn rate, inetd will log the problem (via the syslogger using the LOG_DAEMON
     facility and LOG_ERR level) and stop handling the specific service for ten minutes.

     Stream servers are usually marked as ``nowait'' but if a single server process is to handle
     multiple connections, it may be marked as ``wait''.  The master socket will then be passed
     as fd 0 to the server, which will then need to accept the incoming connection.  The server
     should eventually time out and exit when no more connections are active.  inetd will con-
     tinue to listen on the master socket for connections, so the server should not close it when
     it exits.	identd(8) is usually the only stream server marked as wait.

     The user entry should contain the user name of the user as whom the server should run.  This
     allows for servers to be given less permission than root.	Optionally, a group can be speci-
     fied by appending a colon to the user name, followed by the group name (it is possible to
     use a dot (``.'') in lieu of a colon, however this feature is provided only for backward
     compatibility).  This allows for servers to run with a different (primary) group id than
     specified in the password file.  If a group is specified and user is not root, the supple-
     mentary groups associated with that user will still be set.

     The server-program entry should contain the pathname of the program which is to be executed
     by inetd when a request is found on its socket.  If inetd provides this service internally,
     this entry should be ``internal''.

     The server program arguments should be just as arguments normally are, starting with
     argv[0], which is the name of the program.  If the service is provided internally, the word
     ``internal'' should take the place of this entry.	It is possible to quote an argument using
     either single or double quotes.  This allows you to have, e.g., spaces in paths and parame-
     ters.

   Internal Services
     inetd provides several "trivial" services internally by use of routines within itself.
     These services are "echo", "discard", "chargen" (character generator), "daytime" (human
     readable time), and "time" (machine readable time, in the form of the number of seconds
     since midnight, January 1, 1900 GMT).  For details of these services, consult the appropri-
     ate RFC.

     TCP services without official port numbers can be handled with the RFC1078-based tcpmux
     internal service.	TCPmux listens on port 1 for requests.	When a connection is made from a
     foreign host, the service name requested is passed to TCPmux, which performs a lookup in the
     service name table provided by /etc/inetd.conf and returns the proper entry for the service.
     TCPmux returns a negative reply if the service doesn't exist, otherwise the invoked server
     is expected to return the positive reply if the service type in /etc/inetd.conf file has the
     prefix "tcpmux/".	If the service type has the prefix "tcpmux/+", TCPmux will return the
     positive reply for the process; this is for compatibility with older server code, and also
     allows you to invoke programs that use stdin/stdout without putting any special server code
     in them.  Services that use TCPmux are "nowait" because they do not have a well-known port
     number and hence cannot listen for new requests.

     inetd rereads its configuration file when it receives a hangup signal, SIGHUP.  Services may
     be added, deleted or modified when the configuration file is reread.  inetd creates a file
     /var/run/inetd.pid that contains its process identifier.

   libwrap
     Support for TCP wrappers is included with inetd to provide internal tcpd-like access control
     functionality.  An external tcpd program is not needed.  You do not need to change the
     /etc/inetd.conf server-program entry to enable this capability.  inetd uses /etc/hosts.allow
     and /etc/hosts.deny for access control facility configurations, as described in
     hosts_access(5).

     Nota Bene: TCP wrappers do not affect/restrict UDP or internal services.

   IPsec
     The implementation includes a tiny hack to support IPsec policy settings for each socket.	A
     special form of the comment line, starting with ``#@'', is used as a policy specifier.  The
     content of the above comment line will be treated as a IPsec policy string, as described in
     ipsec_set_policy(3).  Multiple IPsec policy strings may be specified by using a semicolon as
     a separator.  If conflicting policy strings are found in a single line, the last string will
     take effect.  A #@ line affects all of the following lines in /etc/inetd.conf, so you may
     want to reset the IPsec policy by using a comment line containing only #@ (with no policy
     string).

     If an invalid IPsec policy string appears in /etc/inetd.conf, inetd logs an error message
     using syslog(3) and terminates itself.

   IPv6 TCP/UDP behavior
     If you wish to run a server for both IPv4 and IPv6 traffic, you will need to run two sepa-
     rate processes for the same server program, specified as two separate lines in
     /etc/inetd.conf using ``tcp4'' and ``tcp6'' respectively.	Plain ``tcp'' means TCP on top of
     the current default IP version, which is, at this moment, IPv4.

     Under various combination of IPv4/v6 daemon settings, inetd will behave as follows:
     o	 If you have only one server on ``tcp4'', IPv4 traffic will be routed to the server.
	 IPv6 traffic will not be accepted.
     o	 If you have two servers on ``tcp4'' and ``tcp6'', IPv4 traffic will be routed to the
	 server on ``tcp4'', and IPv6 traffic will go to server on ``tcp6''.
     o	 If you have only one server on ``tcp6'', only IPv6 traffic will be routed to the server.
	 The kernel may route to the server IPv4 traffic as well, under certain configuration.
	 See ip6(4) for details.

FILES
     /etc/inetd.conf   configuration file for all inetd provided services
     /etc/services     service name to protocol and port number mappings.
     /etc/protocols    protocol name to protocol number mappings
     /etc/rpc	       Sun-RPC service name to service number mappings.
     /etc/hosts.allow  explicit remote host access list.
     /etc/hosts.deny   explicit remote host denial of service list.

SEE ALSO
     hosts_access(5), hosts_options(5), protocols(5), rpc(5), services(5), comsat(8), fingerd(8),
     ftpd(8), rexecd(8), rlogind(8), rshd(8), telnetd(8), tftpd(8)

     J. Postel, Echo Protocol, RFC, 862, May 1983.

     J. Postel, Discard Protocol, RFC, 863, May 1983.

     J. Postel, Character Generator Protocol, RFC, 864, May 1983.

     J. Postel, Daytime Protocol, RFC, 867, May 1983.

     J. Postel and K. Harrenstien, Time Protocol, RFC, 868, May 1983.

     M. Lottor, TCP port service Multiplexer (TCPMUX), RFC, 1078, November 1988.

HISTORY
     The inetd command appeared in 4.3BSD.  Support for Sun-RPC based services is modeled after
     that provided by SunOS 4.1.  Support for specifying the socket buffer sizes was added in
     NetBSD 1.4.  In November 1996, libwrap support was added to provide internal tcpd-like
     access control functionality; libwrap is based on Wietse Venema's tcp_wrappers.  IPv6 sup-
     port and IPsec hack was made by KAME project, in 1999.

BUGS
     Host address specifiers, while they make conceptual sense for RPC services, do not work
     entirely correctly.  This is largely because the portmapper interface does not provide a way
     to register different ports for the same service on different local addresses.  Provided you
     never have more than one entry for a given RPC service, everything should work correctly
     (Note that default host address specifiers do apply to RPC lines with no explicit speci-
     fier.)

     ``tcpmux'' on IPv6 is not tested enough.

SECURITY CONSIDERATIONS
     Enabling the ``echo'', ``discard'', and ``chargen'' built-in trivial services is not recom-
     mended because remote users may abuse these to cause a denial of network service to or from
     the local host.

BSD					 August 27, 2008				      BSD


All times are GMT -4. The time now is 05:31 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password