5 kx .\" Copyright (c) 1985, 1991 The Regents of the University of California.
5 kx .\" All rights reserved.
5 kx .\"
5 kx .\" Redistribution and use in source and binary forms, with or without
5 kx .\" modification, are permitted provided that the following conditions
5 kx .\" are met:
5 kx .\" 1. Redistributions of source code must retain the above copyright
5 kx .\" notice, this list of conditions and the following disclaimer.
5 kx .\" 2. Redistributions in binary form must reproduce the above copyright
5 kx .\" notice, this list of conditions and the following disclaimer in the
5 kx .\" documentation and/or other materials provided with the distribution.
5 kx .\" 3. All advertising materials mentioning features or use of this software
5 kx .\" must display the following acknowledgement:
5 kx .\" This product includes software developed by the University of
5 kx .\" California, Berkeley and its contributors.
5 kx .\" 4. Neither the name of the University nor the names of its contributors
5 kx .\" may be used to endorse or promote products derived from this software
5 kx .\" without specific prior written permission.
5 kx .\"
5 kx .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
5 kx .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
5 kx .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
5 kx .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
5 kx .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
5 kx .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
5 kx .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
5 kx .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
5 kx .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
5 kx .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
5 kx .\" SUCH DAMAGE.
5 kx .\"
5 kx .\" from: @(#)inetd.8 6.7 (Berkeley) 3/16/91
5 kx .\" $Id: inetd.8,v 1.18 2001/01/29 11:38:32 deraadt Exp $
5 kx .\"
5 kx .Dd March 16, 1991
5 kx .Dt INETD 8
5 kx .Os
5 kx .Sh NAME
5 kx .Nm inetd
5 kx .Nd internet
5 kx .Dq super-server
5 kx .Sh SYNOPSIS
5 kx .Nm inetd
5 kx .Op Fl d
5 kx .Op Fl R Ar rate
5 kx .Op Ar configuration file
5 kx .Sh DESCRIPTION
5 kx .Nm inetd
5 kx should be run at boot time by
5 kx .Pa /etc/rc
5 kx (see
5 kx .Xr rc 8 ) .
5 kx It then listens for connections on certain internet sockets.
5 kx When a connection is found on one
5 kx of its sockets, it decides what service the socket
5 kx corresponds to, and invokes a program to service the request.
5 kx After the program is
5 kx finished, it continues to listen on the socket (except in some cases which
5 kx will be described below).
5 kx Essentially,
5 kx .Nm inetd
5 kx allows running one daemon to invoke several others,
5 kx reducing load on the system.
5 kx .Pp
5 kx The options are as follows:
5 kx .Bl -tag -width Ds
5 kx .It Fl d
5 kx Turns on debugging.
5 kx .It Fl R Ar rate
5 kx Specify the maximum number of times a service can be invoked
5 kx in one minute; the default is unlimited. A rate of 0 allows an
5 kx unlimited number of invocations.
5 kx .El
5 kx .Pp
5 kx Upon execution,
5 kx .Nm inetd
5 kx reads its configuration information from a configuration
5 kx file which, by default, is
5 kx .Pa /etc/inetd.conf .
5 kx There must be an entry for each field of the configuration
5 kx file, with entries for each field separated by a tab or
5 kx a space.
5 kx Comments are denoted by a
5 kx .Dq #
5 kx at the beginning
5 kx of a line.
5 kx There must be an entry for each field.
5 kx The fields of the configuration file are as follows:
5 kx .Pp
5 kx .Bd -unfilled -offset indent -compact
5 kx service name
5 kx socket type
5 kx protocol
5 kx wait/nowait[.max]
5 kx user[.group] or user[:group]
5 kx server program
5 kx server program arguments
5 kx .Ed
5 kx .Pp
5 kx To specify a Sun-RPC
5 kx based service, the entry would contain these fields.
5 kx .Pp
5 kx .Bd -unfilled -offset indent -compact
5 kx service name/version
5 kx socket type
5 kx rpc/protocol
5 kx wait/nowait[.max]
5 kx user[.group] or user[:group]
5 kx server program
5 kx server program arguments
5 kx .Ed
5 kx .Pp
5 kx For internet services, the first field of the line may also have a host
5 kx address specifier prefixed to it, separated from the service name by a
5 kx colon.
5 kx If this is done, the string before the colon in the first field
5 kx indicates what local address
5 kx .Nm
5 kx should use when listening for that service.
5 kx Multiple local addresses
5 kx can be specified on the same line, separated by commas.
5 kx Numeric IP
5 kx addresses in dotted-quad notation can be used as well as symbolic
5 kx hostnames.
5 kx Symbolic hostnames are looked up using
5 kx .Fn gethostbyname .
5 kx If a hostname has multiple address mappings, inetd creates a socket
5 kx to listen on each address.
5 kx .Pp
5 kx The single character
5 kx .Dq \&*
5 kx indicates
5 kx .Dv INADDR_ANY ,
5 kx meaning
5 kx .Dq all local addresses .
5 kx To avoid repeating an address that occurs frequently, a line with a
5 kx host address specifier and colon, but no further fields, causes the
5 kx host address specifier to be remembered and used for all further lines
5 kx with no explicit host specifier (until another such line or the end of
5 kx the file).
5 kx A line
5 kx .Dl *:
5 kx is implicitly provided at the top of the file; thus, traditional
5 kx configuration files (which have no host address specifiers) will be
5 kx interpreted in the traditional manner, with all services listened for
5 kx on all local addresses.
5 kx .Pp
5 kx The
5 kx .Em service-name
5 kx entry is the name of a valid service in
5 kx the file
5 kx .Pa /etc/services .
5 kx For
5 kx .Dq internal
5 kx services (discussed below), the service
5 kx name
5 kx .Em must
5 kx be the official name of the service (that is, the first entry in
5 kx .Pa /etc/services ) .
5 kx When used to specify a Sun-RPC
5 kx based service, this field is a valid RPC service name in
5 kx the file
5 kx .Pa /etc/rpc .
5 kx The part on the right of the
5 kx .Dq /
5 kx is the RPC version number.
5 kx This can simply be a single numeric argument or a range of versions.
5 kx A range is bounded by the low version to the high version -
5 kx .Dq rusers/1-3 .
5 kx .Pp
5 kx The
5 kx .Em socket-type
5 kx should be one of
5 kx .Dq stream ,
5 kx .Dq dgram ,
5 kx .Dq raw ,
5 kx .Dq rdm ,
5 kx or
5 kx .Dq seqpacket ,
5 kx depending on whether the socket is a stream, datagram, raw,
5 kx reliably delivered message, or sequenced packet socket.
5 kx .Pp
5 kx The
5 kx .Em protocol
5 kx must be a valid protocol as given in
5 kx .Pa /etc/protocols .
5 kx Examples might be
5 kx .Dq tcp
5 kx or
5 kx .Dq udp .
5 kx RPC based services are specified with the
5 kx .Dq rpc/tcp
5 kx or
5 kx .Dq rpc/udp
5 kx service type.
5 kx .Dq tcp
5 kx and
5 kx .Dq udp
5 kx will be recognized as
5 kx .Dq TCP or UDP over default IP version .
5 kx It is currently IPv4, but in the future it will be IPv6.
5 kx If you need to specify IPv4 or IPv6 explicitly, use something like
5 kx .Dq tcp4
5 kx or
5 kx .Dq udp6 .
5 kx .Pp
5 kx The
5 kx .Em wait/nowait
5 kx entry is used to tell
5 kx .Nm
5 kx if it should wait for the server program to return,
5 kx or continue processing connections on the socket.
5 kx If a datagram server connects
5 kx to its peer, freeing the socket so
5 kx .Nm inetd
5 kx can receive further messages on the socket, it is said to be
5 kx a
5 kx .Dq multi-threaded
5 kx server, and should use the
5 kx .Dq nowait
5 kx entry.
5 kx For datagram servers which process all incoming datagrams
5 kx on a socket and eventually time out, the server is said to be
5 kx .Dq single-threaded
5 kx and should use a
5 kx .Dq wait
5 kx entry.
5 kx .Xr comsat 8
5 kx .Pq Xr biff 1
5 kx and
5 kx .Xr talkd 8
5 kx are both examples of the latter type of
5 kx datagram server.
5 kx .Xr tftpd 8
5 kx is an exception; it is a datagram server that establishes pseudo-connections.
5 kx It must be listed as
5 kx .Dq wait
5 kx in order to avoid a race;
5 kx the server reads the first packet, creates a new socket,
5 kx and then forks and exits to allow
5 kx .Nm inetd
5 kx to check for new service requests to spawn new servers.
5 kx The optional
5 kx .Dq max
5 kx suffix (separated from
5 kx .Dq wait
5 kx or
5 kx .Dq nowait
5 kx by a dot) specifies the maximum number of server instances that may be
5 kx spawned from
5 kx .Nm inetd
5 kx within an interval of 60 seconds.
5 kx The default is unlimited (setting a limit may actually make it easier for
5 kx an attacker to create a denial-of-service, and is not recommended).
5 kx .Pp
5 kx Stream servers are usually marked as
5 kx .Dq nowait
5 kx but if a single server process is to handle multiple connections, it may be
5 kx marked as
5 kx .Dq wait .
5 kx The master socket will then be passed as fd 0 to the server, which will then
5 kx need to accept the incoming connection.
5 kx The server should eventually time
5 kx out and exit when no more connections are active.
5 kx .Nm
5 kx will continue to
5 kx listen on the master socket for connections, so the server should not close
5 kx it when it exits.
5 kx .Xr identd 8
5 kx is usually the only stream server marked as wait.
5 kx .Pp
5 kx The
5 kx .Em user
5 kx entry should contain the user name of the user as whom the server
5 kx should run.
5 kx This allows for servers to be given less permission
5 kx than root.
5 kx An optional group name can be specified by appending a dot to
5 kx the user name followed by the group name.
5 kx This allows for servers to run with
5 kx a different (primary) group ID than specified in the password file.
5 kx If a group
5 kx is specified and user is not root, the supplementary groups associated with
5 kx that user will still be set.
5 kx .Pp
5 kx The
5 kx .Em server-program
5 kx entry should contain the pathname of the program which is to be
5 kx executed by
5 kx .Nm inetd
5 kx when a request is found on its socket.
5 kx If
5 kx .Nm inetd
5 kx provides this service internally, this entry should
5 kx be
5 kx .Dq internal .
5 kx .Pp
5 kx The
5 kx .Em server program arguments
5 kx should be just as arguments
5 kx normally are, starting with argv[0], which is the name of
5 kx the program.
5 kx If the service is provided internally, the word
5 kx .Dq internal
5 kx should take the place of this entry.
5 kx .Pp
5 kx .Nm inetd
5 kx provides several
5 kx .Dq trivial
5 kx services internally by use of routines within itself.
5 kx These services are
5 kx .Dq echo ,
5 kx .Dq discard ,
5 kx .Dq chargen
5 kx (character generator),
5 kx .Dq daytime
5 kx (human readable time), and
5 kx .Dq time
5 kx (machine readable time,
5 kx in the form of the number of seconds since midnight, January
5 kx 1, 1900).
5 kx All of these services are TCP based.
5 kx For details of these services, consult the appropriate
5 kx .Tn RFC
5 kx from the Network Information Center.
5 kx .Pp
5 kx .Nm inetd
5 kx rereads its configuration file when it receives a hangup signal,
5 kx .Dv SIGHUP .
5 kx Services may be added, deleted or modified when the configuration file
5 kx is reread.
5 kx .Nm inetd
5 kx creates a file
5 kx .Em /var/run/inetd.pid
5 kx that contains its process identifier.
5 kx .Ss IPv6 TCP/UDP behavior
5 kx If you wish to run a server for IPv4 and IPv6 traffic,
5 kx you'll need to run two separate process for the same server program,
5 kx specified as two separate lines on
5 kx .Pa inetd.conf ,
5 kx for
5 kx .Dq tcp4
5 kx and
5 kx .Dq tcp6 .
5 kx .Pp
5 kx Under various combination of IPv4/v6 daemon settings,
5 kx .Nm
5 kx will behave as follows:
5 kx .Bl -bullet -compact
5 kx .It
5 kx If you have only one server on
5 kx .Dq tcp4 ,
5 kx IPv4 traffic will be routed to the server.
5 kx IPv6 traffic will not be accepted.
5 kx .It
5 kx If you have two servers on
5 kx .Dq tcp4
5 kx and
5 kx .Dq tcp6 ,
5 kx IPv4 traffic will be routed to the server on
5 kx .Dq tcp4 ,
5 kx and IPv6 traffic will go to server on
5 kx .Dq tcp6 .
5 kx .It
5 kx If you have only one server on
5 kx .Dq tcp6 ,
5 kx only IPv6 traffic will be routed to the server.
5 kx .El
5 kx .Sh BUGS
5 kx Host address specifiers, while they make conceptual sense for RPC
5 kx services, do not work entirely correctly.
5 kx This is largely because the
5 kx portmapper interface does not provide a way to register different ports
5 kx for the same service on different local addresses.
5 kx Provided you never
5 kx have more than one entry for a given RPC service, everything should
5 kx work correctly.
5 kx (Note that default host address specifiers do apply to
5 kx RPC lines with no explicit specifier.)
5 kx .Pp
5 kx .Dq rpc
5 kx or
5 kx .Dq tcpmux
5 kx on IPv6 is not tested enough.
5 kx Kerberos support on IPv6 is not tested.
5 kx .Sh SEE ALSO
5 kx .Xr comsat 8 ,
5 kx .Xr fingerd 8 ,
5 kx .Xr ftpd 8 ,
5 kx .Xr rexecd 8 ,
5 kx .Xr rlogind 8 ,
5 kx .Xr rshd 8 ,
5 kx .Xr telnetd 8 ,
5 kx .Xr tftpd 8
5 kx .Sh HISTORY
5 kx The
5 kx .Nm
5 kx command appeared in
5 kx .Bx 4.3 .
5 kx Support for Sun-RPC
5 kx based services is modeled after that
5 kx provided by SunOS 4.1.
5 kx IPv6 support and IPsec hack was made by KAME project, in 1999.
Radix cross Linux
The main Radix cross Linux repository contains the build scripts of packages, which have the most complete and common functionality for desktop machines
452 Commits
2 Branches
1 Tag