'\" te .\" Copyright (c) 2006, Sun Microsystems, Inc. All Rights Reserved .\" Copyright 1989 AT&T .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License. .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License. .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner] .TH INETD 8 "May 13, 2017" .SH NAME inetd \- Service Management Facility delegated restarter for inet services .SH SYNOPSIS .LP .nf \fBinetd\fR [\fIconfiguration-file\fR] start | stop | refresh .fi .LP .nf svc:/network/inetd:default .fi .SH DESCRIPTION .LP \fBinetd\fR is the delegated restarter for internet services for the Service Management Facility (SMF). Its basic responsibilities are to manage service states in response to administrative requests, system failures, and service failures; and, when appropriate, to listen for network requests for services. .sp .LP Services are no longer managed by editing the inetd configuration file, \fBinetd.conf\fR(5). Instead, you use \fBinetconv\fR(8) to convert the configuration file content into SMF format services, then manage these services using \fBinetadm\fR(8) and \fBsvcadm\fR(8). Once a service has been converted by \fBinetconv\fR, any changes to the legacy data in the \fBinetd\fR config file will not become effective. However, \fBinetd\fR does alert the administrator when it notices change in the configuration file. See the start description under the "inetd Methods" section for further information. .sp .LP Also note that the current \fBinetd\fR cannot be run from outside the SMF. This means it cannot be run from the command line, as was supported by the previous \fBinetd\fR. If you attempt to do this, a message is sent to stderr displaying mappings between the options supported by the previous \fBinetd\fR to the SMF version of \fBinetd\fR. .sp .LP \fBinetd\fR listens for connections on behalf of all services that are in either the \fBonline\fR or \fBdegraded\fR state. A service enters one of these states when the service is enabled by the user and \fBinetd\fR manages to listen on its behalf. A listen attempt can fail if another server (whether standalone or a third-party internet service) is already listening on the same port. When this occurs, \fBinetd\fR logs this condition and continues trying to bind to the port at configured intervals a configured number of times. See the property \fBbind_fail_max\fR under "Service Properties," below, for more details. .sp .LP The configuration of all \fBinetd\fR's managed SMF services is read when it is started. It is reread when \fBinetd\fR is refreshed, which occurs in response to an SMF request, or when it receives a SIGHUP signal. See the \fBrefresh\fR description under "inetd Methods" for the behavior on configuration refresh. .sp .LP You can use the \fBinetadm\fR(8) or \fBsvccfg\fR(8) utilities to make configuration changes to Internet services within the SMF repository. \fBinetadm\fR has the advantage over \fBsvccfg\fR in that it provides an Internet/RPC service context. .SS "Service States" .LP As part of its service management duties, \fBinetd\fR implements a state machine for each of its managed services. The states in this machine are made up of the \fBsmf\fR(7) set of states. The semantics of these states are as follows: .sp .ne 2 .na \fB\fBuninitialized\fR\fR .ad .sp .6 .RS 4n \fBinetd\fR has yet to process this service. .RE .sp .ne 2 .na \fB\fBonline\fR\fR .ad .sp .6 .RS 4n The service is handling new network requests and might have existing connections active. .RE .sp .ne 2 .na \fB\fBdegraded\fR\fR .ad .sp .6 .RS 4n The service has entered this state because it was able to listen and process requests for some, but not all, of the protocols specified for the service, having exhausted its listen retries. Existing network connections might be active. .RE .sp .ne 2 .na \fB\fBoffline\fR\fR .ad .sp .6 .RS 4n Connections might be active, but no new requests are being handled. This is a transient state. A service might be \fBoffline\fR for any of the following reasons: .RS +4 .TP .ie t \(bu .el o The service's dependencies are unmet. When its dependencies become met the service's state will be re-evaluated. .RE .RS +4 .TP .ie t \(bu .el o The service has exceeded its configured connection rate limit, \fBmax_con_rate\fR. The service's state is re-evaluated when its connection offline timer, \fBcon_rate_offline\fR, expires. .RE .RS +4 .TP .ie t \(bu .el o The service has reached its allowed number of active connections, \fBmax_copies\fR. The service's state is re-evaluated when the number of active connections drops below \fBmax_copies\fR. .RE .RS +4 .TP .ie t \(bu .el o \fBinetd\fR failed to listen on behalf of the service on all its protocols. As mentioned above, \fBinetd\fR retries up to a configured maximum number of times, at configured intervals.The service's state is re-evaluated when either a listen attempt is successful or the retry limit is reached. .RE .RE .sp .ne 2 .na \fB\fBdisabled\fR\fR .ad .sp .6 .RS 4n The service has been turned off by an administrator, is not accepting new connections, and has none active. Administrator intervention is required to exit this state. .RE .sp .ne 2 .na \fB\fBmaintenance\fR\fR .ad .sp .6 .RS 4n A service is in this state because it is either malfunctioning and needs administrator attention or because an administrator has requested it. .sp Events constituting malfunctioning include: \fBinetd\fR's inability to listen on behalf on any of the service's protocols before exceeding the service's bind retry limit, non-start methods returning with non-success return values, and the service exceeding its failure rate. .sp You request the maintenance state to perform maintenance on the service, such as applying a patch. No new requests are handled in this state, but existing connections might be active. Administrator intervention is required to exit this state. .RE .sp .LP Use \fBinetadm\fR(8) to obtain the current state of a managed service. .SS "Service Methods" .LP As part of certain state transitions \fBinetd\fR will execute, if supplied, one of a set of methods provided by the service. The set of supported methods are: .sp .ne 2 .na \fB\fBinetd_start\fR\fR .ad .sp .6 .RS 4n Executed to handle a request for an \fBonline\fR or \fBdegraded\fR service. Since there is no separate state to distinguish a service with active connections, this method is not executed as part of a state transition. .RE .sp .ne 2 .na \fB\fBinetd_offline\fR\fR .ad .sp .6 .RS 4n Executed when a service is taken from the \fBonline\fR or \fBdegraded\fR state to the \fBoffline\fR state. For a \fBwait\fR-type service that at the time of execution is performing its own listening, this method should result in it ceasing listening. This method will be executed before the \fBdisable\fR method in the case an \fBonline\fR/\fBdegraded\fR service is disabled. This method is required to be implemented for a \fBwait\fR-type service. .RE .sp .ne 2 .na \fB\fBinetd_online\fR\fR .ad .sp .6 .RS 4n Executed when a service transitions from the \fBoffline\fR state to the \fBonline\fR state. This method allows a service author to carry out some preparation prior to a service starting to handle requests. .RE .sp .ne 2 .na \fB\fBinetd_disable\fR\fR .ad .sp .6 .RS 4n Executed when a service transitions from the \fBoffline\fR state to the \fBdisabled\fR state. It should result in any active connections for a service being terminated. .RE .sp .ne 2 .na \fB\fBinetd_refresh\fR\fR .ad .sp .6 .RS 4n Executed when both of the following conditions are met: .RS +4 .TP .ie t \(bu .el o \fBinetd\fR is refreshed, by means of the framework or a SIGHUP, or a request comes in to refresh the service, and .RE .RS +4 .TP .ie t \(bu .el o the service is currently in the \fBonline\fR state and there are no configuration changes that would result in the service needing to be taken \fBoffline\fR and brought back again. .RE .RE .sp .LP The only compulsory method is the \fBinetd_start\fR method. In the absence of any of the others, \fBinetd\fR runs no method but behaves as if one was run successfully. .SS "Service Properties" .LP Configuration for SMF-managed services is stored in the SMF repository. The configuration is made up of the basic configuration of a service, the configuration for each of the service's methods, and the default configuration applicable to all \fBinetd\fR-managed services. .sp .LP For details on viewing and modifying the configuration of a service and the defaults, refer to \fBinetadm\fR(8). .sp .LP The basic configuration of a service is stored in a property group named \fBinetd\fR in the service. The properties comprising the basic configuration are as follows: .sp .ne 2 .na \fB\fBbind_addr\fR\fR .ad .sp .6 .RS 4n The address of the network interface to which the service should be bound. An empty string value causes the service to accept connections on any network interface. .RE .sp .ne 2 .na \fB\fBbind_fail_interval\fR\fR .ad .sp .6 .RS 4n The time interval in seconds between a failed bind attempt and a retry. The values \fB0\fR and \fB-1\fR specify that no retries are attempted and the first failure is handled the same as exceeding \fBbind_fail_max\fR. .RE .sp .ne 2 .na \fB\fBbind_fail_max\fR\fR .ad .sp .6 .RS 4n The maximum number of times \fBinetd\fR retries binding to a service's associated port before giving up. The value \fB-1\fR specifies that no retry limit is imposed. If none of the service's protocols were bound to before any imposed limit is reached, the service goes to the \fBmaintenance\fR state; otherwise, if not all of the protocols were bound to, the service goes to the \fBdegraded\fR state. .RE .sp .ne 2 .na \fB\fBcon_rate_offline\fR\fR .ad .sp .6 .RS 4n The time in seconds a service will remain offline if it exceeds its configured maximum connection rate, \fBmax_con_rate\fR. The values \fB0\fR and \fB-1\fR specify that connection rate limiting is disabled. .RE .sp .ne 2 .na \fB\fBconnection_backlog\fR\fR .ad .sp .6 .RS 4n The backlog queue size. Represents a limit on the number of incoming client requests that can be queued at the listening endpoints for servers. .RE .sp .ne 2 .na \fB\fBendpoint_type\fR\fR .ad .sp .6 .RS 4n The type of the socket used by the service or the value \fBtli\fR to signify a TLI-based service. Valid socket type values are: \fBstream\fR, \fBdgram\fR, \fBraw\fR, \fBseqpacket\fR. .RE .sp .ne 2 .na \fB\fBfailrate_cnt\fR\fR .ad .sp .6 .RS 4n The count portion of the service's failure rate limit. The failure rate limit applies to \fBwait\fR-type services and is reached when \fIcount\fR instances of the service are started within a given time. Exceeding the rate results in the service being transitioned to the \fBmaintenance\fR state. This is different from the behavior of the previous \fBinetd\fR, which continued to retry every 10 minutes, indefinitely. The \fBfailrate_cnt\fR check accounts for badly behaving servers that fail before consuming the service request and which would otherwise be continually restarted, taxing system resources. Failure rate is equivalent to the \fB-r\fR option of the previous \fBinetd\fR. The values \fB0\fR and \fB-1\fR specify that this feature is disabled. .RE .sp .ne 2 .na \fB\fBfailrate_interval\fR\fR .ad .sp .6 .RS 4n The time portion in seconds of the service's failure rate. The values \fB0\fR and \fB-1\fR specify that the failure rate limit feature is disabled. .RE .sp .ne 2 .na \fB\fBinherit_env\fR\fR .ad .sp .6 .RS 4n If true, pass \fBinetd\fR's environment on to the service's start method. Regardless of this setting, \fBinetd\fR will set the variables \fBSMF_FMRI\fR, \fBSMF_METHOD\fR, and \fBSMF_RESTARTER\fR in the start method's environment, as well as any environment variables set in the method context. These variables are described in \fBsmf_method\fR(7). .RE .sp .ne 2 .na \fB\fBisrpc\fR\fR .ad .sp .6 .RS 4n If true, this is an RPC service. .RE .sp .ne 2 .na \fB\fBmax_con_rate\fR\fR .ad .sp .6 .RS 4n The maximum allowed connection rate, in connections per second, for a \fBnowait\fR-type service. The values \fB0\fR and \fB-1\fR specify that that connection rate limiting is disabled. .RE .sp .ne 2 .na \fB\fBmax_copies\fR\fR .ad .sp .6 .RS 4n The maximum number of copies of a \fBnowait\fR service that can run concurrently. The values \fB0\fR and \fB-1\fR specify that copies limiting is disabled. .RE .sp .ne 2 .na \fB\fBname\fR\fR .ad .sp .6 .RS 4n Can be set to one of the following values: .RS +4 .TP .ie t \(bu .el o a service name understood by \fBgetservbyname\fR(3SOCKET); .RE .RS +4 .TP .ie t \(bu .el o if \fBisrpc\fR is set to \fBtrue\fR, a service name understood by \fBgetrpcbyname\fR(3NSL); .RE .RS +4 .TP .ie t \(bu .el o if \fBisrpc\fR is set to \fBtrue\fR, a valid RPC program number. .RE .RE .sp .ne 2 .na \fB\fBproto\fR\fR .ad .sp .6 .RS 4n In the case of socket-based services, this is a list of protocols supported by the service. Valid protocols are: \fBtcp\fR, \fBtcp6\fR, \fBtcp6only\fR, \fBudp\fR, \fBudp6\fR, and \fBudp6only\fR. In the case of TLI services, this is a list of netids recognized by \fBgetnetconfigent\fR(3NSL) supported by the service, plus the values \fBtcp6only\fR and \fBudp6only\fR. RPC/TLI services also support nettypes in this list, and \fBinetd\fR first tries to interpret the list member as a nettype for these service types. The values \fBtcp6only\fR and \fBudp6only\fR are new to \fBinetd\fR; these values request that \fBinetd\fR listen only for and pass on true \fBIPv6\fR requests (not IPv4 mapped ones). See "Configuring Protocols for Sockets-Based Services," below. .RE .sp .ne 2 .na \fB\fBrpc_low_version\fR\fR .ad .sp .6 .RS 4n Lowest supported RPC version. Required when \fBisrpc\fR is set to \fBtrue\fR. .RE .sp .ne 2 .na \fB\fBrpc_high_version\fR\fR .ad .sp .6 .RS 4n Highest supported RPC version. Required when \fBisrpc\fR is set to \fBtrue\fR. .RE .sp .ne 2 .na \fB\fBtcp_trace\fR\fR .ad .sp .6 .RS 4n If true, and this is a \fBnowait\fR-type service, \fBinetd\fR logs the client's IP address and TCP port number, along with the name of the service, for each incoming connection, using the \fBsyslog\fR(3C) facility. \fBinetd\fR uses the \fBsyslog\fR facility \fBcode\fR daemon and \fBnotice\fR priority level. See \fBsyslog.conf\fR(5) for a description of \fBsyslog\fR codes and severity levels. This logging is separate from the logging done by the TCP wrappers facility. .sp \fBtcp_trace\fR is equivalent to the previous \fBinetd\fR's \fB-t\fR option (and the \fB/etc/default/inetd\fR property \fBENABLE_CONNECTION_LOGGING\fR). .RE .sp .ne 2 .na \fB\fBtcp_wrappers\fR\fR .ad .sp .6 .RS 4n If \fBtrue\fR, enable TCP wrappers access control. This applies only to services with \fBendpoint_type\fR set to \fBstreams\fR and \fBwait\fR set to \fBfalse\fR. The \fBsyslog\fR facility \fBcode\fR daemon is used to log allowed connections (using the \fBnotice\fR severity level) and denied traffic (using the \fBwarning\fR severity level). See \fBsyslog.conf\fR(5) for a description of \fBsyslog\fR codes and severity levels. The stability level of the TCP wrappers facility and its configuration files is External. As the TCP wrappers facility is not controlled by Sun, intra-release incompatibilities are not uncommon. See \fBattributes\fR(7). .sp For more information about configuring TCP wrappers, refer to \fBtcpd\fR(8) and \fBhosts_access\fR(5). .sp \fBtcp_wrappers\fR is equivalent to the previous inetd's \fB/etc/default/inetd\fR property \fBENABLE_TCPWRAPPERS\fR. .RE .sp .ne 2 .na \fB\fBwait\fR\fR .ad .sp .6 .RS 4n If \fBtrue\fR this is a \fBwait\fR-type service, otherwise it is a \fBnowait\fR-type service. A \fBwait\fR-type service has the following characteristics: .RS +4 .TP .ie t \(bu .el o Its \fBinetd_start\fR method will take over listening duties on the service's bound endpoint when it is executed. .RE .RS +4 .TP .ie t \(bu .el o \fBinetd\fR will wait for it to exit after it is executed before it resumes listening duties. .RE Datagram servers must be configured as being of type \fBwait\fR, as they are always invoked with the original datagram endpoint that will participate in delivering the service bound to the specified service. They do not have separate "listening" and "accepting" sockets. Connection-oriented services, such as TCP stream services can be designed to be either of type \fBwait\fR or \fBnowait\fR. .RE .sp .LP A number of the basic properties are optional for a service. In their absence, their values are taken from the set of default values present in the \fBdefaults\fR property group in the \fBinetd\fR service. These properties, with their seed values, are listed below. Note that these values are configurable through \fBinetadm\fR(8). .sp .in +2 .nf bind_fail_interval -1 bind_fail_max -1 con_rate_offline -1 connection_backlog 10 failrate_count 40 failrate_time 60 inherit_env true max_con_rate -1 max_copies -1 tcp_trace false tcp_wrappers false .fi .in -2 .sp .LP Each method specified for a service will have its configuration stored in the SMF repository, within a property group of the same name as the method. The set of properties allowable for these methods includes those specified for the services managed by \fBsvc.startd\fR(8). (See \fBsvc.startd\fR(8) for further details.) Additionally, for the \fBinetd_start\fR method, you can set the \fBarg0\fR property. .sp .LP The \fBarg0\fR property allows external wrapper programs to be used with \fBinetd\fR services. Specifically, it allows the first argument, \fBargv[0]\fR, of the service's start method to be something other than the path of the server program. .sp .LP In the case where you want to use an external wrapper program and pass arguments to the service's daemon, the arguments should be incorporated as arguments to the wrapper program in the \fBexec\fR property. For example: .sp .in +2 .nf exec='/path/to/wrapper/prog service_daemon_args' arg0='/path/to/service/daemon' .fi .in -2 .sp .LP In addition to the special method tokens mentioned in \fBsmf_method\fR(7), \fBinetd\fR also supports the \fB:kill_process\fR token for \fBwait\fR-type services. This results in behavior identical to that if the \fB:kill\fR token were supplied, except that the \fBkill\fR signal is sent only to the parent process of the \fBwait\fR-type service's \fBstart\fR method, not to all members of its encompassing process contract (see \fBprocess\fR(5)). .SS "Configuring Protocols for Sockets-Based Services" .LP When configuring \fBinetd\fR for a sockets-based service, you have the choice, depending on what is supported by the service, of the alternatives described under the \fBproto\fR property, above. The following are guidelines for which \fBproto\fR values to use: .RS +4 .TP .ie t \(bu .el o For a service that supports only IPv4: \fBtcp\fR and \fBudp\fR .RE .RS +4 .TP .ie t \(bu .el o For a service that supports only IPv6: \fBtcp6only\fR and \fBudp6only\fR .RE .RS +4 .TP .ie t \(bu .el o For a service that supports both IPv4 and IPv6: .RS +4 .TP .ie t \(bu .el o Obsolete and not recommended: \fBtcp6\fR and \fBudp6\fR .RE .RS +4 .TP .ie t \(bu .el o Recommended: use two separate entries that differ only in the proto field. One entry has \fBtcp\fR and the other has \fBtcp6only\fR, or \fBudp\fR plus \fBudp6only\fR. .RE .RE .sp .LP See EXAMPLES for an example of a configuration of a service that supports both IPv4 and IPv6. .SS "\fBinetd\fR Methods" .LP \fBinetd\fR provides the methods listed below for consumption by the master restarter, \fBsvc.startd\fR(8). .sp .ne 2 .na \fB\fBstart\fR\fR .ad .sp .6 .RS 4n Causes \fBinetd\fR to start providing service. This results in \fBinetd\fR beginning to handle \fBsmf\fR requests for its managed services and network requests for those services that are in either the \fBonline\fR or \fBdegraded\fR state. .sp In addition, \fBinetd\fR also checks if the \fBinetd.conf\fR(5)-format configuration file it is monitoring has changed since the last \fBinetconv\fR(8) conversion was carried out. If it has, then a message telling the administrator to re-run \fBinetconv\fR to effect the changes made is logged in \fBsyslog\fR. .RE .sp .ne 2 .na \fB\fBstop\fR\fR .ad .sp .6 .RS 4n Causes \fBinetd\fR to stop providing service. At this point, \fBinetd\fR transitions each of its services that are not in either the \fBmaintenance\fR or \fBdisabled\fR states to the \fBoffline\fR state, running any appropriate methods in the process. .RE .sp .ne 2 .na \fB\fBrefresh\fR\fR .ad .sp .6 .RS 4n Results in a refresh being performed for each of its managed services and the \fBinetd.conf\fR(5) format configuration file being checked for change, as in the \fBstart\fR method. When a service is refreshed, its behavior depends on its current state: .RS +4 .TP .ie t \(bu .el o if it is in the \fBmaintenance\fR or \fBdisabled\fR states, no action is performed because the configuration will be read and consumed when the service leaves the state; .RE .RS +4 .TP .ie t \(bu .el o if it is in the \fBoffline\fR state, the configuration will be read and any changes consumed immediately; .RE .RS +4 .TP .ie t \(bu .el o if it is in the \fBonline\fR or \fBdegraded\fR state and the configuration has changed such that a re-binding is necessary to conform to it, then the service will be transitioned to the \fBoffline\fR state and back again, using the new configuration for the bind; .RE .RS +4 .TP .ie t \(bu .el o if it is in the \fBonline\fR state and a re-binding is not necessary, then the \fBinetd_refresh\fR method of the service, if provided, will be run to allow \fBonline\fR \fBwait\fR-type services to consume any other changes. .RE .RE .SH OPTIONS .LP No options are supported. .SH OPERANDS .ne 2 .na \fB\fIconfiguration-file\fR\fR .ad .sp .6 .RS 4n Specifies an alternate location for the legacy service file (\fBinetd.conf\fR(5)). .RE .sp .ne 2 .na \fB\fBstart\fR|\fBstop\fR|\fBrefresh\fR\fR .ad .sp .6 .RS 4n Specifies which of \fBinetd\fR's methods should be run. .RE .SH EXAMPLES .LP \fBExample 1 \fRConfiguring a Service that Supports Both IPv4 and IPv6 .sp .LP The following commands illustrate the existence of services that support both IPv4 and IPv6 and assign \fBproto\fR properties to those services. .sp .in +2 .nf example# \fBsvcs -a | grep mysvc\fR online 15:48:29 svc:/network/mysvc:dgram4 online 15:48:29 svc:/network/mysvc:dgram6 online 15:51:47 svc:/network/mysvc:stream4 online 15:52:10 svc:/network/mysvc:stream6 # \fBinetadm -M network/rpc/mysvc:dgram4 proto=udp\fR # \fBinetadm -M network/rpc/mysvc:dgram6 proto=udp6only\fR # \fBinetadm -M network/rpc/mysvc:stream4 proto=tcp\fR # \fBinetadm -M network/rpc/mysvc:stream6 proto=tcp6only\fR .fi .in -2 .sp .sp .LP See \fBsvcs\fR(1) and \fBinetadm\fR(8) for descriptions of those commands. .SH ATTRIBUTES .LP See \fBattributes\fR(7) for descriptions of the following attributes: .sp .sp .TS box; c | c l | l . ATTRIBUTE TYPE ATTRIBUTE VALUE _ Interface Stability Evolving .TE .SH SEE ALSO .LP .BR svcs (1), .BR syslog (3C), .BR getnetconfigent (3NSL), .BR getrpcbyname (3NSL), .BR getservbyname (3SOCKET), .BR inetd.conf (5), .BR process (5), .BR syslog.conf (5), .BR attributes (7), .BR smf (7), .BR smf_method (7), .BR fmd (8), .BR inetadm (8), .BR inetconv (8), .BR svc.startd (8), .BR svcadm (8), .BR svccfg (8) .SH NOTES .LP The \fBinetd\fR daemon performs the same function as, but is implemented significantly differently from, the daemon of the same name in Solaris 9 and prior Solaris operating system releases. In the current Solaris release, \fBinetd\fR is part of the Service Management Facility (see \fBsmf\fR(7)) and will run only within that facility. .sp .LP The \fB/etc/default/inetd\fR file has been deprecated. The functionality represented by the properties \fBENABLE_CONNECTION_LOGGING\fR and \fBENABLE_TCP_WRAPPERS\fR are now available as the \fBtcp_trace\fR and \fBtcp_wrappers\fR properties, respectively. These properties are described above, under "Service Properties".