1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 33.\" $Id: inetd.8,v 1.3 1994/09/11 11:16:30 csgr Exp $ 34.\" 35.Dd April 13, 1994 36.Dt INETD 8 37.Os BSD 4.4 38.Sh NAME 39.Nm inetd 40.Nd internet 41.Dq super-server 42.Sh SYNOPSIS 43.Nm inetd 44.Op Fl d 45.Op Fl l 46.Op Fl R Ar rate 47.Op Ar configuration file 48.Sh DESCRIPTION 49The 50.Nm inetd 51program 52should be run at boot time by 53.Pa /etc/rc 54(see 55.Xr rc 8 ) . 56It then listens for connections on certain 57internet sockets. When a connection is found on one 58of its sockets, it decides what service the socket 59corresponds to, and invokes a program to service the request. 60The server program is invoked with the service socket 61as its standard input, output and error descriptors. 62After the program is 63finished, 64.Nm inetd 65continues to listen on the socket (except in some cases which 66will be described below). Essentially, 67.Nm inetd 68allows running one daemon to invoke several others, 69reducing load on the system. 70.Pp 71The options available for 72.Nm inetd: 73.Bl -tag -width Ds 74.It Fl d 75Turns on debugging. 76.It Fl l 77Turns on logging. 78.It Fl R Ar rate 79Specifies the maximum number of times a service can be invoked 80in one minute; the default is 1000. 81.El 82.Pp 83Upon execution, 84.Nm inetd 85reads its configuration information from a configuration 86file which, by default, is 87.Pa /etc/inetd.conf . 88There must be an entry for each field of the configuration 89file, with entries for each field separated by a tab or 90a space. Comments are denoted by a ``#'' at the beginning 91of a line. There must be an entry for each field. The 92fields of the configuration file are as follows: 93.Pp 94.Bd -unfilled -offset indent -compact 95service name 96socket type 97protocol 98wait/nowait 99user 100server program 101server program arguments 102.Ed 103.Pp 104To specify a 105.Em Sun-RPC 106based service, the entry would contain these fields: 107.Pp 108.Bd -unfilled -offset indent -compact 109service name/version 110socket type 111rpc/protocol 112user 113server program 114server program arguments 115.Ed 116.Pp 117There are two types of services that 118.Nm inetd 119can start: standard and TCPMUX. 120A standard service has a well-known port assigned to it; 121it may be a service that implements an official Internet standard or is a 122BSD-specific service. 123As described in 124.Tn RFC 1078 , 125TCPMUX services are nonstandard services that do not have a 126well-known port assigned to them. 127They are invoked from 128.Nm inetd 129when a program connects to the 130.Dq tcpmux 131well-known port and specifies 132the service name. 133This feature is useful for adding locally-developed servers. 134.Pp 135The 136.Em service-name 137entry is the name of a valid service in 138the file 139.Pa /etc/services . 140For 141.Dq internal 142services (discussed below), the service 143name 144.Em must 145be the official name of the service (that is, the first entry in 146.Pa /etc/services ) . 147When used to specify a 148.Em Sun-RPC 149based service, this field is a valid RPC service name in 150the file 151.Pa /etc/rpc . 152The part on the right of the 153.Dq / 154is the RPC version number. This 155can simply be a single numeric argument or a range of versions. 156A range is bounded by the low version to the high version - 157.Dq rusers/1-3 . 158For TCPMUX services, the value of the 159.Em service-name 160field consists of the string 161.Dq tcpmux 162followed by a slash and the 163locally-chosen service name. 164The service names listed in 165.Pa /etc/services 166and the name 167.Dq help 168are reserved. 169Try to choose unique names for your TCPMUX services by prefixing them with 170your organization's name and suffixing them with a version number. 171.Pp 172The 173.Em socket-type 174should be one of 175.Dq stream , 176.Dq dgram , 177.Dq raw , 178.Dq rdm , 179or 180.Dq seqpacket , 181depending on whether the socket is a stream, datagram, raw, 182reliably delivered message, or sequenced packet socket. 183TCPMUX services must use 184.Dq stream . 185.Pp 186The 187.Em protocol 188must be a valid protocol as given in 189.Pa /etc/protocols . 190Examples might be 191.Dq tcp 192or 193.Dq udp . 194Rpc based services are specified with the 195.Dq rpc/tcp 196or 197.Dq rpc/udp 198service type. 199TCPMUX services must use 200.Dq tcp . 201.Pp 202The 203.Em wait/nowait 204entry specifies whether the server that is invoked by inetd will take over 205the socket associated with the service access point, and thus whether 206.Nm inetd 207should wait for the server to exit before listening for new service 208requests. 209Datagram servers must use 210.Dq wait , 211as they are always invoked with the original datagram socket bound 212to the specified service address. 213These servers must read at least one datagram from the socket 214before exiting. 215If a datagram server connects 216to its peer, freeing the socket so 217.Nm inetd 218can received further messages on the socket, it is said to be 219a 220.Dq multi-threaded 221server; 222it should read one datagram from the socket and create a new socket 223connected to the peer. 224It should fork, and the parent should then exit 225to allow 226.Nm inetd 227to check for new service requests to spawn new servers. 228Datagram servers which process all incoming datagrams 229on a socket and eventually time out are said to be 230.Dq single-threaded . 231.Xr Comsat 8 , 232.Pq Xr biff 1 233and 234.Xr talkd 8 235are both examples of the latter type of 236datagram server. 237.Xr Tftpd 8 238is an example of a multi-threaded datagram server. 239.Pp 240Servers using stream sockets generally are multi-threaded and 241use the 242.Dq nowait 243entry. 244Connection requests for these services are accepted by 245.Nm inetd , 246and the server is given only the newly-accepted socket connected 247to a client of the service. 248Most stream-based services operate in this manner. 249Stream-based servers that use 250.Dq wait 251are started with the listening service socket, and must accept 252at least one connection request before exiting. 253Such a server would normally accept and process incoming connection 254requests until a timeout. 255TCPMUX services must use 256.Dq nowait . 257.Pp 258The 259.Em user 260entry should contain the user name of the user as whom the server 261should run. This allows for servers to be given less permission 262than root. 263.Pp 264The 265.Em server-program 266entry should contain the pathname of the program which is to be 267executed by 268.Nm inetd 269when a request is found on its socket. If 270.Nm inetd 271provides this service internally, this entry should 272be 273.Dq internal . 274.Pp 275The 276.Em server program arguments 277should be just as arguments 278normally are, starting with argv[0], which is the name of 279the program. If the service is provided internally, the 280word 281.Dq internal 282should take the place of this entry. 283.Pp 284The 285.Nm inetd 286program 287provides several 288.Dq trivial 289services internally by use of 290routines within itself. These services are 291.Dq echo , 292.Dq discard , 293.Dq chargen 294(character generator), 295.Dq daytime 296(human readable time), and 297.Dq time 298(machine readable time, in the form of the number of seconds since 299midnight, January 1, 1900). All of these services are available in 300both TCP and UDP versions; the UDP versions will refuse service if the 301request specifies a reply port corresponding to any internal service. 302(This is done as a defense against looping attacks; the remote IP address 303is logged.) 304For details of these services, consult the 305appropriate 306.Tn RFC 307document. 308.Pp 309When given the 310.Fl l 311option 312.Nm Inetd 313will log an entry to syslog each time an 314.Xr accept 2 315is made, which notes the 316service selected and the IP-number of the remote requestor. 317.Pp 318The 319.Nm inetd 320program 321rereads its configuration file when it receives a hangup signal, 322.Dv SIGHUP . 323Services may be added, deleted or modified when the configuration file 324is reread. 325.Sh TCPMUX 326.Pp 327.Tn RFC 1078 328describes the TCPMUX protocol: 329``A TCP client connects to a foreign host on TCP port 1. It sends the 330service name followed by a carriage-return line-feed <CRLF>. The 331service name is never case sensitive. The server replies with a 332single character indicating positive (+) or negative (\-) 333acknowledgment, immediately followed by an optional message of 334explanation, terminated with a <CRLF>. If the reply was positive, 335the selected protocol begins; otherwise the connection is closed.'' 336The program is passed the TCP connection as file descriptors 0 and 1. 337.Pp 338If the TCPMUX service name begins with a ``+'', 339.Nm inetd 340returns the positive reply for the program. 341This allows you to invoke programs that use stdin/stdout 342without putting any special server code in them. 343.Pp 344The special service name 345.Dq help 346causes 347.Nm inetd 348to list TCPMUX services in 349.Pa inetd.conf . 350.Sh "EXAMPLES" 351.Pp 352Here are several example service entries for the various types of services: 353.Bd -literal 354ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 355ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 356tcpmux/+date stream tcp nowait guest /bin/date date 357tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 358rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 359.Ed 360.Sh "ERROR MESSAGES" 361The 362.Nm inetd 363server 364logs error messages using 365.Xr syslog 3 . 366Important error messages and their explanations are: 367.Bd -literal 368\fIservice\fP/\fIprotocol\fP server failing (looping), service terminated. 369.Ed 370The number of requests for the specified service in the past minute 371exceeded the limit. The limit exists to prevent a broken program 372or a malicious user from swamping the system. 373This message may occur for several reasons: 3741) there are lots of hosts requesting the service within a short time period, 3752) a 'broken' client program is requesting the service too frequently, 3763) a malicious user is running a program to invoke the service in 377a 'denial of service' attack, or 3784) the invoked service program has an error that causes clients 379to retry quickly. 380Use the 381.Op Fl R 382option, 383as described above, to change the rate limit. 384Once the limit is reached, the service will be 385reenabled automatically in 10 minutes. 386.sp 387.Bd -literal 388\fIservice\fP/\fIprotocol\fP: No such user '\fIuser\fP', service ignored 389\fIservice\fP/\fIprotocol\fP: getpwnam: \fIuser\fP: No such user 390.Ed 391No entry for 392.Em user 393exists in the 394.Pa passwd 395file. The first message 396occurs when 397.Nm inetd 398(re)reads the configuration file. The second message occurs when the 399service is invoked. 400.sp 401.Bd -literal 402\fIservice\fP: can't set uid \fInumber\fP 403\fIservice\fP: can't set gid \fInumber\fP 404.Ed 405The user or group ID for the entry's 406.Em user 407is invalid. 408.Sh SEE ALSO 409.Xr comsat 8 , 410.Xr fingerd 8 , 411.Xr ftpd 8 , 412.Xr rexecd 8 , 413.Xr rlogind 8 , 414.Xr rshd 8 , 415.Xr telnetd 8 , 416.Xr tftpd 8 , 417.Xr portmap 8 , 418.Xr rpc 5 419.Sh HISTORY 420The 421.Nm 422command appeared in 423.Bx 4.3 . 424TCPMUX is based on code and documentation by Mark Lottor. 425Support for 426.Em Sun-RPC 427based services is modelled after that 428provided by 429.Em SunOS 4.1 . 430