1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 33.\" $FreeBSD$ 34.\" 35.Dd February 7, 1996 36.Dt INETD 8 37.Os BSD 4.4 38.Sh NAME 39.Nm inetd 40.Nd internet 41.Dq super-server 42.Sh SYNOPSIS 43.Nm 44.Op Fl d 45.Op Fl l 46.Op Fl w 47.Op Fl W 48.Op Fl c Ar maximum 49.Op Fl C Ar rate 50.Op Fl a Ar address|hostname 51.Op Fl p Ar filename 52.Op Fl R Ar rate 53.Op Ar configuration file 54.Sh DESCRIPTION 55The 56.Nm 57program 58should be run at boot time by 59.Pa /etc/rc 60(see 61.Xr rc 8 ) . 62It then listens for connections on certain 63internet sockets. When a connection is found on one 64of its sockets, it decides what service the socket 65corresponds to, and invokes a program to service the request. 66The server program is invoked with the service socket 67as its standard input, output and error descriptors. 68After the program is 69finished, 70.Nm 71continues to listen on the socket (except in some cases which 72will be described below). Essentially, 73.Nm 74allows running one daemon to invoke several others, 75reducing load on the system. 76.Pp 77The following options are available: 78.Bl -tag -width indent 79.It Fl d 80Turn on debugging. 81.It Fl l 82Turn on logging of successful connections. 83.It Fl w 84Turn on TCP Wrapping for external services. 85See the 86.Sx "IMPLEMENTATION NOTES" 87section for more information on TCP Wrappers support. 88.It Fl W 89Turn on TCP Wrapping for internal services which are built in to 90.Nm . 91.It Fl c Ar maximum 92Specify the default maximum number of 93simultaneous invocations of each service; 94the default is unlimited. 95May be overridden on a per-service basis with the "max-child" 96parameter. 97.It Fl C Ar rate 98Specify the default maximum number of times a service can be invoked 99from a single IP address in one minute; the default is unlimited. 100May be overridden on a per-service basis with the 101"max-connections-per-ip-per-minute" parameter. 102.It Fl R Ar rate 103Specify the maximum number of times a service can be invoked 104in one minute; the default is 256. 105A rate of 0 allows an unlimited number of invocations. 106.It Fl a 107Specify one specific IP address to bind to. 108Alternatively, a hostname can be specified, 109in which case the IPv4 or IPv6 address 110which corresponds to that hostname is used. 111Usually a hostname is specified when 112.Nm 113is run inside a 114.Xr jail 8 , 115in which case the hostname corresponds to the 116.Xr jail 8 117environment. 118.Pp 119When hostname specification is used 120and both IPv4 and IPv6 bindings are desired, 121one entry with the appropriate 122.Em protocol 123type for each binding 124is required for each service in 125.Pa /etc/inetd.conf . 126For example, 127a TCP-based service would need two entries, 128one using 129.Dq tcp4 130for the 131.Em protocol 132and the other using 133.Dq tcp6 . 134See the explanation of the 135.Pa /etc/inetd.conf 136.Em protocol 137field below. 138.It Fl p 139Specify an alternate file in which to store the process ID. 140.El 141.Pp 142Upon execution, 143.Nm 144reads its configuration information from a configuration 145file which, by default, is 146.Pa /etc/inetd.conf . 147There must be an entry for each field of the configuration 148file, with entries for each field separated by a tab or 149a space. Comments are denoted by a 150.Dq # 151at the beginning 152of a line. There must be an entry for each field. The 153fields of the configuration file are as follows: 154.Pp 155.Bd -unfilled -offset indent -compact 156service name 157socket type 158protocol 159{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] 160user[:group][/login-class] 161server program 162server program arguments 163.Ed 164.Pp 165To specify an 166.No Tn "ONC RPC" Ns -based 167service, the entry would contain these fields: 168.Pp 169.Bd -unfilled -offset indent -compact 170service name/version 171socket type 172rpc/protocol 173user[:group][/login-class] 174server program 175server program arguments 176.Ed 177.Pp 178There are two types of services that 179.Nm 180can start: standard and TCPMUX. 181A standard service has a well-known port assigned to it; 182it may be a service that implements an official Internet standard or is a 183BSD-specific service. 184As described in 185.Tn RFC 1078 , 186TCPMUX services are nonstandard services that do not have a 187well-known port assigned to them. 188They are invoked from 189.Nm 190when a program connects to the 191.Dq tcpmux 192well-known port and specifies 193the service name. 194This feature is useful for adding locally-developed servers. 195TCPMUX requests are only accepted when the multiplexor service itself 196is enabled, above and beyond and specific TCPMUX-based servers; see the 197discussion of internal services below. 198.Pp 199The 200.Em service-name 201entry is the name of a valid service in 202the file 203.Pa /etc/services . 204For 205.Dq internal 206services (discussed below), the service 207name 208should 209be the official name of the service (that is, the first entry in 210.Pa /etc/services ) . 211When used to specify an 212.No Tn "ONC RPC" Ns -based 213service, this field is a valid RPC service name in 214the file 215.Pa /etc/rpc . 216The part on the right of the 217.Dq / 218is the RPC version number. 219This 220can simply be a single numeric argument or a range of versions. 221A range is bounded by the low version to the high version - 222.Dq rusers/1-3 . 223For TCPMUX services, the value of the 224.Em service-name 225field consists of the string 226.Dq tcpmux 227followed by a slash and the 228locally-chosen service name. 229The service names listed in 230.Pa /etc/services 231and the name 232.Dq help 233are reserved. 234Try to choose unique names for your TCPMUX services by prefixing them with 235your organization's name and suffixing them with a version number. 236.Pp 237The 238.Em socket-type 239should be one of 240.Dq stream , 241.Dq dgram , 242.Dq raw , 243.Dq rdm , 244or 245.Dq seqpacket , 246depending on whether the socket is a stream, datagram, raw, 247reliably delivered message, or sequenced packet socket. 248TCPMUX services must use 249.Dq stream . 250.Pp 251The 252.Em protocol 253must be a valid protocol as given in 254.Pa /etc/protocols . 255Examples might be 256.Dq tcp 257or 258.Dq udp , 259both of which imply IPv4 for backward compatibility. 260The names 261.Dq tcp4 262and 263.Dq udp4 264specify IPv4 only. 265The names 266.Dq tcp6 267and 268.Dq udp6 269specify IPv6 only. 270The names 271.Dq tcp46 272and 273.Dq udp46 274specify that the entry accepts both IPv6 and IPv6 connections 275via a wildcard 276.Dv AF_INET6 277socket. 278If it is desired that the service is reachable via T/TCP, one should 279specify 280.Dq tcp/ttcp , 281which implies IPv4 for backward compatibility. 282The name 283.Dq tcp4/ttcp 284specifies IPv4 only, while 285.Dq tcp6/ttcp 286specifies IPv6 only. 287The name 288.Dq tcp46/ttcp 289specify that the entry accepts both IPv6 and IPv6 connections 290via a wildcard 291.Dv AF_INET6 292socket. 293Rpc based services 294(for which only IPv4 is supported at this time) 295are specified with the 296.Dq rpc/tcp 297or 298.Dq rpc/udp 299service type. 300TCPMUX services must use 301.Dq tcp , 302.Dq tcp4 , 303.Dq tcp6 304or 305.Dq tcp46 . 306.Pp 307The 308.Em wait/nowait 309entry specifies whether the server that is invoked by 310.Nm 311will take over 312the socket associated with the service access point, and thus whether 313.Nm 314should wait for the server to exit before listening for new service 315requests. 316Datagram servers must use 317.Dq wait , 318as they are always invoked with the original datagram socket bound 319to the specified service address. 320These servers must read at least one datagram from the socket 321before exiting. 322If a datagram server connects 323to its peer, freeing the socket so 324.Nm 325can receive further messages on the socket, it is said to be 326a 327.Dq multi-threaded 328server; 329it should read one datagram from the socket and create a new socket 330connected to the peer. 331It should fork, and the parent should then exit 332to allow 333.Nm 334to check for new service requests to spawn new servers. 335Datagram servers which process all incoming datagrams 336on a socket and eventually time out are said to be 337.Dq single-threaded . 338.Xr Comsat 8 , 339.Pq Xr biff 1 340and 341.Xr talkd 8 342are both examples of the latter type of 343datagram server. 344.Xr Tftpd 8 345is an example of a multi-threaded datagram server. 346.Pp 347Servers using stream sockets generally are multi-threaded and 348use the 349.Dq nowait 350entry. 351Connection requests for these services are accepted by 352.Nm , 353and the server is given only the newly-accepted socket connected 354to a client of the service. 355Most stream-based services operate in this manner. 356Stream-based servers that use 357.Dq wait 358are started with the listening service socket, and must accept 359at least one connection request before exiting. 360Such a server would normally accept and process incoming connection 361requests until a timeout. 362TCPMUX services must use 363.Dq nowait . 364.Pp 365The maximum number of outstanding child processes (or 366.Dq threads ) 367for a 368.Dq nowait 369service may be explicitly specified by appending a 370.Dq / 371followed by the number to the 372.Dq nowait 373keyword. 374Normally 375(or if a value of zero is specified) there is no maximum. 376Otherwise, 377once the maximum is reached, further connection attempts will be 378queued up until an existing child process exits. 379This also works 380in the case of 381.Dq wait 382mode, although a value other than one (the 383default) might not make sense in some cases. 384You can also specify the maximum number of connections per minute 385for a given IP address by appending 386a 387.Dq / 388followed by the number to the maximum number of 389outstanding child processes. 390Once the maximum is reached, further 391connections from this IP address will be dropped until the end of the 392minute. 393.Pp 394The 395.Em user 396entry should contain the user name of the user as whom the server 397should run. This allows for servers to be given less permission 398than root. 399Optional 400.Em group 401part separated by 402.Dq \&: 403allows to specify group name different 404than default group for this user. 405Optional 406.Em login-class 407part separated by 408.Dq / 409allows to specify login class different 410than default 411.Dq daemon 412login class. 413.Pp 414The 415.Em server-program 416entry should contain the pathname of the program which is to be 417executed by 418.Nm 419when a request is found on its socket. If 420.Nm 421provides this service internally, this entry should 422be 423.Dq internal . 424.Pp 425The 426.Em server program arguments 427should be just as arguments 428normally are, starting with argv[0], which is the name of 429the program. If the service is provided internally, the 430.Em service-name 431of the service (and any arguments to it) or the word 432.Dq internal 433should take the place of this entry. 434.Pp 435Currently, the only internal service to take arguments is 436.Dq auth . 437Without options, the service will always return 438.Dq ERROR\ : HIDDEN-USER . 439The available arguments to this service that alter its behavior are: 440.Bl -tag -width indent 441.It Fl d Ar fallback 442Provide a 443.Ar fallback 444username. 445If the real 446.Dq auth 447service is enabled 448(with the 449.Fl r 450option discussed below), 451return this username instead of an error 452when look ups fail 453for either socket credentials or the username. 454If the real 455.Dq auth 456service is disabled, 457return this username for every request. 458This is primarily useful when running this service on a NAT machine. 459.It Fl t Ar sec[.usec] 460Specify a timeout for the service. 461The default timeout is 10.0 seconds. 462.It Fl r 463Offer a real 464.Dq auth 465service, as per RFC 1413. 466All the remaining flags apply only in this case. 467.It Fl f 468If the file 469.Pa .fakeid 470exists in the home directory of the identified user, report the username 471found in that file instead of the real username. 472.It Fl g 473Instead of returning the user's name to the ident requester, report a 474username made up of random alphanumeric characters, e.g. 475.Dq c0c993 . 476The 477.Fl g 478flag overrides not only the user names, but also any 479.Pa .fakeid 480or 481.Pa .noident 482files. 483.It Fl n 484If the file 485.Pa .noident 486exists in the home directory of the identified user, return 487.Dq ERROR\ : HIDDEN-USER . 488instead. 489.It Fl o Ar osname 490Use 491.Ar osname 492instead of the name of the system as reported by 493.Xr uname 3 . 494.El 495.Pp 496The 497.Nm 498program 499also provides several other 500.Dq trivial 501services internally by use of 502routines within itself. These services are 503.Dq echo , 504.Dq discard , 505.Dq chargen 506(character generator), 507.Dq daytime 508(human readable time), and 509.Dq time 510(machine readable time, in the form of the number of seconds since 511midnight, January 1, 1900). All of these services are available in 512both TCP and UDP versions; the UDP versions will refuse service if the 513request specifies a reply port corresponding to any internal service. 514(This is done as a defense against looping attacks; the remote IP address 515is logged.) 516For details of these services, consult the 517appropriate 518.Tn RFC 519document. 520.Pp 521The TCPMUX-demultiplexing service is also implemented as an internal service. 522For any TCPMUX-based service to function, the following line must be included 523in 524.Pa inetd.conf : 525.Bd -literal -offset indent 526tcpmux stream tcp nowait root internal 527.Ed 528.Pp 529When given the 530.Fl l 531option 532.Nm 533will log an entry to syslog each time a connection is accepted, noting the 534service selected and the IP-number of the remote requestor if available. 535Unless otherwise specified in the configuration file, 536and in the absence of the 537.Fl W 538and 539.Fl w 540options, 541.Nm 542will log to the 543.Dq daemon 544facility. 545.Pp 546The 547.Nm 548program 549rereads its configuration file when it receives a hangup signal, 550.Dv SIGHUP . 551Services may be added, deleted or modified when the configuration file 552is reread. 553Except when started in debugging mode, 554.Nm 555records its process ID in the file 556.Pa /var/run/inetd.pid 557to assist in reconfiguration. 558.Sh IMPLEMENTATION NOTES 559When given the 560.Fl w 561option, 562.Nm 563will wrap all services specified as 564.Dq stream nowait 565or 566.Dq dgram 567except for 568.Dq internal 569services. 570If the 571.Fl W 572option is given, such 573.Dq internal 574services will be wrapped. 575If both options are given, wrapping for both 576internal and external services will be enabled. 577Either wrapping option 578will cause failed connections to be logged to the 579.Dq auth 580syslog facility. 581Adding the 582.Fl l 583flag to the wrapping options will include successful connections in the 584logging to the 585.Dq auth 586facility. 587.Pp 588Note that 589.Nm 590only wraps requests for a 591.Dq wait 592service while no servers are available to service requests. 593Once a 594connection to such a service has been allowed, inetd has no control 595over subsequent connections to the service until no more servers 596are left listening for connection requests. 597.Pp 598When wrapping is enabled, the 599.Pa tcpd 600daemon is not required, as that functionality is builtin. 601For more information on TCP Wrappers; see the relevant documentation ( 602.Xr hosts_access 5 603). 604When reading that document, keep in mind that 605.Dq internal 606services have no associated daemon name. 607Therefore, the service name 608as specified in 609.Pa inetd.conf 610should be used as the daemon name for 611.Dq internal 612services. 613.Ss TCPMUX 614.Tn RFC 1078 615describes the TCPMUX protocol: 616``A TCP client connects to a foreign host on TCP port 1. It sends the 617service name followed by a carriage-return line-feed <CRLF>. The 618service name is never case sensitive. The server replies with a 619single character indicating positive (+) or negative (\-) 620acknowledgment, immediately followed by an optional message of 621explanation, terminated with a <CRLF>. If the reply was positive, 622the selected protocol begins; otherwise the connection is closed.'' 623The program is passed the TCP connection as file descriptors 0 and 1. 624.Pp 625If the TCPMUX service name begins with a 626.Dq + , 627.Nm 628returns the positive reply for the program. 629This allows you to invoke programs that use stdin/stdout 630without putting any special server code in them. 631.Pp 632The special service name 633.Dq help 634causes 635.Nm 636to list TCPMUX services in 637.Pa inetd.conf . 638.Ss IPsec 639The implementation includes a tiny hack 640to support IPsec policy settings for each socket. 641A special form of comment line, starting with 642.Dq Li #@ , 643is interpreted as a policy specifier. 644Everything after the 645.Dq Li #@ 646will be used as an IPsec policy string, 647as described in 648.Xr ipsec_set_policy 3 . 649Each 650policy specifier is applied to all the following lines in 651.Pa inetd.conf 652until the next policy specifier. 653An empty policy specifier resets the IPsec policy. 654.Pp 655If an invalid IPsec policy specifier appears in 656.Pa inetd.conf , 657.Nm 658will provide an error message via the 659.Xr syslog 3 660interface and abort execution. 661.Sh "FILES" 662.Bl -tag -width /var/run/inetd.pid -compact 663.It Pa /etc/inetd.conf 664configuration file 665.It Pa /etc/rpc 666translation of service names to RPC program numbers 667.It Pa /etc/services 668translation of service names to port numbers 669.It Pa /var/run/inetd.pid 670the pid of the currently running 671.Nm 672.El 673.Sh "EXAMPLES" 674.Pp 675Here are several example service entries for the various types of services: 676.Bd -literal 677ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 678ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 679telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 680shell stream tcp46 nowait root /usr/libexec/rshd rshd 681tcpmux/+date stream tcp nowait guest /bin/date date 682tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 683rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 684#@ ipsec ah/require 685chargen stream tcp nowait root internal 686#@ 687.Ed 688.Sh "ERROR MESSAGES" 689The 690.Nm 691server 692logs error messages using 693.Xr syslog 3 . 694Important error messages and their explanations are: 695.Pp 696.Bl -ohang -compact 697.It Xo 698.Ar service Ns / Ns Ar protocol 699.No " server failing (looping), service terminated." 700.Xc 701The number of requests for the specified service in the past minute 702exceeded the limit. 703The limit exists to prevent a broken program 704or a malicious user from swamping the system. 705This message may occur for several reasons: 706.Bl -enum -offset indent 707.It 708There are many hosts requesting the service within a short time period. 709.It 710A broken client program is requesting the service too frequently. 711.It 712A malicious user is running a program to invoke the service in 713a denial-of-service attack. 714.It 715The invoked service program has an error that causes clients 716to retry quickly. 717.El 718.Pp 719Use the 720.Fl R Ar rate 721option, 722as described above, to change the rate limit. 723Once the limit is reached, the service will be 724reenabled automatically in 10 minutes. 725.Pp 726.It Xo 727.Ar service Ns / Ns Ar protocol : 728.No \&No such user 729.Ar user , 730.No service ignored 731.Xc 732.It Xo 733.Ar service Ns / Ns Ar protocol : 734.No getpwnam : 735.Ar user : 736.No \&No such user 737.Xc 738No entry for 739.Ar user 740exists in the 741.Xr passwd 5 742database. 743The first message 744occurs when 745.Nm 746(re)reads the configuration file. 747The second message occurs when the 748service is invoked. 749.Pp 750.It Xo 751.Ar service : 752.No can't set uid 753.Ar uid 754.Xc 755.It Xo 756.Ar service : 757.No can't set gid 758.Ar gid 759.Xc 760The user or group ID for the entry's 761.Ar user 762field is invalid. 763.Pp 764.It "setsockopt(SO_PRIVSTATE): Operation not supported" 765The 766.Nm 767program attempted to renounce the privileged state associated with a 768socket but was unable to. 769.El 770.Sh SEE ALSO 771.Xr hosts_access 5 , 772.Xr hosts_options 5 , 773.Xr ipsec_set_policy 3 , 774.Xr login.conf 5 , 775.Xr passwd 5 , 776.Xr rpc 5 , 777.Xr services 5 , 778.Xr comsat 8 , 779.Xr fingerd 8 , 780.Xr ftpd 8 , 781.Xr portmap 8 , 782.Xr rexecd 8 , 783.Xr rlogind 8 , 784.Xr rshd 8 , 785.Xr telnetd 8 , 786.Xr tftpd 8 787.Rs 788.%A Michael C. St. Johns 789.%T Identification Protocol 790.%O RFC1413 791.Re 792.Sh HISTORY 793The 794.Nm 795command appeared in 796.Bx 4.3 . 797TCPMUX is based on code and documentation by Mark Lottor. 798Support for 799.Tn "ONC RPC" 800based services is modeled after that 801provided by 802.Tn SunOS 8034.1. 804The IPsec hack was contributed by the KAME project in 1999. 805The 806.Fx 807TCP Wrappers support first appeared in 808.Fx 3.2 . 809