1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" from: @(#)inetd.8 8.3 (Berkeley) 4/13/94 33.\" $FreeBSD$ 34.\" 35.Dd February 7, 1996 36.Dt INETD 8 37.Os BSD 4.4 38.Sh NAME 39.Nm inetd 40.Nd internet 41.Dq super-server 42.Sh SYNOPSIS 43.Nm 44.Op Fl d 45.Op Fl l 46.Op Fl w 47.Op Fl W 48.Op Fl c Ar maximum 49.Op Fl C Ar rate 50.Op Fl a Ar address | hostname 51.Op Fl p Ar filename 52.Op Fl R Ar rate 53.Op Ar configuration file 54.Sh DESCRIPTION 55The 56.Nm 57program 58should be run at boot time by 59.Pa /etc/rc 60(see 61.Xr rc 8 ) . 62It then listens for connections on certain 63internet sockets. When a connection is found on one 64of its sockets, it decides what service the socket 65corresponds to, and invokes a program to service the request. 66The server program is invoked with the service socket 67as its standard input, output and error descriptors. 68After the program is 69finished, 70.Nm 71continues to listen on the socket (except in some cases which 72will be described below). Essentially, 73.Nm 74allows running one daemon to invoke several others, 75reducing load on the system. 76.Pp 77The following options are available: 78.Bl -tag -width indent 79.It Fl d 80Turn on debugging. 81.It Fl l 82Turn on logging of successful connections. 83.It Fl w 84Turn on TCP Wrapping for external services. 85See the 86.Sx "IMPLEMENTATION NOTES" 87section for more information on TCP Wrappers support. 88.It Fl W 89Turn on TCP Wrapping for internal services which are built in to 90.Nm . 91.It Fl c Ar maximum 92Specify the default maximum number of 93simultaneous invocations of each service; 94the default is unlimited. 95May be overridden on a per-service basis with the "max-child" 96parameter. 97.It Fl C Ar rate 98Specify the default maximum number of times a service can be invoked 99from a single IP address in one minute; the default is unlimited. 100May be overridden on a per-service basis with the 101"max-connections-per-ip-per-minute" parameter. 102.It Fl R Ar rate 103Specify the maximum number of times a service can be invoked 104in one minute; the default is 256. 105A rate of 0 allows an unlimited number of invocations. 106.It Fl a 107Specify one specific IP address to bind to. 108Alternatively, a hostname can be specified, 109in which case the IPv4 or IPv6 address 110which corresponds to that hostname is used. 111Usually a hostname is specified when 112.Nm 113is run inside a 114.Xr jail 8 , 115in which case the hostname corresponds to the 116.Xr jail 8 117environment. 118.Pp 119When hostname specification is used 120and both IPv4 and IPv6 bindings are desired, 121one entry with the appropriate 122.Em protocol 123type for each binding 124is required for each service in 125.Pa /etc/inetd.conf . 126For example, 127a TCP-based service would need two entries, 128one using 129.Dq tcp4 130for the 131.Em protocol 132and the other using 133.Dq tcp6 . 134See the explanation of the 135.Pa /etc/inetd.conf 136.Em protocol 137field below. 138.It Fl p 139Specify an alternate file in which to store the process ID. 140.El 141.Pp 142Upon execution, 143.Nm 144reads its configuration information from a configuration 145file which, by default, is 146.Pa /etc/inetd.conf . 147There must be an entry for each field of the configuration 148file, with entries for each field separated by a tab or 149a space. Comments are denoted by a 150.Dq # 151at the beginning 152of a line. There must be an entry for each field. The 153fields of the configuration file are as follows: 154.Pp 155.Bd -unfilled -offset indent -compact 156service name 157socket type 158protocol 159{wait|nowait}[/max-child[/max-connections-per-ip-per-minute]] 160user[:group][/login-class] 161server program 162server program arguments 163.Ed 164.Pp 165To specify an 166.Tn "ONC RPC" Ns -based 167service, the entry would contain these fields: 168.Pp 169.Bd -unfilled -offset indent -compact 170service name/version 171socket type 172rpc/protocol 173user[:group][/login-class] 174server program 175server program arguments 176.Ed 177.Pp 178There are two types of services that 179.Nm 180can start: standard and TCPMUX. 181A standard service has a well-known port assigned to it; 182it may be a service that implements an official Internet standard or is a 183BSD-specific service. 184As described in 185.Tn RFC 1078 , 186TCPMUX services are nonstandard services that do not have a 187well-known port assigned to them. 188They are invoked from 189.Nm 190when a program connects to the 191.Dq tcpmux 192well-known port and specifies 193the service name. 194This feature is useful for adding locally-developed servers. 195TCPMUX requests are only accepted when the multiplexor service itself 196is enabled, above and beyond and specific TCPMUX-based servers; see the 197discussion of internal services below. 198.Pp 199The 200.Em service-name 201entry is the name of a valid service in 202the file 203.Pa /etc/services . 204For 205.Dq internal 206services (discussed below), the service 207name 208should 209be the official name of the service (that is, the first entry in 210.Pa /etc/services ) . 211When used to specify an 212.Tn "ONC RPC" Ns -based 213service, this field is a valid RPC service name in 214the file 215.Pa /etc/rpc . 216The part on the right of the 217.Dq / 218is the RPC version number. 219This 220can simply be a single numeric argument or a range of versions. 221A range is bounded by the low version to the high version - 222.Dq rusers/1-3 . 223For TCPMUX services, the value of the 224.Em service-name 225field consists of the string 226.Dq tcpmux 227followed by a slash and the 228locally-chosen service name. 229The service names listed in 230.Pa /etc/services 231and the name 232.Dq help 233are reserved. 234Try to choose unique names for your TCPMUX services by prefixing them with 235your organization's name and suffixing them with a version number. 236.Pp 237The 238.Em socket-type 239should be one of 240.Dq stream , 241.Dq dgram , 242.Dq raw , 243.Dq rdm , 244or 245.Dq seqpacket , 246depending on whether the socket is a stream, datagram, raw, 247reliably delivered message, or sequenced packet socket. 248TCPMUX services must use 249.Dq stream . 250.Pp 251The 252.Em protocol 253must be a valid protocol. 254Examples are 255.Dq tcp 256or 257.Dq udp , 258both of which imply IPv4 for backward compatibility. 259The names 260.Dq tcp4 261and 262.Dq udp4 263specify IPv4 only. 264The names 265.Dq tcp6 266and 267.Dq udp6 268specify IPv6 only. 269The names 270.Dq tcp46 271and 272.Dq udp46 273specify that the entry accepts both IPv6 and IPv6 connections 274via a wildcard 275.Dv AF_INET6 276socket. 277If it is desired that the service is reachable via T/TCP, one should 278specify 279.Dq tcp/ttcp , 280which implies IPv4 for backward compatibility. 281The name 282.Dq tcp4/ttcp 283specifies IPv4 only, while 284.Dq tcp6/ttcp 285specifies IPv6 only. 286The name 287.Dq tcp46/ttcp 288specify that the entry accepts both IPv6 and IPv6 connections 289via a wildcard 290.Dv AF_INET6 291socket. 292Rpc based services 293(for which only IPv4 is supported at this time) 294are specified with the 295.Dq rpc/tcp 296or 297.Dq rpc/udp 298service type. 299TCPMUX services must use 300.Dq tcp , 301.Dq tcp4 , 302.Dq tcp6 303or 304.Dq tcp46 . 305.Pp 306The 307.Em wait/nowait 308entry specifies whether the server that is invoked by 309.Nm 310will take over 311the socket associated with the service access point, and thus whether 312.Nm 313should wait for the server to exit before listening for new service 314requests. 315Datagram servers must use 316.Dq wait , 317as they are always invoked with the original datagram socket bound 318to the specified service address. 319These servers must read at least one datagram from the socket 320before exiting. 321If a datagram server connects 322to its peer, freeing the socket so 323.Nm 324can receive further messages on the socket, it is said to be 325a 326.Dq multi-threaded 327server; 328it should read one datagram from the socket and create a new socket 329connected to the peer. 330It should fork, and the parent should then exit 331to allow 332.Nm 333to check for new service requests to spawn new servers. 334Datagram servers which process all incoming datagrams 335on a socket and eventually time out are said to be 336.Dq single-threaded . 337.Xr Comsat 8 , 338.Pq Xr biff 1 339and 340.Xr talkd 8 341are both examples of the latter type of 342datagram server. 343.Xr Tftpd 8 344is an example of a multi-threaded datagram server. 345.Pp 346Servers using stream sockets generally are multi-threaded and 347use the 348.Dq nowait 349entry. 350Connection requests for these services are accepted by 351.Nm , 352and the server is given only the newly-accepted socket connected 353to a client of the service. 354Most stream-based services operate in this manner. 355Stream-based servers that use 356.Dq wait 357are started with the listening service socket, and must accept 358at least one connection request before exiting. 359Such a server would normally accept and process incoming connection 360requests until a timeout. 361TCPMUX services must use 362.Dq nowait . 363.Pp 364The maximum number of outstanding child processes (or 365.Dq threads ) 366for a 367.Dq nowait 368service may be explicitly specified by appending a 369.Dq / 370followed by the number to the 371.Dq nowait 372keyword. 373Normally 374(or if a value of zero is specified) there is no maximum. 375Otherwise, 376once the maximum is reached, further connection attempts will be 377queued up until an existing child process exits. 378This also works 379in the case of 380.Dq wait 381mode, although a value other than one (the 382default) might not make sense in some cases. 383You can also specify the maximum number of connections per minute 384for a given IP address by appending 385a 386.Dq / 387followed by the number to the maximum number of 388outstanding child processes. 389Once the maximum is reached, further 390connections from this IP address will be dropped until the end of the 391minute. 392.Pp 393The 394.Em user 395entry should contain the user name of the user as whom the server 396should run. This allows for servers to be given less permission 397than root. 398Optional 399.Em group 400part separated by 401.Dq \&: 402allows to specify group name different 403than default group for this user. 404Optional 405.Em login-class 406part separated by 407.Dq / 408allows to specify login class different 409than default 410.Dq daemon 411login class. 412.Pp 413The 414.Em server-program 415entry should contain the pathname of the program which is to be 416executed by 417.Nm 418when a request is found on its socket. If 419.Nm 420provides this service internally, this entry should 421be 422.Dq internal . 423.Pp 424The 425.Em server program arguments 426should be just as arguments 427normally are, starting with argv[0], which is the name of 428the program. If the service is provided internally, the 429.Em service-name 430of the service (and any arguments to it) or the word 431.Dq internal 432should take the place of this entry. 433.Pp 434Currently, the only internal service to take arguments is 435.Dq auth . 436Without options, the service will always return 437.Dq ERROR\ : HIDDEN-USER . 438The available arguments to this service that alter its behavior are: 439.Bl -tag -width indent 440.It Fl d Ar fallback 441Provide a 442.Ar fallback 443username. 444If the real 445.Dq auth 446service is enabled 447(with the 448.Fl r 449option discussed below), 450return this username instead of an error 451when look ups fail 452for either socket credentials or the username. 453If the real 454.Dq auth 455service is disabled, 456return this username for every request. 457This is primarily useful when running this service on a NAT machine. 458.It Fl t Xo 459.Ar sec Ns Op . Ns Ar usec 460.Xc 461Specify a timeout for the service. 462The default timeout is 10.0 seconds. 463.It Fl r 464Offer a real 465.Dq auth 466service, as per RFC 1413. 467All the remaining flags apply only in this case. 468.It Fl f 469If the file 470.Pa .fakeid 471exists in the home directory of the identified user, report the username 472found in that file instead of the real username. 473If the the username found in 474.Pa .fakeid 475is that of an existing user, 476then the real username is reported. 477.It Fl F 478same as 479.Fl f 480but without the restriction that the username in 481.Pa .fakeid 482must not match an existing user. 483.It Fl g 484Instead of returning the user's name to the ident requester, report a 485username made up of random alphanumeric characters, e.g. 486.Dq c0c993 . 487The 488.Fl g 489flag overrides not only the user names, but also any 490.Pa .fakeid 491or 492.Pa .noident 493files. 494.It Fl n 495If the file 496.Pa .noident 497exists in the home directory of the identified user, return 498.Dq ERROR\ : HIDDEN-USER . 499instead. 500.It Fl o Ar osname 501Use 502.Ar osname 503instead of the name of the system as reported by 504.Xr uname 3 . 505.El 506.Pp 507The 508.Nm 509program 510also provides several other 511.Dq trivial 512services internally by use of 513routines within itself. These services are 514.Dq echo , 515.Dq discard , 516.Dq chargen 517(character generator), 518.Dq daytime 519(human readable time), and 520.Dq time 521(machine readable time, in the form of the number of seconds since 522midnight, January 1, 1900). All of these services are available in 523both TCP and UDP versions; the UDP versions will refuse service if the 524request specifies a reply port corresponding to any internal service. 525(This is done as a defense against looping attacks; the remote IP address 526is logged.) 527For details of these services, consult the 528appropriate 529.Tn RFC 530document. 531.Pp 532The TCPMUX-demultiplexing service is also implemented as an internal service. 533For any TCPMUX-based service to function, the following line must be included 534in 535.Pa inetd.conf : 536.Bd -literal -offset indent 537tcpmux stream tcp nowait root internal 538.Ed 539.Pp 540When given the 541.Fl l 542option 543.Nm 544will log an entry to syslog each time a connection is accepted, noting the 545service selected and the IP-number of the remote requester if available. 546Unless otherwise specified in the configuration file, 547and in the absence of the 548.Fl W 549and 550.Fl w 551options, 552.Nm 553will log to the 554.Dq daemon 555facility. 556.Pp 557The 558.Nm 559program 560rereads its configuration file when it receives a hangup signal, 561.Dv SIGHUP . 562Services may be added, deleted or modified when the configuration file 563is reread. 564Except when started in debugging mode, 565.Nm 566records its process ID in the file 567.Pa /var/run/inetd.pid 568to assist in reconfiguration. 569.Sh IMPLEMENTATION NOTES 570When given the 571.Fl w 572option, 573.Nm 574will wrap all services specified as 575.Dq stream nowait 576or 577.Dq dgram 578except for 579.Dq internal 580services. 581If the 582.Fl W 583option is given, such 584.Dq internal 585services will be wrapped. 586If both options are given, wrapping for both 587internal and external services will be enabled. 588Either wrapping option 589will cause failed connections to be logged to the 590.Dq auth 591syslog facility. 592Adding the 593.Fl l 594flag to the wrapping options will include successful connections in the 595logging to the 596.Dq auth 597facility. 598.Pp 599Note that 600.Nm 601only wraps requests for a 602.Dq wait 603service while no servers are available to service requests. 604Once a 605connection to such a service has been allowed, inetd has no control 606over subsequent connections to the service until no more servers 607are left listening for connection requests. 608.Pp 609When wrapping is enabled, the 610.Pa tcpd 611daemon is not required, as that functionality is builtin. 612For more information on TCP Wrappers; see the relevant documentation ( 613.Xr hosts_access 5 614). 615When reading that document, keep in mind that 616.Dq internal 617services have no associated daemon name. 618Therefore, the service name 619as specified in 620.Pa inetd.conf 621should be used as the daemon name for 622.Dq internal 623services. 624.Ss TCPMUX 625.Tn RFC 1078 626describes the TCPMUX protocol: 627``A TCP client connects to a foreign host on TCP port 1. It sends the 628service name followed by a carriage-return line-feed <CRLF>. The 629service name is never case sensitive. The server replies with a 630single character indicating positive (+) or negative (\-) 631acknowledgment, immediately followed by an optional message of 632explanation, terminated with a <CRLF>. If the reply was positive, 633the selected protocol begins; otherwise the connection is closed.'' 634The program is passed the TCP connection as file descriptors 0 and 1. 635.Pp 636If the TCPMUX service name begins with a 637.Dq + , 638.Nm 639returns the positive reply for the program. 640This allows you to invoke programs that use stdin/stdout 641without putting any special server code in them. 642.Pp 643The special service name 644.Dq help 645causes 646.Nm 647to list TCPMUX services in 648.Pa inetd.conf . 649.Ss IPsec 650The implementation includes a tiny hack 651to support IPsec policy settings for each socket. 652A special form of comment line, starting with 653.Dq Li #@ , 654is interpreted as a policy specifier. 655Everything after the 656.Dq Li #@ 657will be used as an IPsec policy string, 658as described in 659.Xr ipsec_set_policy 3 . 660Each 661policy specifier is applied to all the following lines in 662.Pa inetd.conf 663until the next policy specifier. 664An empty policy specifier resets the IPsec policy. 665.Pp 666If an invalid IPsec policy specifier appears in 667.Pa inetd.conf , 668.Nm 669will provide an error message via the 670.Xr syslog 3 671interface and abort execution. 672.Sh "FILES" 673.Bl -tag -width /var/run/inetd.pid -compact 674.It Pa /etc/inetd.conf 675configuration file 676.It Pa /etc/rpc 677translation of service names to RPC program numbers 678.It Pa /etc/services 679translation of service names to port numbers 680.It Pa /var/run/inetd.pid 681the pid of the currently running 682.Nm 683.El 684.Sh "EXAMPLES" 685.Pp 686Here are several example service entries for the various types of services: 687.Bd -literal 688ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 689ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 690telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd 691shell stream tcp46 nowait root /usr/libexec/rshd rshd 692tcpmux/+date stream tcp nowait guest /bin/date date 693tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 694rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd 695#@ ipsec ah/require 696chargen stream tcp nowait root internal 697#@ 698.Ed 699.Sh "ERROR MESSAGES" 700The 701.Nm 702server 703logs error messages using 704.Xr syslog 3 . 705Important error messages and their explanations are: 706.Pp 707.Bl -ohang -compact 708.It Xo 709.Ar service Ns / Ns Ar protocol 710.No "server failing (looping), service terminated." 711.Xc 712The number of requests for the specified service in the past minute 713exceeded the limit. 714The limit exists to prevent a broken program 715or a malicious user from swamping the system. 716This message may occur for several reasons: 717.Bl -enum -offset indent 718.It 719There are many hosts requesting the service within a short time period. 720.It 721A broken client program is requesting the service too frequently. 722.It 723A malicious user is running a program to invoke the service in 724a denial-of-service attack. 725.It 726The invoked service program has an error that causes clients 727to retry quickly. 728.El 729.Pp 730Use the 731.Fl R Ar rate 732option, 733as described above, to change the rate limit. 734Once the limit is reached, the service will be 735reenabled automatically in 10 minutes. 736.Pp 737.It Xo 738.Ar service Ns / Ns Ar protocol : 739.No \&No such user 740.Ar user , 741.No service ignored 742.Xc 743.It Xo 744.Ar service Ns / Ns Ar protocol : 745.No getpwnam : 746.Ar user : 747.No \&No such user 748.Xc 749No entry for 750.Ar user 751exists in the 752.Xr passwd 5 753database. 754The first message 755occurs when 756.Nm 757(re)reads the configuration file. 758The second message occurs when the 759service is invoked. 760.Pp 761.It Xo 762.Ar service : 763.No can't set uid 764.Ar uid 765.Xc 766.It Xo 767.Ar service : 768.No can't set gid 769.Ar gid 770.Xc 771The user or group ID for the entry's 772.Ar user 773field is invalid. 774.Pp 775.It "setsockopt(SO_PRIVSTATE): Operation not supported" 776The 777.Nm 778program attempted to renounce the privileged state associated with a 779socket but was unable to. 780.El 781.Sh SEE ALSO 782.Xr hosts_access 5 , 783.Xr hosts_options 5 , 784.Xr ipsec_set_policy 3 , 785.Xr login.conf 5 , 786.Xr passwd 5 , 787.Xr rpc 5 , 788.Xr services 5 , 789.Xr comsat 8 , 790.Xr fingerd 8 , 791.Xr ftpd 8 , 792.Xr portmap 8 , 793.Xr rexecd 8 , 794.Xr rlogind 8 , 795.Xr rshd 8 , 796.Xr telnetd 8 , 797.Xr tftpd 8 798.Rs 799.%A Michael C. St. Johns 800.%T Identification Protocol 801.%O RFC1413 802.Re 803.Sh HISTORY 804The 805.Nm 806command appeared in 807.Bx 4.3 . 808TCPMUX is based on code and documentation by Mark Lottor. 809Support for 810.Tn "ONC RPC" 811based services is modeled after that 812provided by 813.Tn SunOS 8144.1. 815The IPsec hack was contributed by the KAME project in 1999. 816The 817.Fx 818TCP Wrappers support first appeared in 819.Fx 3.2 . 820