Man Pages (1M): Maintenance and Administration Commands

inetd(1M)

NAME

inetd- Internet services daemon

SYNOPSIS

inetd

-d

-s

-t

-r

count

interval

configuration-file

DESCRIPTION

inetd is the server process for the Internet standard services. It is usually started up at system boot time. The configuration-file lists the services that inetd is to provide. If no configuration-file is given on the command line, inetd reads its configuration information from the file /etc/inetd.conf. See inetd.conf(4) for more information on the format of this file. inetd listens for service requests on the TCP or UDP ports associated with each of the service listed in the configuration file. When a request arrives, inetd executes the server program associated with the service.

A service can be configured to be ``single-threaded'', in which case inetd waits for the server process to exit before starting a second server process. RPC services can also be started by inetd.

inetd provides a number of simple Internet services internally. These include echo, discard, chargen (character generator), daytime (human-readable time), and time (machine-readable time, in the form of the number of seconds since midnight, January 1, 1900).

inetd rereads its configuration file once when it is started and again whenever it receives a hangup signal, SIGHUP. New services can be activated, and existing services deleted or modified by editing the configuration file, then sending inetd a SIGHUP signal.

OPTIONS

-d

Runs inetd in the foreground and enables debugging output.

-s

Allows you to run inetd ``standalone,'' outside the Service Access Facility (SAF). If the -s option is omitted, inetd will attempt to contact the service access controller (SAC) and will exit if SAC is not already running. See sac(1M).

-t

Instructs inetd to trace the incoming connections for all of its TCP services. It does this by logging the client's IP address and TCP port number, along with the name of the service, using the syslog(3) facility. UDP services can not be traced. When tracing is enabled, inetd uses the syslog facility code ``daemon'' and ``notice'' priority level.

-r

Allows inetd to detect and then suspend ``broken'' connectionless datagram services servers, for example, UDP, and RPC/CLTS. Without this detection, a buggy server that fails before consuming the service request will be continuously restarted and will tax system resources too much. The -r flag has the form:

-r count interval

count and interval are decimal numbers that represent the maximum count of invocations per interval of seconds a service may be started before the service is considered ``broken.''

Once considered ``broken,'' a server is suspended for ten minutes. After ten minutes, inetd again enables service, hoping the server operates correctly.

If the -r flag is not specified, inetd behaves as though -r40 60 was specified.

OPERANDS

configuration-file: Lists the services inetd is to provide.

EXIT STATUS

inetd does not return an Exit Status.

SUMMARY OF TRUSTED SOLARIS CHANGES

inetd starts servers at the correct sensitivity label based upon the sensitivity label of the client request.

A number of new configuration options are defined in inetd.conf(4). See that man page for more detail.

inetd registers RPC servers as multilevel servers with rpcbind.

If there is an entry for a server in the inetd profile and that entry specifies privileges, the server will inherit the specified privileges from inetd. To support this inheritance, inetd must have all privileges.

If there is an entry for a server in the inetd profile entry and that entry specifies minimum and maximum sensitivity labels, inetd will verify that the sensitivity label of the client is within the specified min/max range. If the label is not, the server will not be executed.

Note -

Information labels (ILs) are not supported in Trusted Solaris 7 and later releases. Trusted Solaris software interprets any ILs on communications and files from systems running earlier releases as ADMIN_LOW.

Objects still have CMW labels, and CMW labels still include the IL component: IL[SL]; however, the IL component is fixed at ADMIN_LOW.

As a result, Trusted Solaris 7 has the following characteristics:

ILs do not display in window labels; SLs (Sensitivity Labels) display alone within brackets.
ILs do not float.
Setting an IL on an object has no effect.
Getting an object's IL will always return ADMIN_LOW.
Although certain utilities, library functions, and system calls can manipulate IL strings, the resulting ILs are always ADMIN_LOW, and cannot be set on any objects.
Options related to information labels in the label_encodings(4) file can be ignored:
```
Markings Name= Marks; 
Float Process Information Label;
```

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu

Trusted Solaris 7 Reference Manual

in.ftpd(1M), in.rexecd(1M), in.rshd(1M), in.tftpd(1M), inetd.conf(4)

SunOS 5.7 Reference Manual

sac(1M), attributes(5)

Postel, Jon, ``Echo Protocol,'' RFC 862, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, ``Discard Protocol,'' RFC 863, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, ``Character Generator Protocol,'' RFC 864, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, ``Daytime Protocol,'' RFC 867, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, and Ken Harrenstien, ``Time Protocol,'' RFC 868, Network Information Center, SRI International, Menlo Park, CA, May 1983.

WARNINGS

Do not configure udp services as nowait. This will cause a race condition where the inetd program selects on the socket and the server program reads from the socket. Many server programs will be forked and performance will be severely compromised.

NOTES

For RPC services, inetd listens on all the transports (not only tcp and udp) as specified for each service in the inetd.conf(4) file.

Trusted Solaris 7 Last Revised 30 Sept 1999