man pages section 1M: System Administration Commands

inetd(1M)

NAME

inetd– Internet services daemon

SYNOPSIS

inetd

-d

-s

-t

-r

count

interval

configuration-file

DESCRIPTION

inetd is the server process for the Internet standard services. It is usually started up at system boot time. The configuration-file lists the services that inetd is to provide. If no configuration-file is given on the command line, inetd reads its configuration information from the file /etc/inetd.conf. See inetd.conf(4) for more information on the format of this file. inetd listens for service requests on the TCP or UDP ports associated with each of the service listed in the configuration file. When a request arrives, inetd executes the server program associated with the service.

A service can be configured to be "wait" wait-status, in which case, inetd waits for the server process to exit before starting a second server process. RPC services can also be started by inetd.

inetd provides a number of simple Internet services internally. These include echo, discard, chargen (character generator), daytime (human-readable time), and time (machine-readable time, in the form of the number of seconds since midnight, January 1, 1900).

inetd rereads its configuration-file once when it is started and again whenever it receives a hangup signal, SIGHUP. New services can be activated, and existing services deleted or modified by editing the configuration-file, then sending inetd a SIGHUP signal.

Then inetd reads the configuration-file and attempts to bind() to the service to start listening to it. That attempt may fail if another standalone server or "wait" wait-status server started by inetd is already listening for this service. inetd will defer implementing the newly read configuration for that service and will attempt periodically to start listening, after logging an error on console. The retry interval is currently 10 minutes.

OPTIONS

-d

Runs inetd in the foreground and enables debugging output.

-s

Allows you to run inetd ``standalone,'' outside the Service Access Facility (SAF). If the -s option is omitted, inetd will attempt to contact the service access controller (SAC) and will exit if SAC is not already running. See sac(1M).

-t

Instructs inetd to trace the incoming connections for all of its TCP services. It does this by logging the client's IP address and TCP port number, along with the name of the service, using the syslog(3C) facility. UDP services can not be traced. When tracing is enabled, inetd uses the syslog facility code ``daemon'' and ``notice'' priority level.

-r

Allows inetd to detect and then suspend ``broken'' connectionless datagram services servers, for example, UDP, and RPC/CLTS. Without this detection, a buggy server that fails before consuming the service request will be continuously restarted and will tax system resources too much. The -r flag has the form:

-r count interval

count and interval are decimal numbers that represent the maximum count of invocations per interval of seconds a service may be started before the service is considered ``broken.''

Once considered ``broken,'' a server is suspended for ten minutes. After ten minutes, inetd again enables service, hoping the server operates correctly.

If the -r flag is not specified, inetd behaves as though -r40 60 was specified.

OPERANDS

configuration-file: Lists the services inetd is to provide.

EXIT STATUS

inetd does not return an exit status.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Availability	SUNWcsu

SUMMARY OF TRUSTED SOLARIS CHANGES

inetd starts servers at the correct sensitivity label based upon the sensitivity label of the client request.

A number of new configuration options are defined in inetd.conf(4). See that man page for more detail.

inetd registers RPC servers as multilevel servers with rpcbind.

If there is an entry for a server in the inetd profile and that entry specifies privileges, the server will inherit the specified privileges from inetd. To support this inheritance, inetd must have all privileges.

If there is an entry for a server in the inetd profile entry and that entry specifies minimum and maximum sensitivity labels, inetd will verify that the sensitivity label of the client is within the specified min/max range. If the label is not within the range, the server will not be executed.

Trusted Solaris 8 HW 12/02 Reference Manual

in.ftpd(1M), in.rexecd(1M), in.rshd(1M), in.tftpd(1M), inetd.conf(4)

SunOS 5.8 Reference Manual

sac(1M), syslog(3C), attributes(5)

Postel, Jon, RFC 862: Echo Protocol, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, RFC 863: Discard Protocol, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, RFC 864: Character Generator Protocol, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon,RFC 867: Daytime Protocol, Network Information Center, SRI International, Menlo Park, CA, May 1983.

Postel, Jon, and Ken Harrenstien, RFC 868: Time Protocol, Network Information Center, SRI International, Menlo Park, CA, May 1983.

WARNINGS

Do not configure udp services as nowait. This will cause a race condition where the inetd program selects on the socket and the server program reads from the socket. Many server programs will be forked and performance will be severely compromised.

NOTES

For RPC services, inetd listens on all the transports (not only tcp and udp) as specified for each service in the inetd.conf(4) file.

Trusted Solaris 8 HW 12/02 Last Revised 20 Feb 2001