inetd(1M) inetd(1M)
NAME [Toc] [Back]
inetd - Internet services daemon
SYNOPSIS [Toc] [Back]
/usr/sbin/inetd [-r count [interval] ] [-l|-s]
/usr/sbin/inetd [-c]
/usr/sbin/inetd [-k]
DESCRIPTION [Toc] [Back]
The inetd daemon is the Internet superserver, which invokes Internet
server processes as needed. It must be running before other hosts can
connect to the local host through ftp, rcp, remsh, rlogin, and telnet.
The inetd daemon also supports services based on the Remote Procedure
Call (RPC) protocol (NFS), such as rwalld and rusersd. If RPC servers
are started by inetd, the portmap server (see portmap(1M)) must be
started before inetd.
The inetd daemon is designed to invoke all the Internet servers as
needed, thus reducing load on the system. It is normally started at
system boot time. Only one inetd can run at any given time.
The inetd daemon starts servers for both stream and datagram type
services. For stream services, inetd listens for connection requests
on Internet stream sockets. When a connection is requested for one of
its sockets, inetd decides which service the socket will support,
forks a process, invokes an appropriate server for the connection, and
passes the connected socket to the server as stdin and stdout. Then
inetd returns to listening for connection requests.
For datagram services, inetd waits for activity on Internet datagram
sockets. When an incoming datagram is detected, inetd forks a
process, invokes an appropriate server, and passes the socket to the
server as stdin and stdout. Then inetd waits, ignoring activity on
that datagram socket, until the server exits.
The inetd daemon is normally started by the /sbin/init.d/inetd script,
which is invoked during the boot-time initialization. Otherwise,
inetd can be started only by the superuser.
The Internet daemon and the servers it starts inherit the LANG and TZ
environment variables and the umask of the process that started inetd.
If inetd is started by the superuser, it inherits the superuser's
umask, and passes that umask to the servers it starts.
NOTE : Services currently supported by inetd will work in an IPv6
environment with a few changes to the configuration file
/etc/inetd.conf. (See inetd.conf(4)). When invoked, inetd reads
/etc/inetd.conf and configures itself to support whatever services are
included in that file (see inetd.conf(4)). The inetd daemon also
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
performs a security check if the file /var/adm/inetd.sec exists (see
inetd.sec(4)). If the Internet daemon refuses a connection for
security reasons, the connection is shut down. Most RPC-based
services, if their first connection is refused, attempt to connect
four more times at 5-second intervals before timing out. In such
cases, inetd refuses the connection from the same service invocation
five times. This is visible in the system log if inetd connection
logging and syslogd logging for the daemon facility are both enabled
(see syslogd(1M)).
The inetd daemon provides several "trivial" services internally by use
of routines within itself. The services are echo, discard, chargen
(character generator), daytime (human readable time), and time
(machine readable time in the form of the number of seconds since
midnight, January 1, 1900). The inetd daemon provides both TCP- and
UDP-based servers for each of these services. See inetd.conf(4) for
instructions on configuring internal servers.
Options [Toc] [Back]
inetd recognizes the following options. These options can be used
only by a superuser.
-c Reconfigure the Internet daemon; in other words, force the
current inetd to reread /etc/inetd.conf. This option sends
the signal SIGHUP to the Internet daemon that is currently
running. Any configuration errors that occur during the
reconfiguration are logged to the syslogd daemon facility.
-k Kill the current inetd. This option sends the signal
SIGTERM to the Internet daemon that is currently running,
causing it to exit gracefully. This option is the preferred
method of killing inetd.
-l By default, inetd starts with connection logging disabled.
If no inetd is running, the -l option causes the inetd to
start with connection logging enabled. Otherwise the -l
option causes inetd to send the signal SIGQUIT to the inetd
that is already running, which causes it to toggle the state
of connection logging.
-r count [interval]
inetd identifies a UDP service as broken or in an infinite
loop when it receives count number of connections in
interval seconds of time. When inetd finds any such broken
service, it discards the packet requesting the socket
connection, and refuses access to that service. inetd tries
enabling that service after 10 minutes and accepts
connections for that service. This is applicable to all UDP
services other than tftp, bootp and rpc. Using the -r
option, you can specify the values for count and interval,
which need to be decimal numbers. If you invoke inetd
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
without this option or specify invalid values for this
option, the default values 40 and 60 are taken for count and
interval, respectively.
-s This option is similar to the -l option, but it suppresses
the hostname while logging into the syslog file. If inetd
is not running, the -s option causes inetd to start with
suppressed hostname logging enabled. If inetd is running,
the -s option causes inetd to send SIGFPE signal to inetd
that is already running. This causes inetd to toggle the
state of suppressed hostname logging.
When inetd is running with either of -l or of -s logging enabled, the
Internet daemon logs attempted connections to services. It also logs
connection attempts which fail the security check. This information
can be useful when trying to determine if someone is repeatedly trying
to access your system from a particular remote system (in other words,
trying to break into your system). Successful connection attempts are
logged to the syslogd daemon facility at the info log level.
Connection attempts failing the security check are logged at the
notice log level. inetd also logs whether the connection logging has
been enabled or disabled at the info log level.
DIAGNOSTICS [Toc] [Back]
The following diagnostics are returned by the Internet daemon before
it disconnects from the terminal.
An inetd is already running [Toc] [Back]
An attempt was made to start an Internet daemon when one was
already running. It is incorrect to call the Internet
daemon a second time without the -c, -k, -l or -s option.
There is no inetd running [Toc] [Back]
An attempt was made to reconfigure an Internet daemon when
none was running.
Inetd not found [Toc] [Back]
This message occurs if inetd is called with -c and another
Internet daemon is running but cannot be reconfigured. This
occurs if the original Internet daemon died without removing
its semaphore.
Next step: Use the inetd -k command to remove the semaphore
left by the previous Internet daemon; then restart the
daemon.
The following diagnostics are logged to the syslogd daemon facility.
Unless otherwise indicated, messages are logged at the error log
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
level.
/etc/inetd.conf: Unusable configuration file
The Internet daemon is unable to access the configuration
file /etc/inetd.conf. The error message preceding this one
specifies the reason for the failure.
/etc/inetd.conf: line number: error
There is an error on the specified line in /etc/inetd.conf.
The line in the configuration file is skipped. This error
does not stop the Internet daemon from reading the rest of
the file and configuring itself accordingly.
Next step: Fix the line with the error and reconfigure the
Internet daemon by executing the inetd -c command.
system_call: message
system_call failed. See the corresponding manual entry for
a description of system_call. The reason for the failure is
explained in message.
Cannot configure inetd [Toc] [Back]
None of the services/servers listed in the configuration
file could be set up properly, due to configuration file
errors.
Too many services (max n)
The number of active services listed in the configuration
file exceeds the "hard" limit that can be supported by the
system (see setrlimit(2)).
Next step: Reduce the number of services listed in the
configuration file, then reconfigure the Internet daemon by
running the command inetd -c.
file: \ found before end of line line
file can be either inetd.conf or inetd.sec. If a backslash
is not immediately followed by an end of line, it is ignored
and the information up to the end of line is accepted. In
this case, the next line of the file is not appended to the
end of the current line. Unless all the information
required is present on a single line, configuration file
error messages are also output. This message is logged at
the warning log level.
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
service/protocol: Unknown service
The call to the library routine getservbyname (see
getservent(3N)) failed. The service is not listed in
/etc/services.
Next step: Include that service in /etc/services or
eliminate the entry for the service in /etc/inetd.conf.
service/protocol: Server failing (looping), service terminated.
When inetd tries to start 40 servers within 60 seconds for a
datagram service, other than bootp, rpc, or tftp, it assumes
that the server is failing to handle the connection. To
avoid entering a potentially infinite loop, inetd issues
this message, discards the packet requesting the socket
connection, and refuses further connections for this
service. After 10 minutes, inetd tries to reinstate the
service, and once again accepts connections for the service.
inetd provides -r command-line option to modify the default
values 40 and 60.
service/protocol: socket: message
service/protocol: listen: message
service/protocol: getsockname: message
Any one of the three errors above makes the service
unusable. For another host to communicate with the server
host through this service, the Internet daemon needs to be
reconfigured after any of these error messages.
service/protocol: bind: message
If this error occurs, the service is temporarily unusable.
After 10 minutes, inetd tries again to make the service
usable by binding to the Internet socket for the service.
service/protocol: Access denied to remote_host (address)
The remote host failed to pass the security test for the
indicated service. This information can be useful when
trying to determine if someone is repeatedly trying to
access your system from a particular remote system (in other
words, trying to break into your system). This message is
logged at the warning log level.
service/protocol: Connection from remote_host (address)
When connection logging is enabled, this message indicates a
successful connection attempt to the specified service.
This message is logged at the notice log level.
Hewlett-Packard Company - 5 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
service/protocol: Added service, server executable
Keeps track of the services added when reconfiguring the
Internet daemon. This message is logged at the info log
level.
service/protocol: New list
Lists the new user IDs, servers or executables used for the
service when reconfiguring the Internet daemon. This
message is logged at the info log level.
service/protocol: Deleted service
Keeps track of the services deleted when reconfiguring the
Internet daemon. This message is logged at the info log
level.
Security File (inetd.sec) Errors [Toc] [Back]
The following errors, prefixed by /var/adm/inetd.sec:, are related to
the security file inetd.sec:
Field contains other characters in addition to * for service
For example, field 2 of the Internet address 10.5*.8.7 is
incorrect.
Missing low value in range for service
For example, field 2 of the Internet address 10.-5.8.7 is
incorrect.
Missing high value in range for service
For example, field 2 of the Internet address 10.5-.8.7 is
incorrect.
High value in range is lower than low value for service
For example, field 2 of the Internet address 10.5-3.8.7 is
incorrect.
allow/deny field does not have a valid entry for service
The entry in the allow/deny field is not one of the keywords
allow or deny. No security for this service is implemented
by inetd since the line in the security file is ignored.
This message is logged at the warning log level.
RPC Related Errors for NFS Users [Toc] [Back]
These errors are specific to RPC-based servers:
Hewlett-Packard Company - 6 - HP-UX 11i Version 2: August 2003
inetd(1M) inetd(1M)
/etc/inetd.conf: line number: Missing program number
/etc/inetd.conf: line number: Missing version number
Error on the specified line of /etc/inetd.conf. The program
or version number for an RPC service is missing. This error
does not stop the Internet daemon from reading the rest of
the file and configuring itself accordingly. However, the
service corresponding to the error message will not be
configured correctly.
Next step: Fix the line with the error, then reconfigure the
Internet daemon by executing the inetd -c command.
/etc/inetd.conf: line number: Invalid program number
Error on the specified line of /etc/inetd.conf. The program
number for an RPC service is not a number. This error does
not stop the Internet daemon from reading the rest of the
file and configuring itself accordingly. However, the
service corresponding to the error message will not be
correctly configured.
Next step: Fix the line with the error, then reconfigure the
Internet daemon by executing the inetd -c command.
AUTHOR [Toc] [Back]
inetd was developed by HP and the University of California, Berkeley.
NFS was developed by Sun Microsystems, Inc.
FILES [Toc] [Back]
/etc/inetd.conf List of Internet server processes.
/var/adm/inetd.sec Optional security file.
SEE ALSO [Toc] [Back]
umask(1), portmap(1M), syslogd(1M), getservent(3N), inetd.conf(4),
inetd.sec(4), protocols(4), services(4), environ(5).
Hewlett-Packard Company - 7 - HP-UX 11i Version 2: August 2003 [ Back ] |