inetd(1M)inetd(1M)NAMEinetd - Internet services daemon
SYNOPSIS
proc_limit] count [interval] ]
DESCRIPTION
The daemon is the Internet superserver, which invokes Internet server
processes as needed. It must be running before other hosts can connect
to the local host through and The daemon also supports services based
on the Remote Procedure Call (RPC) protocol (NFS), such as and If RPC
servers are started by the server (see portmap(1M)) must be started
before
The daemon is designed to invoke all the Internet servers as needed,
thus reducing load on the system. It is normally started at system
boot time. Only one can run at any given time.
The daemon starts servers for both stream and datagram type services.
For stream services, listens for connection requests on Internet stream
sockets. When a connection is requested for one of its sockets,
decides which service the socket will support, forks a process, invokes
an appropriate server for the connection, and passes the connected
socket to the server as and Then returns to listening for connection
requests.
For datagram services, waits for activity on Internet datagram sockets.
When an incoming datagram is detected, forks a process, invokes an
appropriate server, and passes the socket to the server as and Then
waits, ignoring activity on that datagram socket, until the server
exits.
The daemon is normally started by the script, which is invoked during
the boot-time initialization. Otherwise, can be started only by the
superuser.
The Internet daemon and the servers it starts inherit the and environ‐
ment variables and the of the process that started If is started by the
superuser, it inherits the superuser's umask, and passes that umask to
the servers it starts.
Services currently supported by inetd will work in an environment with
a few changes to the configuration file (See inetd.conf(4)). When
invoked, reads and configures itself to support whatever services are
included in that file (see inetd.conf(4)). The daemon also performs a
security check if the file exists (see inetd.sec(4)). If the Internet
daemon refuses a connection for security reasons, the connection is
shut down. Most RPC-based services, if their first connection is
refused, attempt to connect four more times at 5-second intervals
before timing out. In such cases, refuses the connection from the same
service invocation five times. This is visible in the system log if
connection logging and logging for the daemon facility are both enabled
(see syslogd(1M)).
The daemon provides several "trivial" services internally by use of
routines within itself. The services are (character generator), (human
readable time), and (machine readable time in the form of the number of
seconds since midnight, January 1, 1900). The daemon provides both
TCP- and UDP-based servers for each of these services. See
inetd.conf(4) for instructions on configuring internal servers.
Options
recognizes the following options. These options can be used only by a
superuser.
Enable user level auditing.
Services started by will be audited based on the user's
audit specification (see audusr(1M), userdbset(1M), and
the user field in inetd.conf(4)). If a service is audit
unaware (see audit(4)), it will not be audited if the
user's audit specification is disabled.
Reconfigure the Internet daemon; in other words, force the cur‐
rent
to reread This option sends the signal to the Internet
daemon that is currently running. Any configuration
errors that occur during the reconfiguration are logged
to the daemon facility.
Kill the current
This option sends the signal to the Internet daemon that
is currently running, causing it to exit gracefully.
This option is the preferred method of killing
By default,
starts with connection logging disabled. If no is run‐
ning, the option causes the to start with connection log‐
ging enabled. Otherwise the option causes to send the
signal to the that is already running, which causes it to
toggle the state of connection logging.
By default,
spawns any number of child processes to serve incoming
connections. When is started with the option, does not
spawn a child process if the number of child processes
already running in the system has reached the proc_limit
value. spawns a new child process only when the number
of running child processes is less than the proc_limit
value. If an invalid value or zero is specified for the
option, spawns any number of child processes to serve
incoming connections.
identifies a UDP service as broken or in an infinite loop when
it receives
count number of connections in interval seconds of time.
When finds any such broken service, it discards the
packet requesting the socket connection, and refuses
access to that service. tries enabling that service
after 10 minutes and accepts connections for that ser‐
vice. This is applicable to all UDP services other than
and Using the option, you can specify the values for
count and interval, which need to be decimal numbers. If
you invoke without this option or specify invalid values
for this option, the default values 40 and 60 are taken
for count and interval, respectively.
This option is similar to the
option, but it suppresses the hostname while logging into
the syslog file. If is not running, the option causes to
start with suppressed hostname logging enabled. If is
running, the option causes to send signal to that is
already running. This causes to toggle the state of sup‐
pressed hostname logging.
When is running with either of or of logging enabled, the Internet dae‐
mon logs attempted connections to services. It also logs connection
attempts which fail the security check. This information can be useful
when trying to determine if someone is repeatedly trying to access your
system from a particular remote system (in other words, trying to break
into your system). Successful connection attempts are logged to the
daemon facility at the info log level. Connection attempts failing the
security check are logged at the notice log level. also logs whether
the connection logging has been enabled or disabled at the info log
level.
DIAGNOSTICS
The following diagnostics are returned by the Internet daemon before it
disconnects from the terminal.
An attempt was made to start an Internet
daemon when one was already running.
It is incorrect to call the Internet daemon a second time
without the or option.
An attempt was made to reconfigure an
Internet daemon when none was running.
This message occurs if
is called with and another Internet daemon is running but
cannot be reconfigured. This occurs if the original
Internet daemon died without removing its semaphore.
Use the command to remove the semaphore left by the pre‐
vious Internet daemon; then restart the daemon.
The following diagnostics are logged to the daemon facility. Unless
otherwise indicated, messages are logged at the error log level.
The Internet daemon is unable to access the
configuration file
The error message preceding this one specifies the reason
for the failure.
There is an error on the specified line in
The line in the configuration file is skipped. This
error does not stop the Internet daemon from reading the
rest of the file and configuring itself accordingly.
Fix the line with the error and reconfigure the Internet
daemon by executing the command.
system_call
failed. See the corresponding manual entry for a
description of system_call. The reason for the failure
is explained in message.
None of the services/servers listed in the
configuration file
could be set up properly, due to configuration file
errors.
The number of active services listed in the
configuration file
exceeds the "hard" limit that can be supported by the
system (see setrlimit(2)).
Reduce the number of services listed in the configuration
file, then reconfigure the Internet daemon by running the
command
file
can be either or If a backslash is not immediately fol‐
lowed by an end of line, it is ignored and the informa‐
tion up to the end of line is accepted. In this case,
the next line of the file is not appended to the end of
the current line. Unless all the information required is
present on a single line, configuration file error mes‐
sages are also output. This message is logged at the
warning log level.
The call to the library routine
(see getservent(3N)) failed. The service is not listed
in
Include that service in or eliminate the entry for the
service in
When
tries to start 40 servers within 60 seconds for a data‐
gram service, other than or it assumes that the server is
failing to handle the connection. To avoid entering a
potentially infinite loop, issues this message, discards
the packet requesting the socket connection, and refuses
further connections for this service. After 10 minutes,
tries to reinstate the service, and once again accepts
connections for the service. provides command-line
option to modify the default values 40 and 60.
Any one of the
three errors
above makes the
service unus‐
able.
For another host to communi‐
cate with the server host
through this service, the
Internet daemon needs to be
reconfigured after any of
these error messages.
If this error
occurs, the
service is tem‐
porarily unus‐
able.
After 10 minutes, tries again
to make the service usable by
binding to the Internet
socket for the service.
The remote host
failed to pass
the security
test for the
indicated ser‐
vice.
This information can be use‐
ful when trying to determine
if someone is repeatedly try‐
ing to access your system
from a particular remote sys‐
tem (in other words, trying
to break into your system).
This message is logged at the
warning log level.
When connection
logging is
enabled,
this message indicates a suc‐
cessful connection attempt to
the specified service. This
message is logged at the
notice log level.
Keeps track of
the services
added when
reconfiguring
the Internet
daemon.
This message is logged at the
info log level.
Lists the new
user IDs,
servers or exe‐
cutables
used for the service when
reconfiguring the Internet
daemon. This message is
logged at the info log level.
Keeps track of
the services
deleted
when reconfiguring the Inter‐
net daemon. This message is
logged at the info log level.
Security File (inetd.sec) Errors
The following errors, prefixed by are
related to the security file
For example,
field 2 of the
Internet
address
is incorrect.
For example,
field 2 of the
Internet
address
is incorrect.
For example,
field 2 of the
Internet
address
is incorrect.
For example,
field 2 of the
Internet
address
is incorrect.
The entry in
the allow/deny
field is not
one of the key‐
words
or No security for this ser‐
vice is implemented by since
the line in the security file
is ignored. This message is
logged at the warning log
level.
RPC Related Errors for NFS Users
These errors are specific to RPC-based
servers:
Error
on
the
spec‐
i‐
fied
line
of
The program or
version number
for an RPC ser‐
vice is miss‐
ing. This
error does not
stop the Inter‐
net daemon from
reading the
rest of the
file and con‐
figuring itself
accordingly.
However, the
service corre‐
sponding to the
error message
will not be
configured cor‐
rectly.
Fix the line
with the error,
then reconfig‐
ure the Inter‐
net daemon by
executing the
command.
Error
on
the
spec‐
i‐
fied
line
of
The program
number for an
RPC service is
not a number.
This error does
not stop the
Internet daemon
from reading
the rest of the
file and con‐
figuring itself
accordingly.
However, the
service corre‐
sponding to the
error message
will not be
correctly con‐
figured.
Fix the line
with the error,
then reconfig‐
ure the Inter‐
net daemon by
executing the
command.
AUTHOR
was developed by HP and the
University of California,
Berkeley.
NFS was developed by Sun
Microsystems, Inc.
FILES
List of Internet server pro‐
cesses.
Optional security file.
SEE ALSOumask(1), portmap(1M), sys‐
logd(1M), getservent(3N),
inetd.conf(4), inetd.sec(4),
protocols(4), services(4),
environ(5).
inetd(1M)