Listens for connections on internet sockets. When a connection is found
it invokes a program to service the request. After the program is finished, it continues to listen on the socket (except in some cases).
Allows running one daemon to invoke several others, reducing load on the system.
-d |
inetd reads its configuration file, by default: /etc/inetd.conf
.
There is an entry for each service with entries for each field separated by a tab or a space.
Comments lines have "#" at the beginning
The fields are :
[host:]serviceName socketType protocol[,sndbuf=size][,rcvbuf=size] wait/nowait[.max] user[.group] or user[:group] server program server program argumentsFor internet services, the first field may include a host . Multiple local addresses can be specified on the same line, separated by commas.For a Sun-RPC based service: (change these lines to)serviceName/version rpc/protocol[,sndbuf=size][,rcvbuf=size]
*
indicates INADDR_ANY, meaning "all local addresses".
A line with only a host address causes that to be used for the following lines.
If the protocol is "unix", this value is ignored.
The serviceName
is in /etc/services
or a port number.
For "internal" services the name must be the official name of the service
(that is, the first entry in /etc/services
).
To specify a Sun-RPC based service, this is a service in /etc/rpc
.
This can be a single numeric argument or a range of versions.
A range is bounded by the low version to the high version - "rusers/1-3".
For UNIX-domain sockets this field is the path name of the socket.
The socketType
should be one of stream, dgram, raw, rdm(reliably delivered message), or seqpacket (sequenced packet)
.
The protocol
is in /etc/protocols
or unix
. Examples: "tcp"
or "udp". RPC based services are specified with the "rpc/tcp" or "rpc/udp" service type. "tcp" and
"udp" will be recognized as "TCP or UDP over default IP version". This is currently IPv4, but in the
future it will be IPv6. To specify IPv4 or IPv6 explicitly, use "tcp4" or
"udp6". A protocol of "unix" is used to specify a socket in the UNIX-domain.
In addition to the protocol, the configuration may specify the socket buffer
sizes. This is useful for TCP as the window scale factor, which
is based on the receive socket buffer size, is advertised when the connection handshake occurs, thus
the socket buffer size for the server must be set on the listen socket. By increasing the socket
buffer sizes, better TCP performance may be realized in some situations. The socket buffer sizes are
specified by appending their values to the protocol specification
A value may include 'k' to indicate kilobytes or 'm' to indicate megabytes.
tcp,rcvbuf=16384 tcp,sndbuf=64k tcp,rcvbuf=64k,sndbuf=1m
wait/nowait
specifies that inted wait for the server program to return, or
continue processing connections on the socket. If a datagram server connects to its peer, freeing
the socket so inetd can receive further messages on the socket, A "multi-threaded"
server should use "nowait" .
For datagram servers which process all incoming datagrams
on a socket and eventually time out, the server is said to be "single-threaded" and should use
"wait" . comsat(8) (biff(1)) and talkd(8) are both examples of the latter type of datagram
server.
max
suffix is the maximum
number of times a service can be invoked in one minute; the default is 256.
If a service reaches
this limit, inetd will log the problem and stop servicing requests for the service for
10 minutes. See also -R
Stream servers are usually marked as "nowait" but if a single server process is to handle multiple
connections, it may be marked as "wait". The master socket will then be passed as fd 0 to the
server, which will then need to accept the incoming connection.
The server should time
out and exit when no more connections are active. inetd will continue to listen on the master socket
for connections, so the server should not close it when it exits.
user
is the user name the server will run as. This allows
servers to be given less permission than root. group name
allows for servers to run with a
different (primary) group ID than specified in the password file. If a group is specified and user
is not root, the supplementary groups associated with that user will still be set.
The server program entry should contain the pathname of the program which is to be executed by inetd when a request is found on its socket. If inetd provides this service internally, this entry should be "internal".
The server program arguments should be just as arguments normally are, starting with argv[0], which is the name of the program. If the service is provided internally, the word "internal" should take the place of this entry.
inetd provides several "trivial" services internally by use of routines within itself. These ser- vices are "echo", "discard", "chargen" (character generator), "daytime" (human readable time), and "time" (machine readable time, in the form of the number of seconds since midnight, January 1, 1900). All of these services are TCP based. For details of these services, consult the appropriate RFC from the Network Information Center.
inetd rereads its configuration file when it receives a hangup signal, SIGHUP. Services may be added, deleted or modified when the configuration file is reread.
libwrap Support for TCP wrappers is included with inetd to provide built-in tcpd-like access control func- tionality. An external tcpd program is not needed. You do not need to change the /etc/inetd.conf server-program entry to enable this capability. inetd uses /etc/hosts.allow and /etc/hosts.deny for access control facility configurations, as described in hosts_access(5).
IPv6 TCP/UDP behavior If you wish to run a server for IPv4 and IPv6 traffic, you'll need to run two separate processes for the same server program, specified as two separate lines in inetd.conf, for "tcp4" and "tcp6".
Under various combinations of IPv4/v6 daemon settings, inetd will behave as follows: o If you have only one server on "tcp4", IPv4 traffic will be routed to the server. IPv6 traffic will not be accepted. o If you have two servers on "tcp4" and "tcp6", IPv4 traffic will be routed to the server on "tcp4", and IPv6 traffic will go to server on "tcp6". o If you have only one server on "tcp6", only IPv6 traffic will be routed to the server. The special "tcp46" parameter can be used for obsolete servers which require to receive IPv4 con- nections mapped in an IPv6 socket. Its usage is discouraged.
Server programs used with "dgram" "udp" "nowait" must read from the network socket, or inetd will spawn processes until the maximum is reached.
Host address specifiers, while they make conceptual sense for RPC services, do not work entirely correctly. This is largely because the portmapper interface does not provide a way to register different ports for the same service on different local addresses. Provided you never have more than one entry for a given RPC service, everything should work correctly. (Note that default host address specifiers do apply to RPC lines with no explicit specifier.)
update-inetd
- create, remove, enable or disable entry /etc/inetd.conf
[option …...] command argument
Used to add, remove, enable or disable entries in /etc/inetd.conf
After the changes, signals inetd
with SIGHUP
Add entries that are 'commented out' by default to be be treated like normal entries. No entry can be added if an entry iscommented out for the same service
Use single '#' character to "commented out" a service using update-inetd, and for the service to remain disabled after
upgrades,
run update-inetd --comment-chars '#'
--add entry-line |
--group groupname |
update-inetd --comment-chars '#' --disable login,shell,exec,telnetUsing a single '#' character as a comment-char prevents update-inetd to re-enable the services on package upgrades. Prohibit other systems from reaeding the system clock.
update-inetd --comment-chars '#' --disable time,daytimeAllow other systems to reaeding the system clock.
update-inetd --enable time,daytimeInformation that inetd is crashed via a SYN attack against the time and daytime services.
update-inetd --comment-chars '#' --pattern tcp --disable time,daytimeAfter building a POP3 server, install the entry from the Makefile:
update-inetd --group MAIL --add \ 'pop-3\t\tstream\ttcp\tnowait\troot\t/usr/sbin/tcpd\t/usr/sbin/in.pop3d'
# /etc/inetd.conf: see inetd(8) for further informations. # # Internet superserver configuration database # # # Lines starting with "#:LABEL:" or "##" should not # be changed unless you know what you are doing! # # If you want to disable an entry so it isn't touched during # package updates just comment it out with a single '#' character. # # Packages should modify this file by using update-inetd(8) # # # #:INTERNAL: Internal services #discard stream tcp nowait root internal #discard dgram udp wait root internal #daytime stream tcp nowait root internal #time stream tcp nowait root internal #:STANDARD: These are standard services. telnet stream tcp nowait telnetd /usr/sbin/tcpd /usr/sbin/in.telnetd #:BSD: Shell, login, exec and talk are BSD protocols. #:MAIL: Mail, news and uucp services. #:INFO: Info services finger stream tcp nowait root /usr/sbin/tcpd /usr/sbin/cfingerd #:BOOT: TFTP service is provided primarily for booting. Most sites # run this only on machines acting as "boot servers."
Perl scripts use the Perl module DebianNet. See DebianNet(3pm)
Package maintainer scripts should not override the default comment chars
/etc/inetd.conf
/var/run/inetd.pid
SEE ALSO DebianNet(3pm)perl v5.32.0 2020-12-24