1.\" Copyright (c) 1985, 1991, 1993, 1994 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)inetd.8 8.4 (Berkeley) 06/01/94 7.\" 8.Dd 9.Dt INETD 8 10.Os BSD 4.4 11.Sh NAME 12.Nm inetd 13.Nd internet 14.Dq super-server 15.Sh SYNOPSIS 16.Nm inetd 17.Op Fl d 18.Op Fl R Ar rate 19.Op Ar configuration file 20.Sh DESCRIPTION 21The 22.Nm inetd 23program 24should be run at boot time by 25.Pa /etc/rc 26(see 27.Xr rc 8 ) . 28It then listens for connections on certain 29internet sockets. When a connection is found on one 30of its sockets, it decides what service the socket 31corresponds to, and invokes a program to service the request. 32The server program is invoked with the service socket 33as its standard input, output and error descriptors. 34After the program is 35finished, 36.Nm inetd 37continues to listen on the socket (except in some cases which 38will be described below). Essentially, 39.Nm inetd 40allows running one daemon to invoke several others, 41reducing load on the system. 42.Pp 43The options available for 44.Nm inetd: 45.Bl -tag -width Ds 46.It Fl d 47Turns on debugging. 48.It Fl R Ar rate 49Specifies the maximum number of times a service can be invoked 50in one minute; the default is 1000. 51.El 52.Pp 53Upon execution, 54.Nm inetd 55reads its configuration information from a configuration 56file which, by default, is 57.Pa /etc/inetd.conf . 58There must be an entry for each field of the configuration 59file, with entries for each field separated by a tab or 60a space. Comments are denoted by a ``#'' at the beginning 61of a line. There must be an entry for each field. The 62fields of the configuration file are as follows: 63.Pp 64.Bd -unfilled -offset indent -compact 65service name 66socket type 67protocol 68wait/nowait 69user 70server program 71server program arguments 72.Ed 73.Pp 74There are two types of services that 75.Nm inetd 76can start: standard and TCPMUX. 77A standard service has a well-known port assigned to it; 78it may be a service that implements an official Internet standard or is a 79BSD-specific service. 80As described in 81.Tn RFC 1078 , 82TCPMUX services are nonstandard services that do not have a 83well-known port assigned to them. 84They are invoked from 85.Nm inetd 86when a program connects to the 87.Dq tcpmux 88well-known port and specifies 89the service name. 90This feature is useful for adding locally-developed servers. 91.Pp 92The 93.Em service-name 94entry is the name of a valid service in 95the file 96.Pa /etc/services . 97For 98.Dq internal 99services (discussed below), the service 100name 101.Em must 102be the official name of the service (that is, the first entry in 103.Pa /etc/services ) . 104For TCPMUX services, the value of the 105.Em service-name 106field consists of the string 107.Dq tcpmux 108followed by a slash and the 109locally-chosen service name. 110The service names listed in 111.Pa /etc/services 112and the name 113.Dq help 114are reserved. 115Try to choose unique names for your TCPMUX services by prefixing them with 116your organization's name and suffixing them with a version number. 117.Pp 118The 119.Em socket-type 120should be one of 121.Dq stream , 122.Dq dgram , 123.Dq raw , 124.Dq rdm , 125or 126.Dq seqpacket , 127depending on whether the socket is a stream, datagram, raw, 128reliably delivered message, or sequenced packet socket. 129TCPMUX services must use 130.Dq stream . 131.Pp 132The 133.Em protocol 134must be a valid protocol as given in 135.Pa /etc/protocols . 136Examples might be 137.Dq tcp 138or 139.Dq udp . 140TCPMUX services must use 141.Dq tcp . 142.Pp 143The 144.Em wait/nowait 145entry specifies whether the server that is invoked by inetd will take over 146the socket associated with the service access point, and thus whether 147.Nm inetd 148should wait for the server to exit before listening for new service 149requests. 150Datagram servers must use 151.Dq wait , 152as they are always invoked with the original datagram socket bound 153to the specified service address. 154These servers must read at least one datagram from the socket 155before exiting. 156If a datagram server connects 157to its peer, freeing the socket so 158.Nm inetd 159can received further messages on the socket, it is said to be 160a 161.Dq multi-threaded 162server; 163it should read one datagram from the socket and create a new socket 164connected to the peer. 165It should fork, and the parent should then exit 166to allow 167.Nm inetd 168to check for new service requests to spawn new servers. 169Datagram servers which process all incoming datagrams 170on a socket and eventually time out are said to be 171.Dq single-threaded . 172.Xr Comsat 8 , 173.Pq Xr biff 1 174and 175.Xr talkd 8 176are both examples of the latter type of 177datagram server. 178.Xr Tftpd 8 179is an example of a multi-threaded datagram server. 180.Pp 181Servers using stream sockets generally are multi-threaded and 182use the 183.Dq nowait 184entry. 185Connection requests for these services are accepted by 186.Nm inetd , 187and the server is given only the newly-accepted socket connected 188to a client of the service. 189Most stream-based services operate in this manner. 190Stream-based servers that use 191.Dq wait 192are started with the listening service socket, and must accept 193at least one connection request before exiting. 194Such a server would normally accept and process incoming connection 195requests until a timeout. 196TCPMUX services must use 197.Dq nowait . 198.Pp 199The 200.Em user 201entry should contain the user name of the user as whom the server 202should run. This allows for servers to be given less permission 203than root. 204.Pp 205The 206.Em server-program 207entry should contain the pathname of the program which is to be 208executed by 209.Nm inetd 210when a request is found on its socket. If 211.Nm inetd 212provides this service internally, this entry should 213be 214.Dq internal . 215.Pp 216The 217.Em server program arguments 218should be just as arguments 219normally are, starting with argv[0], which is the name of 220the program. If the service is provided internally, the 221word 222.Dq internal 223should take the place of this entry. 224.Pp 225The 226.Nm inetd 227program 228provides several 229.Dq trivial 230services internally by use of 231routines within itself. These services are 232.Dq echo , 233.Dq discard , 234.Dq chargen 235(character generator), 236.Dq daytime 237(human readable time), and 238.Dq time 239(machine readable time, 240in the form of the number of seconds since midnight, January 2411, 1900). All of these services are tcp based. For 242details of these services, consult the appropriate 243.Tn RFC 244from the Network Information Center. 245.Pp 246The 247.Nm inetd 248program 249rereads its configuration file when it receives a hangup signal, 250.Dv SIGHUP . 251Services may be added, deleted or modified when the configuration file 252is reread. 253.Sh TCPMUX 254.Pp 255.Tn RFC 1078 256describes the TCPMUX protocol: 257``A TCP client connects to a foreign host on TCP port 1. It sends the 258service name followed by a carriage-return line-feed <CRLF>. The 259service name is never case sensitive. The server replies with a 260single character indicating positive (+) or negative (\-) 261acknowledgment, immediately followed by an optional message of 262explanation, terminated with a <CRLF>. If the reply was positive, 263the selected protocol begins; otherwise the connection is closed.'' 264The program is passed the TCP connection as file descriptors 0 and 1. 265.Pp 266If the TCPMUX service name begins with a ``+'', 267.Nm inetd 268returns the positive reply for the program. 269This allows you to invoke programs that use stdin/stdout 270without putting any special server code in them. 271.Pp 272The special service name 273.Dq help 274causes 275.Nm inetd 276to list TCPMUX services in 277.Pa inetd.conf . 278.ne 1i 279.Sh "EXAMPLES" 280.Pp 281Here are several example service entries for the various types of services: 282.Bd -literal 283ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 284ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 285tcpmux/+date stream tcp nowait guest /bin/date date 286tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 287.Ed 288.Sh "ERROR MESSAGES" 289The 290.Nm inetd 291server 292logs error messages using 293.Xr syslog 3 . 294Important error messages and their explanations are: 295.Bd -literal 296\fIservice\fP/\fIprotocol\fP server failing (looping), service terminated. 297.Ed 298The number of requests for the specified service in the past minute 299exceeded the limit. The limit exists to prevent a broken program 300or a malicious user from swamping the system. 301This message may occur for several reasons: 3021) there are lots of hosts requesting the service within a short time period, 3032) a 'broken' client program is requesting the service too frequently, 3043) a malicious user is running a program to invoke the service in 305a 'denial of service' attack, or 3064) the invoked service program has an error that causes clients 307to retry quickly. 308Use the 309.Op Fl R 310option, 311as described above, to change the rate limit. 312Once the limit is reached, the service will be 313reenabled automatically in 10 minutes. 314.sp 315.Bd -literal 316\fIservice\fP/\fIprotocol\fP: No such user '\fIuser\fP', service ignored 317\fIservice\fP/\fIprotocol\fP: getpwnam: \fIuser\fP: No such user 318.Ed 319No entry for 320.Em user 321exists in the 322.Pa passwd 323file. The first message 324occurs when 325.Nm inetd 326(re)reads the configuration file. The second message occurs when the 327service is invoked. 328.sp 329.Bd -literal 330\fIservice\fP: can't set uid \fInumber\fP 331\fIservice\fP: can't set gid \fInumber\fP 332.Ed 333The user or group ID for the entry's 334.Em user 335is invalid. 336.Sh SEE ALSO 337.Xr comsat 8 , 338.Xr fingerd 8 , 339.Xr ftpd 8 , 340.Xr rexecd 8 , 341.Xr rlogind 8 , 342.Xr rshd 8 , 343.Xr telnetd 8 , 344.Xr tftpd 8 345.Sh HISTORY 346The 347.Nm 348command appeared in 349.Bx 4.3 . 350TCPMUX is based on code and documentation by Mark Lottor. 351