1.\" Copyright (c) 1985, 1991, 1993 The Regents of the University of California. 2.\" All rights reserved. 3.\" 4.\" %sccs.include.redist.man% 5.\" 6.\" @(#)inetd.8 6.8 (Berkeley) 02/01/93 7.\" 8.Dd 9.Dt INETD 8 10.Os BSD 4.4 11.Sh NAME 12.Nm inetd 13.Nd internet 14.Dq super-server 15.Sh SYNOPSIS 16.Nm inetd 17.Op Fl d 18.Op Fl R Ar rate 19.Op Ar configuration file 20.Sh DESCRIPTION 21.Nm Inetd 22should be run at boot time by 23.Pa /etc/rc.local 24(see 25.Xr rc 8 ) . 26It then listens for connections on certain 27internet sockets. When a connection is found on one 28of its sockets, it decides what service the socket 29corresponds to, and invokes a program to service the request. 30After the program is 31finished, it continues to listen on the socket (except in some cases which 32will be described below). Essentially, 33.Nm inetd 34allows running one daemon to invoke several others, 35reducing load on the system. 36.Pp 37The options available for 38.Nm inetd: 39.Bl -tag -width Ds 40.It Fl d 41Turns on debugging. 42.It Fl R Ar rate 43Specifies the maximum number of times a service can be invoked 44in one minute; the default is 1000. 45.El 46.Pp 47Upon execution, 48.Nm inetd 49reads its configuration information from a configuration 50file which, by default, is 51.Pa /etc/inetd.conf . 52There must be an entry for each field of the configuration 53file, with entries for each field separated by a tab or 54a space. Comments are denoted by a ``#'' at the beginning 55of a line. There must be an entry for each field. The 56fields of the configuration file are as follows: 57.Pp 58.Bd -unfilled -offset indent -compact 59service name 60socket type 61protocol 62wait/nowait 63user 64server program 65server program arguments 66.Ed 67.Pp 68There are two types of services that 69.Nm inetd 70can start: standard and TCPMUX. 71A standard service has a well-known port assigned to it; 72it may be a service that implements an official Internet standard or is a 73BSD-specific service. 74As described in 75.Tn RFC 1078 , 76TCPMUX services are nonstandard services that do not have a 77well-known port assigned to them. 78They are invoked from 79.Nm inetd 80when a program connects to the 81.Dq tcpmux 82well-known port and specifies 83the service name. 84This feature is useful for adding locally-developed servers. 85.Pp 86The 87.Em service-name 88entry is the name of a valid service in 89the file 90.Pa /etc/services . 91For 92.Dq internal 93services (discussed below), the service 94name 95.Em must 96be the official name of the service (that is, the first entry in 97.Pa /etc/services ) . 98For TCPMUX services, the value of the 99.Em service-name 100field consists of the string 101.Dq tcpmux 102followed by a slash and the 103locally-chosen service name. 104The service names listed in 105.Pa /etc/services 106and the name 107.Dq help 108are reserved. 109Try to choose unique names for your TCPMUX services by prefixing them with 110your organization's name and suffixing them with a version number. 111.Pp 112The 113.Em socket-type 114should be one of 115.Dq stream , 116.Dq dgram , 117.Dq raw , 118.Dq rdm , 119or 120.Dq seqpacket , 121depending on whether the socket is a stream, datagram, raw, 122reliably delivered message, or sequenced packet socket. 123TCPMUX services must use 124.Dq stream . 125.Pp 126The 127.Em protocol 128must be a valid protocol as given in 129.Pa /etc/protocols . 130Examples might be 131.Dq tcp 132or 133.Dq udp . 134TCPMUX services must use 135.Dq tcp . 136.Pp 137The 138.Em wait/nowait 139entry is applicable to datagram sockets only (other sockets should 140have a 141.Dq nowait 142entry in this space). If a datagram server connects 143to its peer, freeing the socket so 144.Nm inetd 145can received further messages on the socket, it is said to be 146a 147.Dq multi-threaded 148server, and should use the 149.Dq nowait 150entry. For datagram servers which process all incoming datagrams 151on a socket and eventually time out, the server is said to be 152.Dq single-threaded 153and should use a 154.Dq wait 155entry. 156.Xr Comsat 8 157.Pq Xr biff 1 158and 159.Xr talkd 8 160are both examples of the latter type of 161datagram server. 162.Xr Tftpd 8 163is an exception; it is a datagram server that establishes pseudo-connections. 164It must be listed as 165.Dq wait 166in order to avoid a race; 167the server reads the first packet, creates a new socket, 168and then forks and exits to allow 169.Nm inetd 170to check for new service requests to spawn new servers. 171TCPMUX services must use 172.Dq nowait . 173.Pp 174The 175.Em user 176entry should contain the user name of the user as whom the server 177should run. This allows for servers to be given less permission 178than root. 179.Pp 180The 181.Em server-program 182entry should contain the pathname of the program which is to be 183executed by 184.Nm inetd 185when a request is found on its socket. If 186.Nm inetd 187provides this service internally, this entry should 188be 189.Dq internal . 190.Pp 191The 192.Em server program arguments 193should be just as arguments 194normally are, starting with argv[0], which is the name of 195the program. If the service is provided internally, the 196word 197.Dq internal 198should take the place of this entry. 199.Pp 200.Nm Inetd 201provides several 202.Dq trivial 203services internally by use of 204routines within itself. These services are 205.Dq echo , 206.Dq discard , 207.Dq chargen 208(character generator), 209.Dq daytime 210(human readable time), and 211.Dq time 212(machine readable time, 213in the form of the number of seconds since midnight, January 2141, 1900). All of these services are tcp based. For 215details of these services, consult the appropriate 216.Tn RFC 217from the Network Information Center. 218.Pp 219.Nm Inetd 220rereads its configuration file when it receives a hangup signal, 221.Dv SIGHUP . 222Services may be added, deleted or modified when the configuration file 223is reread. 224.Sh TCPMUX 225.Pp 226.Tn RFC 1078 227describes the TCPMUX protocol: 228``A TCP client connects to a foreign host on TCP port 1. It sends the 229service name followed by a carriage-return line-feed <CRLF>. The 230service name is never case sensitive. The server replies with a 231single character indicating positive (+) or negative (\-) 232acknowledgment, immediately followed by an optional message of 233explanation, terminated with a <CRLF>. If the reply was positive, 234the selected protocol begins; otherwise the connection is closed.'' 235The program is passed the TCP connection as file descriptors 0 and 1. 236.Pp 237If the TCPMUX service name begins with a ``+'', 238.Nm inetd 239returns the positive reply for the program. 240This allows you to invoke programs that use stdin/stdout 241without putting any special server code in them. 242.Pp 243The special service name 244.Dq help 245causes 246.Nm inetd 247to list TCPMUX services in 248.Pa inetd.conf . 249.Sh "EXAMPLES" 250.Pp 251Here are several example service entries for the various types of services: 252.Bd -literal 253ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l 254ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd 255tcpmux/+date stream tcp nowait guest /bin/date date 256tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook 257.Ed 258.Sh "ERROR MESSAGES" 259.Nm Inetd 260logs error messages using 261.Xr syslog 3 . 262Important error messages and their explanations are: 263.Bd -literal 264\fIservice\fP/\fIprotocol\fP server failing (looping), service terminated. 265.Ed 266The number of requests for the specified service in the past minute 267exceeded the limit. The limit exists to prevent a broken program 268or a malicious user from swamping the system. 269This message may occur for several reasons: 2701) there are lots of hosts requesting the service within a short time period, 2712) a 'broken' client program is requesting the service too frequently, 2723) a malicious user is running a program to invoke the service in 273a 'denial of service' attack, or 2744) the invoked service program has an error that causes clients 275to retry quickly. 276Use the 277.Op Fl R 278option, 279as described above, to change the rate limit. 280Once the limit is reached, the service will be 281reenabled automatically in 10 minutes. 282.sp 283.Bd -literal 284\fIservice\fP/\fIprotocol\fP: No such user '\fIuser\fP', service ignored 285\fIservice\fP/\fIprotocol\fP: getpwnam: \fIuser\fP: No such user 286.Ed 287No entry for 288.Em user 289exists in the 290.Pa passwd 291file. The first message 292occurs when 293.Nm inetd 294(re)reads the configuration file. The second message occurs when the 295service is invoked. 296.sp 297.Bd -literal 298\fIservice\fP: can't set uid \fInumber\fP 299\fIservice\fP: can't set gid \fInumber\fP 300.Ed 301The user or group ID for the entry's 302.Em user 303is invalid. 304.Sh SEE ALSO 305.Xr comsat 8 , 306.Xr fingerd 8 , 307.Xr ftpd 8 , 308.Xr rexecd 8 , 309.Xr rlogind 8 , 310.Xr rshd 8 , 311.Xr telnetd 8 , 312.Xr tftpd 8 313.Sh HISTORY 314The 315.Nm 316command appeared in 317.Bx 4.3 . 318TCPMUX is based on code and documentation by Mark Lottor. 319