inetd(1M)

Requires Optional LAN/X.25 Software

NAME

inetd − Internet services daemon

SYNOPSIS

/etc/inetd [−l]
/etc/inetd [−c]
/etc/inetd [−k]

DESCRIPTION

inetd, the Internet super-server, invokes Internet server processes as needed. It must be running before other hosts can connect to the local host through rcp, remsh, rlogin, ftp, and telnet. inetd also supports services based on the Remote Procedure Call (RPC) protocol (NFS), such as rwalld and rusersd. If RPC servers are started by inetd, portmap(1M) must be started before inetd.

inetd allows one daemon to invoke many servers, thus reducing load on the system. It is normally started at system boot time. Only one inetd can run at any given time.

inetd starts servers for both stream and datagram type services. For stream services, inetd listens for connection requests on Internet stream sockets. When it finds a connection on one of its sockets, it decides which service the socket corresponds to, and then forks and invokes a server for the connection, passing the connected socket to the server as stdin and stdout. It then returns to listening for connection requests.

For datagram services, inetd waits for activity on Internet datagram sockets. When an incoming datagram is detected, inetd forks and invokes a server, passing the socket to the server as stdin and stdout. It then “waits,” ignoring activity on that datagram socket, until the server exits.

inetd is normally started by the script /etc/netlinkrc which is run by /etc/rc as part of boot-time initialization. Otherwise inetd can be started only by the super-user.

The Internet daemon and the servers it starts inherit the LANG and TZ environment variables and the umask of the process that started the inetd. If inetd is started by the super-user, it inherits the super-user’s umask, and passes that umask to the servers it starts. If desired, the script /etc/netlinkrc can set the umask before running inetd.

When invoked, inetd reads /etc/inetd.conf and configures itself to support whatever services are included in that file (see inetd.conf(4)). inetd also performs a security check if the file /usr/adm/inetd.sec exists (see inetd.sec(4)). If the Internet daemon refuses a connection for security reasons, the connection is shut down. Most RPC-based services, if their first connection is refused, attempt to connect four more times at 5-second intervals before timing out. In such cases, inetd refuses the connection from the same service invocation five times. This is visible in the system log if inetd connection logging and syslogd logging for the daemon facility are both enabled (see syslogd(1M)).

inetd provides several “trivial” services internally by use of routines within itself. The services are echo, discard, chargen (character generator), daytime (human readable time), and time (machine readable time in the form of the number of seconds since midnight, January 1, 1900). inetd provides both tcp- and udp-based servers for each of these services. See inetd.conf(4) for instructions on configuring internal servers.

The following options can be used with inetd:

−c Reconfigure the Internet daemon; in other words, force the current inetd to re-read /etc/inetd.conf. This option sends the signal SIGHUP to the Internet daemon that is currently running. Any configuration errors that occur during the reconfiguration are logged to the syslogd daemon facility.

−l By default, inetd starts with connection logging disabled. If no inetd is running, the −l option causes the inetd to start with connection logging enabled. Otherwise the −l option causes inetd to send the signal SIGQUIT to the inetd that is already running, which causes it to toggle the state of connection logging.

When connection logging is enabled, the Internet daemon logs attempted connections to services. It also logs connection attempts which fail the security check. This information can be useful when trying to determine if someone is repeatedly trying to access your system from a particular remote system (in other words, trying to break into your system). Successful connection attempts are logged to the syslogd daemon facility at the info log level. Connection attempts failing the security check are logged at the notice log level. inetd also logs whether the connection logging has been enabled or disabled at the info log level.

−k Kill the current inetd. This option sends the signal SIGTERM to the Internet daemon that is currently running, causing it to exit gracefully. This option is the preferred method of killing inetd.

These options to inetd can be used only by the super-user.

DIAGNOSTICS

Diagnostics returned by the Internet daemon before it disconnects from the terminal are:

An inetd is already running
An attempt was made to start an Internet daemon when one is already running. It is incorrect to call the Internet daemon a second time without the −c, −k, or −l option.

There is no inetd running
An attempt was made to reconfigure an Internet daemon when none was running.

Inetd not found
This message occurs if inetd is called with −c and another Internet daemon is running but cannot be reconfigured. This occurs if the original Internet daemon died without removing its semaphore.

Next step: Do an inetd −k to remove the semaphore left by the previous Internet daemon, then restart the daemon.

The following diagnostics are logged to the syslogd daemon facility. Unless otherwise indicated, messages are logged at the error log level.

/etc/inetd.conf: Unusable configuration file
The Internet daemon is unable to access the configuration file /etc/inetd.conf. The error message preceding this one specifies the reason for the failure.

/etc/inetd.conf: line number: error
There is an error on the specified line in /etc/inetd.conf. The line in the configuration file is skipped. This error does not stop the Internet daemon from reading the rest of the file and configuring itself accordingly.

Next step: Fix the line with the error and reconfigure the Internet daemon by executing the command inetd −c.

system_call: ...
system call failed. See the corresponding manual entry for a description of system_call. The reason for the failure is explained in the error message appended to the system call name.

Cannot configure inetd
None of the services/servers listed in the configuration file could be set up properly, due to configuration file errors.

Too many remote services running
The maximum number of remote services allowed to access the server system simultaneously has been exceeded.

Next step: Consider increasing the number of simultaneous remote services allowed; see inetd.conf(4).

file: \ found before end of line line
file can be either inetd.conf or inetd.sec. If a backslash is not immediately followed by an end of line, it is ignored and the information up to the end of line is accepted. In this case the next line of the file is not appended to the end of the current line. Unless all the information required is present on a single line, configuration file error messages are also output. This message is logged at the warning log level.

service/protocol: Unknown service
The call to the library routine getservbyname (see getservent(3N)) failed. The service is not listed in /etc/services.

Next step: Include that service in /etc/services or eliminate the entry for the service in /etc/inetd.conf.

service/protocol: Server failing (looping), service terminated.
When inetd tries to start 40 servers within 60 seconds for a datagram service, it assumes that the server is failing to handle the connection. To avoid entering a potentially infinite loop, inetd issues this message, discards the packet requesting the socket connection, and refuses further connections for this service. After 10 minutes, inetd tries to reinstate the service, and once again accepts connections for the service.

service/protocol: socket: ...

service/protocol: listen: ...

service/protocol: getsockname: ...
Any one of the three errors above makes the service unusable. For another host to communicate with the server host through this service, the Internet daemon needs to be reconfigured after any of these error messages.

service/protocol: bind: ...
If this error occurs, the service is temporarily unusable. After 10 minutes, inetd tries again to make the service usable by binding to the Internet socket for the service.

service/protocol: Access denied to remote host (address)
The remote host failed to pass the security test for the indicated service. This information can be useful when trying to determine if someone is repeatedly trying to access your system from a particular remote system (in other words, trying to break into your system). This message is logged at the warning log level.

service/protocol: Connection from remote host (address)
When connection logging is enabled, this message indicates a successful connection attempt to the specified service. This message is logged at the notice log level.

service/protocol: Added service, server executable
Keeps track of the services added when reconfiguring the Internet daemon. This message, logged at the info log level.

service/protocol: New ...
Lists the new user ids, servers or executables used for the service when reconfiguring the Internet daemon. This message is logged at the info log level.

service/protocol: Deleted service
Keeps track of the services deleted when reconfiguring the Internet daemon. This message is logged at the info log level.

Security File (inetd.sec) Errors

The following errors are related to the security file inetd.sec:

/usr/adm/inetd.sec: Field contains other characters in addition to ∗ for service}
in addition to ∗ for service For example, field 2 of the Internet address 10.5∗.8.7 is incorrect.

/usr/adm/inetd.sec: Missing low value in range for service
in range for service For example, field 2 of the Internet address 10.−5.8.7 is incorrect.

/usr/adm/inetd.sec: Missing high value in range for service
in range for service For example, field 2 of the Internet address 10.5−.8.7 is incorrect.

/usr/adm/inetd.sec: High value in range is lower than low value for service
low value for service For example, field 2 of the Internet address 10.5−3.8.7 is incorrect.

/usr/adm/inetd.sec: allow/deny field does not have a valid entry for service
valid entry for service The entry in the allow/deny field is not one of the keywords allow or deny. No security for this service is implemented by inetd since the line in the security file is ignored. This message is logged at the warning log level.

RPC Related Errors for NFS Users Only

These errors are specific to RPC-based servers:

/etc/inetd.conf: line number: Missing program number

/etc/inetd.conf: line number: Missing version number
Error on the specified line of /etc/inetd.conf. The program or version number for an RPC service is missing. This error does not stop the Internet daemon from reading the rest of the file and configuring itself accordingly. However, the service corresponding to the error message will not be configured correctly.

Next step: Fix the line with the error, then reconfigure the Internet daemon by executing the command inetd −c .

/etc/inetd.conf: line number: Invalid program number
Error on the specified line of /etc/inetd.conf. The program number for an RPC service is not a number. This error does not stop the Internet daemon from reading the rest of the file and configuring itself accordingly. However, the service corresponding to the error message will not be correctly configured.

Next step: Fix the line with the error, then reconfigure the Internet daemon by executing the command inetd −c.

AUTHOR

inetd was developed by HP and the University of California, Berkeley.
NFS was developed by Sun Microsystems, Inc.

FILES

/etc/inetd.conf list of Internet server processes.

/usr/adm/inetd.sec optional security file.

Museum

Related Articles