1inetd(1M)               System Administration Commands               inetd(1M)
2
3
4

NAME

6       inetd  -  Solaris Management Facility delegated restarter for inet ser‐
7       vices
8

SYNOPSIS

10       inetd  [configuration-file] start |  stop |  refresh
11
12
13        svc:/network/inetd:default
14
15

DESCRIPTION

17       inetd is the delegated restarter for internet services for the  Service
18       Management  Facility  (SMF).  Its  basic responsibilities are to manage
19       service states in response to administrative requests, system failures,
20       and  service  failures;  and,  when  appropriate, to listen for network
21       requests for services.
22
23
24       Services are no longer managed by editing the inetd configuration file,
25       inetd.conf(4).  Instead, you use inetconv(1M) to convert the configura‐
26       tion file content into SMF format services, then manage these  services
27       using  inetadm(1M) and svcadm(1M). Once a service has been converted by
28       inetconv, any changes to the legacy data in the inetd config file  will
29       not  become effective. However, inetd does alert the administrator when
30       it notices change in the configuration file. See the start  description
31       under the "inetd Methods" section for further information.
32
33
34       Also  note  that  the current inetd cannot be run from outside the SMF.
35       This means it cannot be run from the command line, as was supported  by
36       the  previous  inetd.  If  you attempt to do this, a message is sent to
37       stderr displaying mappings between the options supported by the  previ‐
38       ous inetd to the SMF version of inetd.
39
40
41       inetd  listens  for  connections  on behalf of all services that are in
42       either the online or degraded state. A  service  enters  one  of  these
43       states  when  the  service  is enabled by the user and inetd manages to
44       listen on its behalf. A listen  attempt  can  fail  if  another  server
45       (whether  standalone or a third-party internet service) is already lis‐
46       tening on the same port. When this occurs, inetd  logs  this  condition
47       and continues trying to bind to the port at configured intervals a con‐
48       figured number of times. See the property bind_fail_max under  "Service
49       Properties," below, for more details.
50
51
52       The  configuration  of all inetd's managed SMF services is read when it
53       is started. It is reread when  inetd  is  refreshed,  which  occurs  in
54       response  to  an  SMF request, or when it receives a SIGHUP signal. See
55       the refresh description under "inetd Methods" for the behavior on  con‐
56       figuration refresh.
57
58
59       You  can use the inetadm(1M) or svccfg(1M) utilities to make configura‐
60       tion changes to Internet services within the  SMF  repository.  inetadm
61       has  the advantage over svccfg in that it provides an Internet/RPC ser‐
62       vice context.
63
64   Service States
65       As part of its service management  duties,  inetd  implements  a  state
66       machine  for  each  of its managed services. The states in this machine
67       are made up of the smf(5) set of states. The semantics of these  states
68       are as follows:
69
70       uninitialized
71
72           inetd has yet to process this service.
73
74
75       online
76
77           The  service is handling new network requests and might have exist‐
78           ing connections active.
79
80
81       degraded
82
83           The service has entered this state because it was  able  to  listen
84           and process requests for some, but not all, of the protocols speci‐
85           fied for the service, having exhausted its listen retries. Existing
86           network connections might be active.
87
88
89       offline
90
91           Connections might be active, but no new requests are being handled.
92           This is a transient state. A service might be offline  for  any  of
93           the following reasons:
94
95               o      The service's dependencies are unmet. When its dependen‐
96                      cies become met the service's state  will  be  re-evalu‐
97                      ated.
98
99               o      The  service has exceeded its configured connection rate
100                      limit, max_con_rate. The service's state is re-evaluated
101                      when  its  connection  offline  timer, con_rate_offline,
102                      expires.
103
104               o      The service has reached its  allowed  number  of  active
105                      connections, max_copies. The service's state is re-eval‐
106                      uated when the number of active connections drops  below
107                      max_copies.
108
109               o      inetd  failed  to listen on behalf of the service on all
110                      its protocols. As mentioned above, inetd retries up to a
111                      configured maximum number of times, at configured inter‐
112                      vals.The service's state is re-evaluated when  either  a
113                      listen  attempt  is  successful  or  the  retry limit is
114                      reached.
115
116
117       disabled
118
119           The service has been turned off by an administrator, is not accept‐
120           ing  new  connections, and has none active. Administrator interven‐
121           tion is required to exit this state.
122
123
124       maintenance
125
126           A service is in this state because it is either malfunctioning  and
127           needs  adminstrator  attention  or  because  an  administrator  has
128           requested it.
129
130           Events constituting malfunctioning include:  inetd's  inability  to
131           listen on behalf on any of the service's protocols before exceeding
132           the service's bind retry limit, non-start  methods  returning  with
133           non-success  return  values,  and the service exceeding its failure
134           rate.
135
136           You request the maintenance state to  perform  maintenance  on  the
137           service,  such  as applying a patch. No new requests are handled in
138           this state, but existing connections might be active. Administrator
139           intervention is required to exit this state.
140
141
142
143       Use inetadm(1M) to obtain the current state of a managed service.
144
145   Service Methods
146       As  part  of certain state transitions inetd will execute, if supplied,
147       one of a set of methods provided by the service. The set  of  supported
148       methods are:
149
150       inetd_start
151
152           Executed  to  handle  a  request for an online or degraded service.
153           Since there is no separate state  to  distinguish  a  service  with
154           active  connections, this method is not executed as part of a state
155           transition.
156
157
158       inetd_offline
159
160           Executed when a service is taken from the online or degraded  state
161           to  the  offline state. For a wait-type service that at the time of
162           execution is performing  its  own  listening,  this  method  should
163           result in it ceasing listening. This method will be executed before
164           the disable method in the case an online/degraded service  is  dis‐
165           abled.  This  method  is required to be implemented for a wait-type
166           service.
167
168
169       inetd_online
170
171           Executed when a service transitions from the offline state  to  the
172           online state. This method allows a service author to carry out some
173           preparation prior to a service starting to handle requests.
174
175
176       inetd_disable
177
178           Executed when a service transitions from the offline state  to  the
179           disabled  state.  It  should result in any active connections for a
180           service being terminated.
181
182
183       inetd_refresh
184
185           Executed when both of the following conditions are met:
186
187               o      inetd is refreshed, by  means  of  the  framework  or  a
188                      SIGHUP,  or  a  request comes in to refresh the service,
189                      and
190
191               o      the service is currently in the online state  and  there
192                      are  no  configuration  changes that would result in the
193                      service needing to be taken  offline  and  brought  back
194                      again.
195
196
197
198       The only compulsory method is the inetd_start method. In the absence of
199       any of the others, inetd runs no method but behaves as if one  was  run
200       successfully.
201
202   Service Properties
203       Configuration for SMF-managed services is stored in the SMF repository.
204       The configuration is made up of the basic configuration of  a  service,
205       the  configuration  for  each of the service's methods, and the default
206       configuration applicable to all inetd-managed services.
207
208
209       For details on viewing and modifying the configuration of a service and
210       the defaults, refer to inetadm(1M).
211
212
213       The  basic  configuration  of  a  service is stored in a property group
214       named inetd in the service. The properties comprising the basic config‐
215       uration are as follows:
216
217       bind_addr
218
219           The address of the network interface to which the service should be
220           bound. An empty string value causes the service to  accept  connec‐
221           tions on any network interface.
222
223
224       bind_fail_interval
225
226           The  time  interval  in seconds between a failed bind attempt and a
227           retry. The values 0 and -1 specify that no  retries  are  attempted
228           and   the   first   failure   is  handled  the  same  as  exceeding
229           bind_fail_max.
230
231
232       bind_fail_max
233
234           The maximum number of times inetd retries binding  to  a  service's
235           associated  port  before  giving up. The value -1 specifies that no
236           retry limit is imposed. If none of  the  service's  protocols  were
237           bound  to  before any imposed limit is reached, the service goes to
238           the maintenance state; otherwise, if not all of the protocols  were
239           bound to, the service goes to the degraded state.
240
241
242       con_rate_offline
243
244           The time in seconds a service will remain offline if it exceeds its
245           configured maximum connection rate, max_con_rate. The values 0  and
246           -1 specify that connection rate limiting is disabled.
247
248
249       connection_backlog
250
251           The  backlog queue size. Represents a limit on the number of incom‐
252           ing client requests that can be queued at the  listening  endpoints
253           for servers.
254
255
256       endpoint_type
257
258           The type of the socket used by the service or the value tli to sig‐
259           nify a TLI-based service. Valid socket  type  values  are:  stream,
260           dgram, raw, seqpacket.
261
262
263       failrate_cnt
264
265           The  count portion of the service's failure rate limit. The failure
266           rate limit applies to wait-type services and is reached when  count
267           instances of the service are started within a given time. Exceeding
268           the rate results in the service being transitioned to  the  mainte‐
269           nance  state.  This  is different from the behavior of the previous
270           inetd, which continued to retry every 10 minutes, indefinitely. The
271           failrate_cnt  check  accounts  for badly behaving servers that fail
272           before consuming the service request and which would  otherwise  be
273           continually  restarted,  taxing  system  resources. Failure rate is
274           equivalent to the -r option of the previous inetd. The values 0 and
275           -1 specify that this feature is disabled.
276
277
278       failrate_interval
279
280           The time portion in seconds of the service's failure rate. The val‐
281           ues 0 and -1 specify that the failure rate limit  feature  is  dis‐
282           abled.
283
284
285       inherit_env
286
287           If true, pass inetd's environment on to the service's start method.
288           Regardless of this setting, inetd will set the variables  SMF_FMRI,
289           SMF_METHOD, and SMF_RESTARTER in the start method's environment, as
290           well as any environment variables set in the method context.  These
291           variables are described in smf_method(5).
292
293
294       isrpc
295
296           If true, this is an RPC service.
297
298
299       max_con_rate
300
301           The maximum allowed connection rate, in connections per second, for
302           a nowait-type service. The values 0 and -1 specify that  that  con‐
303           nection rate limiting is disabled.
304
305
306       max_copies
307
308           The  maximum number of copies of a nowait service that can run con‐
309           currently. The values 0 and -1 specify that copies limiting is dis‐
310           abled.
311
312
313       name
314
315           Can be set to one of the following values:
316
317               o      a service name understood by getservbyname(3SOCKET);
318
319               o      if  isrpc  is  set to true, a service name understood by
320                      getrpcbyname(3NSL);
321
322               o      if isrpc is set to true, a valid RPC program number.
323
324
325       proto
326
327           In the case of socket-based services, this is a list  of  protocols
328           supported by the service. Valid protocols are: tcp, tcp6, tcp6only,
329           udp, udp6, and udp6only. In the case of TLI  services,  this  is  a
330           list of netids recognized by getnetconfigent(3NSL) supported by the
331           service, plus the values tcp6only and  udp6only.  RPC/TLI  services
332           also support nettypes in this list, and inetd first tries to inter‐
333           pret the list member as a nettype for these service types. The val‐
334           ues  tcp6only  and  udp6only are new to inetd; these values request
335           that inetd listen only for and pass on true IPv6 requests (not IPv4
336           mapped  ones).  See  "Configuring  Protocols for Sockets-Based Ser‐
337           vices," below.
338
339
340       rpc_low_version
341
342           Lowest supported RPC version. Required when isrpc is set to true.
343
344
345       rpc_high_version
346
347           Highest supported RPC version. Required when isrpc is set to true.
348
349
350       tcp_trace
351
352           If true, and this is a nowait-type service, inetd logs the client's
353           IP address and TCP port number, along with the name of the service,
354           for each incoming connection, using the syslog(3C) facility.  inetd
355           uses the syslog facility code daemon and notice priority level. See
356           syslog.conf(4) for a description of syslog codes and severity  lev‐
357           els.  This  logging  is  separate  from the logging done by the TCP
358           wrappers facility.
359
360           tcp_trace is equivalent to the previous inetd's -t option (and  the
361           /etc/default/inetd property ENABLE_CONNECTION_LOGGING).
362
363
364       tcp_wrappers
365
366           If  true,  enable TCP wrappers access control. This applies only to
367           services with endpoint_type set to streams and wait set  to  false.
368           The  syslog facility code daemon is used to log allowed connections
369           (using the notice severity level) and  denied  traffic  (using  the
370           warning  severity  level).  See syslog.conf(4) for a description of
371           syslog codes and severity levels. The stability level  of  the  TCP
372           wrappers  facility  and its configuration files is External. As the
373           TCP wrappers facility  is  not  controlled  by  Sun,  intra-release
374           incompatibilities are not uncommon. See attributes(5).
375
376           For  more information about configuring TCP wrappers, you can refer
377           to the tcpd(1M) and hosts_access(4) man pages, which are  delivered
378           as  part  of  the  Solaris  operating system at /usr/sfw/man. These
379           pages are not part of the standard Solaris man pages, available  at
380           /usr/man.
381
382           tcp_wrappers    is    equivalent    to    the    previous   inetd's
383           /etc/default/inetd property ENABLE_TCPWRAPPERS.
384
385
386       wait
387
388           If true this is a wait-type service, otherwise it is a  nowait-type
389           service. A wait-type service has the following characteristics:
390
391               o      Its  inetd_start  method will take over listening duties
392                      on the service's bound endpoint when it is executed.
393
394               o      inetd will wait for it to  exit  after  it  is  executed
395                      before it resumes listening duties.
396           Datagram  servers must be configured as being of type wait, as they
397           are always invoked with the original datagram  endpoint  that  will
398           participate  in  delivering the service bound to the specified ser‐
399           vice. They do not have separate "listening" and  "accepting"  sock‐
400           ets.  Connection-oriented services, such as TCP stream services can
401           be designed to be either of type wait or nowait.
402
403
404
405       A number of the basic properties are optional for a service.  In  their
406       absence,  their values are taken from the set of default values present
407       in the defaults property group in the inetd service. These  properties,
408       with  their  seed  values, are listed below. Note that these values are
409       configurable through inetadm(1M).
410
411         bind_fail_interval  -1
412         bind_fail_max       -1
413         con_rate_offline    -1
414         connection_backlog  10
415         failrate_count      40
416         failrate_time       60
417         inherit_env         true
418         max_con_rate        -1
419         max_copies          -1
420         tcp_trace           false
421         tcp_wrappers        false
422
423
424
425       Each method specified for a service will have its configuration  stored
426       in  the SMF repository, within a property group of the same name as the
427       method. The set of properties  allowable  for  these  methods  includes
428       those  specified  for  the  services  managed  by  svc.startd(1M). (See
429       svc.startd(1M) for further details.) Additionally, for the  inetd_start
430       method, you can set the arg0 property.
431
432
433       The  arg0  property  allows  external  wrapper programs to be used with
434       inetd services. Specifically, it allows the first argument, argv[0], of
435       the  service's  start method to be something other than the path of the
436       server program.
437
438
439       In the case where you want to use an external wrapper program and  pass
440       arguments to the service's daemon, the arguments should be incorporated
441       as arguments to the wrapper program in the exec property. For example:
442
443         exec='/path/to/wrapper/prog service_daemon_args'
444         arg0='/path/to/service/daemon'
445
446
447
448       In addition to the special method tokens  mentioned  in  smf_method(5),
449       inetd  also  supports  the  :kill_process token for wait-type services.
450       This results in behavior identical to that if the :kill token were sup‐
451       plied,  except  that the kill signal is sent only to the parent process
452       of the wait-type service's start method, not  to  all  members  of  its
453       encompassing process contract (see process(4)).
454
455   Configuring Protocols for Sockets-Based Services
456       When  configuring  inetd  for  a  sockets-based  service,  you have the
457       choice, depending on what is supported by the service, of the  alterna‐
458       tives  described  under  the  proto  property, above. The following are
459       guidelines for which proto values to use:
460
461           o      For a service that supports only IPv4: tcp and udp
462
463           o      For a service that supports only IPv6: tcp6only and udp6only
464
465           o      For a service that supports both IPv4 and IPv6:
466
467               o      Obsolete and not recommended: tcp6 and udp6
468
469               o      Recommended: use two separate entries that  differ  only
470                      in  the proto field. One entry has tcp and the other has
471                      tcp6only, or udp plus udp6only.
472
473
474       See EXAMPLES for an example of a configuration of a service  that  sup‐
475       ports both IPv4 and IPv6.
476
477   inetd Methods
478       inetd  provides  the methods listed below for consumption by the master
479       restarter, svc.startd(1M).
480
481       start
482
483           Causes inetd to start providing  service.  This  results  in  inetd
484           beginning  to handle smf requests for its managed services and net‐
485           work requests for those services that are in either the  online  or
486           degraded state.
487
488           In addition, inetd also checks if the inetd.conf(4)-format configu‐
489           ration file it is monitoring  has  changed  since  the  last  inet‐
490           conv(1M)  conversion  was  carried  out.  If it has, then a message
491           telling the administrator to re-run inetconv to effect the  changes
492           made is logged in syslog.
493
494
495       stop
496
497           Causes  inetd to stop providing service. At this point, inetd tran‐
498           sitions each of its services that are not in either the maintenance
499           or  disabled  states  to the offline state, running any appropriate
500           methods in the process.
501
502
503       refresh
504
505           Results in a refresh being performed for each of its  managed  ser‐
506           vices and the inetd.conf(4) format configuration file being checked
507           for change, as in the start method. When a  service  is  refreshed,
508           its behavior depends on its current state:
509
510               o      if  it  is  in  the  maintenance  or disabled states, no
511                      action is performed because the  configuration  will  be
512                      read and consumed when the service leaves the state;
513
514               o      if it is in the offline state, the configuration will be
515                      read and any changes consumed immediately;
516
517               o      if it is in the online or degraded state and the config‐
518                      uration  has changed such that a re-binding is necessary
519                      to conform to it, then the service will be  transitioned
520                      to  the offline state and back again, using the new con‐
521                      figuration for the bind;
522
523               o      if it is in the online state and  a  re-binding  is  not
524                      necessary, then the inetd_refresh method of the service,
525                      if provided, will be run to allow online wait-type  ser‐
526                      vices to consume any other changes.
527
528

OPTIONS

530       No options are supported.
531

OPERANDS

533       configuration-file
534
535           Specifies  an  alternate  location  for  the  legacy  service  file
536           (inetd.conf(4)).
537
538
539       start|stop|refresh
540
541           Specifies which of inetd's methods should be run.
542
543

EXAMPLES

545       Example 1 Configuring a Service that Supports Both IPv4 and IPv6
546
547
548       The following commands illustrate the existence of services  that  sup‐
549       port both IPv4 and IPv6 and assign proto properties to those services.
550
551
552         example# svcs -a | grep mysvc
553         online         15:48:29 svc:/network/mysvc:dgram4
554         online         15:48:29 svc:/network/mysvc:dgram6
555         online         15:51:47 svc:/network/mysvc:stream4
556         online         15:52:10 svc:/network/mysvc:stream6
557
558         # inetadm -M network/rpc/mysvc:dgram4 proto=udp
559         # inetadm -M network/rpc/mysvc:dgram6 proto=udp6only
560         # inetadm -M network/rpc/mysvc:stream4 proto=tcp
561         # inetadm -M network/rpc/mysvc:stream6 proto=tcp6only
562
563
564
565
566       See svcs(1) and inetadm(1M) for descriptions of those commands.
567
568

ATTRIBUTES

570       See attributes(5) for descriptions of the following attributes:
571
572
573
574
575       ┌─────────────────────────────┬─────────────────────────────┐
576       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
577       ├─────────────────────────────┼─────────────────────────────┤
578       │Availability                 │SUNWcsu                      │
579       ├─────────────────────────────┼─────────────────────────────┤
580       │Interface Stability          │Evolving                     │
581       └─────────────────────────────┴─────────────────────────────┘
582

SEE ALSO

584       fmd(1M),  inetadm(1M),  inetconv(1M),  svcadm(1M), svccfg(1M), svcs(1),
585       svc.startd(1M), syslog(3C), getnetconfigent(3NSL),  getrpcbyname(3NSL),
586       getservbyname(3SOCKET),   inetd.conf(4),   process(4),  syslog.conf(4),
587       attributes(5), smf(5), smf_method(5)
588

NOTES

590       The inetd daemon performs the same function as, but is implemented sig‐
591       nificantly  differently  from, the daemon of the same name in Solaris 9
592       and prior Solaris operating system releases.  In  the  current  Solaris
593       release,  inetd is part of the Solaris Management Facility (see smf(5))
594       and will run only within that facility.
595
596
597       The /etc/default/inetd file has been deprecated. The functionality rep‐
598       resented    by    the    properties    ENABLE_CONNECTION_LOGGING    and
599       ENABLE_TCP_WRAPPERS are now available as the tcp_trace and tcp_wrappers
600       properties,  respectively.  These properties are described above, under
601       "Service Properties".
602
603
604
605SunOS 5.11                        5 Jul 2007                         inetd(1M)
Impressum