Provided by: rlinetd_0.6.1-3_i386 bug


       rlinetd.conf - rlinetd configuration file


       rlinetd.conf  holds configuration information for rlinetd.  There are a
       small number of similar top  level  constructs,  differing  chiefly  in
       which options can be meaningfully used with them.

       All  strings  are  quoted with the " character. In some situations (eg.
       the log, exec, and chroot directives), there are a number of  variables
       that can be substituted into the string.
       Unless stated otherwise, all numbers must be positive.

       service "name" {

              This  construct  describes  a service. The name parameter is for
              naming  convenience  alone,  it  simply  serves  to  distinguish
              logging  messages  and  provides a default for options which can
              logically accept a name as an argument.

                     This lists the ports that  the  service  should  be  made
                     available on. The ports can be listed in either string or
                     numeric format. If unspecified, this defaults to the name
                     of  the  service unless the service is an RPC service, in
                     which case the port value will be dynamically assigned by
                     the system.

                     Example: port "telnet" , "rcmd" , 56, 99;

                     This  specifies  which interfaces the listed ports should
                     be bound on. It takes  a  list  of  IP  addresses  as  an
                     argument,  corresponding  to  the configured addresses of
                     the interfaces required. If unspecified, this defaults to
                     INADDR_ANY and will bind to all available interfaces.

                     Example: interface,;

                     This specifies the invocation of the service. A number of
                     substitutions can be made within the string;  please  see
                     String Modifiers below.

                     Example: exec "/usr/sbin/in.telnetd -d" ;

                     This specifies the binary to be executed, if different to

                     Example: server "/usr/sbin/tcpd" ;

                     This specifies the socket protocol to use when  listening
                     on  ports for the service. The argument can be either tcp
                     or udp.  The default setting for this variable is tcp.

                     Example: protocol tcp;

                     This specifies the userid under which this service should
                     run.  It  will  accept  an argument in either symbolic or
                     numeric form. Unless group  (see  below)  is  given,  the
                     groupid is also set to the user’s primary group.

                     Example: user "nobody" ;

                     This  specifies  the  groupid  under  which  this service
                     should run. It will accept an argument in either symbolic
                     or numeric form.

                     Example: group "system" ;

                     This  is the backlog argument which will be passed to the
                     listen(2) system call.

                     Example: backlog 30;

                     This specifies the maximum number  of  service  instances
                     that  can be running at any one time. The default setting
                     for this variable is 40.

                     Example: instances 50;

                     This directive emulates the inetd(8) wait behaviour.  The
                     argument  can  be either yes or no.  The default value is
                     no.  Setting  this  to  yes  also  resets  the  value  of
                     instances option to 1.

                     Example: wait yes;

                     This  specifies  the process priority to run this service
                     at. The argument is passed directly to the setpriority(2)
                     system call. The value may be negative.

                     Example: nice -5;

                     This specifies that the service should be registered with
                     the system’s portmap(8) mapper  as  an  RPC  service.  It
                     accepts a list of arguments as follows.

                     rpc {
                             name "string" ; version 3,6,9-15,22;

                     The  name  parameter  is  optional,  and  defaults to the
                     service name.

                     This specifies the root directory for  the  service.  The
                     string  argument  can  accept  modifiers  as  detailed in
                     String Modifiers below.

                     Example: chroot "/tftpboot/%O" ;

                     This directive takes two arguments.  The  first  must  be
                     either  the  symbolic  name of a previously specified log
                     directive (see below), or the unquoted word  syslog.   If
                     the  latter, the message will be logged via the syslog(3)
                     call. The second argument is the  message  that  will  be
                     logged,  subject  to  the  modifiers  detailed  in String
                     Modifiers below.

                     Example: log syslog "Service from %O complete" ;

                     This  directive causes access controls  as  specified  by
                     tcp_wrappers  to  be applied. This has the same effect as
                     invoking  a   service   with   a   server   argument   of
                     /usr/sbin/tcpd  (or  wherever  your  tcpd(8)  program  is
                     kept), but saves the  additional  step  of  starting  the
                     program.  It  will accept up to two additional arguments.
                     The first is a service name to apply against  its  rules,
                     and  the  second is a block of instructions to execute if
                     matched. If no name is specified, it defaults to the name
                     of   the   service.  If  the  instruction  block  is  not
                     specified, it defaults to ’exit;’.


                     tcpd "in.telnetd" ;

                     tcpd { exec "/usr/local/bin/winnuke %O" ; }

                     tcpd "pointless" { echo "Hi guys, come on in." ; }

                     tcpd "defiant" { echo "500  Access  denied  from  %O."  ;
                     exit; }

                     This  directive  is  only  useful in an instruction block
                     argument to the ´tcpd´ directive. Note well -  not  using
                     it  (and not specifying some other terminating directive,
                     such as ’exec’, will result in the service being run).

                     Example: exit; #(duh)

                     This  directive  specifies  the  capabilities  that  this
                     service  should  have  when  running.  The  argument is a
                     string that is passed directly  to  cap_from_text(3).   I
                     know, that’s a pretty lousy description, but this feature
                     is of limited utility  until  and  unless  you  read  the
                     README.capabilities file anyway.

                     Example: capability "cap_setuid=ep" ;

                     This directive takes two arguments. The first is a symbol
                     specifying the type of limit required. These  are  listed
                     below. The second argument takes one of two forms. It can
                     either be a single numeric value, in which case  both  of
                     the soft and hard limits of the resource in question will
                     be set to this value. Alternatively, it can be a list  in
                     the form:

                     rlimit type {
                             soft x; hard y;

                     In  which  case  the  hard  and  soft  limits will be set
                     appropriately. In either case, the word unlimited can  be
                     specified  instead  of a numeric value, thus removing any
                     restriction.  The  values  are  passed  directly  to  the
                     setrlimit(2)  syscall,  and  should  be specified in that

                             cpu,  fsize,  data,  stack,  core,  rss,   nproc,
                             nofile, memlock

                     Example: rlimit cpu 15;

                     This  directive  causes  initgroups(3)  to  be  called at
                     service startup, which sets the supplementary  groups  of
                     the service according to the /etc/group file.

                     Example: initgroups;

                     This directive specifies the protocol family that rlinetd
                     should bind sockets on for this service. Currently,  this
                     can  be  either  ipv4  or  ipv6.   If  unspecified,  this
                     defaults to something appropriate for the system.

                     Example: family ipv6;

                     This directive lets you  dump  a  file  as  output  to  a

                     Example: banner "/etc/nologin" ;

                     This   directive  allows  you  to  output  a  dynamically
                     generated line to the connection.

                     Example: echo "500 Service denied from your IP (%O)" ;

                     This directive allows  you  to  specify  a  Linux  Socket
                     Filter  program  to  be  associated  with  the  listening
                     socket. These can  be  generated  with  a  tool  such  as

                     Example: filter "/usr/local/lib/rlinetd/filters/privport"

                     This directive loops eternally, outputting  data  to  any
                     connection.  If  no argument is given, it echoes a subset
                     of the printable characters. However, a filename  can  be
                     supplied  as  an  argument, in which case the contents of
                     that file are output in a loop.

                     Example: chargen "/usr/local/lib/spam" ;

       log "name" {

              This construct describes a logging target. The name parameter is
              used   as   an   argument   to  the  log  directive  in  service

                     This specifies the filename for this logfile.

                     Example: path "/var/log/service.log" ;

                     This specifies the file permissions for the logfile.  The
                     argument  is required to be numeric, and defaults to 0640
                     if not specified.

                     Example: mode 0600;

                     This specifies  the  uid  of  the  logfile,  and  can  be
                     specified as either a numeric uid, or username.

                     Example: user "adm" ;

                     This  specifies  the  gid  of  the  logfile,  and  can be
                     specified as either a numeric gid, or groupname.

                     Example: group "adm" ;

       defaults {

              This  construct  takes  the  same  parameters   as   a   service
              declaration,  but  instead of specifying a service sets defaults
              for all services specified subsequently.

       directory "path" "match" "ignore" ;
              This construct specifies a directory which  contains  additional
              configuration  files  to  be parsed. Parsing of these additional
              files does not commence until the current file is complete.  The
              match  and  ignore arguments are optional, and if specified, are
              used to filter the files in the directory. Filenames must  match
              the  "match"  regexp,  if given, and must not match the "ignore"
              regexp, if given. Filenames beginning with a  period  (’.’)  are
              skipped in all cases. Directories are not recursed into.

   String Modifiers
       There are a number of variables which can be substituted into arguments
       to some directives. Although they can all be used in the  same  places,
       the information accessed by some is unavailable in certain cases.

              The source IP address of the connection.

              The source port of the connection.

              The total CPU time used.

              The user CPU time used.

              The system CPU time.

              Maximum resident set size.

              Shared memory size.

              Unshared data size.

              Unshared stack size.

              Page reclaims.

              Page faults.


              Block input operations.

              Block output operations.

              Messages sent.

              Messages received.

              Signals received.

              Voluntary context switches.

              Involuntary context switches.

              Exit code.

              Running time.

              The  current  time expressed as seconds since epoch 1980, dumped
              as a network order 32 bit word. This has absolutely no use other
              than in implementing the inetd-like time functionality.

              The current time and date, in pretty-printed ctime format.


       rlinetd(8), hosts_access(5)


       This   manual   page   was   written  by  Mikolaj  J.  Habryn  <dichro->.