Provided by: rlinetd_0.6.2-1_i386 bug


       rlinetd.conf - rlinetd configuration file


       rlinetd.conf  holds configuration information for rlinetd.  There are a
       small number of similar top  level  constructs,  differing  chiefly  in
       which options can be meaningfully used with them.

       All  strings  are  quoted with the " character. In some situations (eg.
       the log, exec, and chroot directives), there are a number of  variables
       that can be substituted into the string.
       Unless stated otherwise, all numbers must be positive.

       service "name" {

              This  construct  describes  a service. The name parameter is for
              naming  convenience  alone,  it  simply  serves  to  distinguish
              logging  messages  and  provides a default for options which can
              logically accept a name as an argument.

                     This lists the ports that  the  service  should  be  made
                     available on. The ports can be listed in either string or
                     numeric format. If unspecified, this defaults to the name
                     of  the  service unless the service is an RPC service, in
                     which case the port value will be dynamically assigned by
                     the system.

                       port "telnet", "rcmd", 56, 99;

                     This  specifies  which interfaces the listed ports should
                     be bound on. It takes  a  list  of  IP  addresses  as  an
                     argument,  corresponding  to  the configured addresses of
                     the interfaces required. If unspecified, this defaults to
                     INADDR_ANY and will bind to all available interfaces.


                     This specifies the invocation of the service. A number of
                     substitutions can be made within the string;  please  see
                     String Modifiers below.

                       exec "/usr/sbin/in.telnetd -d";

                     This specifies the binary to be executed, if different to

                       server "/usr/sbin/tcpd";

                     This specifies the socket protocol to use when  listening
                     on  ports for the service. The argument can be either tcp
                     or udp.  The default setting for this variable is tcp.

                       protocol tcp;

                     This specifies the userid under which this service should
                     run.  It  will  accept  an argument in either symbolic or
                     numeric form. Unless group  (see  below)  is  given,  the
                     groupid is also set to the user’s primary group.

                       user "nobody";

                     This  specifies  the  groupid  under  which  this service
                     should run. It will accept an argument in either symbolic
                     or numeric form.

                       group "system";

                     This  is the backlog argument which will be passed to the
                     listen(2) system call.

                       backlog 30;

                     This specifies the maximum number  of  service  instances
                     that  can be running at any one time. The default setting
                     for this variable is 40.

                       instances 50;

                     This directive emulates the inetd(8) wait behaviour.  The
                     argument  can  be either yes or no.  The default value is
                     no.  Setting  this  to  yes  also  resets  the  value  of
                     instances option to 1.

                       wait yes;

                     This  specifies  the process priority to run this service
                     at. The argument is passed directly to the setpriority(2)
                     system call. The value may be negative.

                       nice -5;

                     This specifies that the service should be registered with
                     the system’s portmap(8) mapper  as  an  RPC  service.  It
                     accepts a list of arguments as follows.

                     rpc {
                             name "string"; version 3,6,9-15,22;

                     The  name  parameter  is  optional,  and  defaults to the
                     service name.

                     This specifies the root directory for  the  service.  The
                     string  argument  can  accept  modifiers  as  detailed in
                     String Modifiers below.

                       chroot "/tftpboot/%O";

                     This directive takes two arguments.  The  first  must  be
                     either  the  symbolic  name of a previously specified log
                     directive (see below), or the unquoted word  syslog.   If
                     the  latter, the message will be logged via the syslog(3)
                     call. The second argument is the  message  that  will  be
                     logged,  subject  to  the  modifiers  detailed  in String
                     Modifiers below.

                       log syslog "Service from %O complete";

                     This  directive causes access controls  as  specified  by
                     tcp_wrappers  to  be applied. This has the same effect as
                     invoking  a   service   with   a   server   argument   of
                     /usr/sbin/tcpd  (or  wherever  your  tcpd(8)  program  is
                     kept), but saves the  additional  step  of  starting  the
                     program.  It  will accept up to two additional arguments.
                     The first is a service name to apply against  its  rules,
                     and  the  second is a block of instructions to execute if
                     matched. If no name is specified, it defaults to the name
                     of   the   service.  If  the  instruction  block  is  not
                     specified, it defaults to ’exit;’.

                       tcpd "in.telnetd";

                       tcpd { exec "/usr/local/bin/winnuke %O"; }

                       tcpd "pointless" { echo "Hi guys, come on in."; }

                       tcpd "defiant" { echo "500 Access denied from %O."; exit; }

                     This directive is only useful  in  an  instruction  block
                     argument  to  the ´tcpd´ directive. Note well - not using
                     it (and not specifying some other terminating  directive,
                     such as ’exec’, will result in the service being run).

                       exit; #(duh)

                     This  directive  specifies  the  capabilities  that  this
                     service should have  when  running.  The  argument  is  a
                     string  that  is  passed directly to cap_from_text(3).  I
                     know, that’s a pretty lousy description, but this feature
                     is  of  limited  utility  until  and  unless you read the
                     README.capabilities file anyway.

                       capability "cap_setuid=ep";

                     This directive takes two arguments. The first is a symbol
                     specifying  the  type of limit required. These are listed
                     below. The second argument takes one of two forms. It can
                     either  be  a single numeric value, in which case both of
                     the soft and hard limits of the resource in question will
                     be  set to this value. Alternatively, it can be a list in
                     the form:

                     rlimit type {
                             soft x; hard y;

                     In which case the  hard  and  soft  limits  will  be  set
                     appropriately.  In either case, the word unlimited can be
                     specified instead of a numeric value, thus  removing  any
                     restriction.  The  values  are  passed  directly  to  the
                     setrlimit(2) syscall, and should  be  specified  in  that

                             cpu,   fsize,  data,  stack,  core,  rss,  nproc,
                             nofile, memlock

                       rlimit cpu 15;

                     This directive  causes  initgroups(3)  to  be  called  at
                     service  startup,  which sets the supplementary groups of
                     the service according to the /etc/group file.


                     This directive specifies the protocol family that rlinetd
                     should  bind sockets on for this service. Currently, this
                     can  be  either  ipv4  or  ipv6.   If  unspecified,  this
                     defaults to something appropriate for the system.

                       family ipv6;

                     This  directive  lets  you  dump  a  file  as output to a

                       banner "/etc/nologin";

                     This  directive  allows  you  to  output  a   dynamically
                     generated line to the connection.

                       echo "500 Service denied from your IP (%O)";

                     This  directive  allows  you  to  specify  a Linux Socket
                     Filter  program  to  be  associated  with  the  listening
                     socket.  These  can  be  generated  with  a  tool such as

                       filter "/usr/local/lib/rlinetd/filters/privport";

                     This directive loops eternally, outputting  data  to  any
                     connection.  If  no argument is given, it echoes a subset
                     of the printable characters. However, a filename  can  be
                     supplied  as  an  argument, in which case the contents of
                     that file are output in a loop.

                       chargen "/usr/local/lib/spam";

       log "name" {

              This construct describes a logging target. The name parameter is
              used   as   an   argument   to  the  log  directive  in  service

                     This specifies the filename for this logfile.

                       path "/var/log/service.log";

                     This specifies the file permissions for the logfile.  The
                     argument  is required to be numeric, and defaults to 0640
                     if not specified.

                       mode 0600;

                     This specifies  the  uid  of  the  logfile,  and  can  be
                     specified as either a numeric uid, or username.

                       user "adm";

                     This  specifies  the  gid  of  the  logfile,  and  can be
                     specified as either a numeric gid, or groupname.

                       group "adm";

       defaults {

              This  construct  takes  the  same  parameters   as   a   service
              declaration,  but  instead of specifying a service sets defaults
              for all services specified subsequently.

       directory "path" "match" "ignore";
              This construct specifies a directory which  contains  additional
              configuration  files  to  be parsed. Parsing of these additional
              files does not commence until the current file is complete.  The
              match  and  ignore arguments are optional, and if specified, are
              used to filter the files in the directory. Filenames must  match
              the  "match"  regexp,  if given, and must not match the "ignore"
              regexp, if given. Filenames beginning with a  period  (’.’)  are
              skipped in all cases. Directories are not recursed into.

   String Modifiers
       There are a number of variables which can be substituted into arguments
       to some directives. Although they can all be used in the  same  places,
       the information accessed by some is unavailable in certain cases.

              %O The source IP address of the connection.

              %P The source port of the connection.

              %C The total CPU time used.

              %U The user CPU time used.

              %S The system CPU time.

              %r Maximum resident set size.

              %m Shared memory size.

              %d Unshared data size.

              %s Unshared stack size.

              %f Page reclaims.

              %F Page faults.

              %p Swaps.

              %i Block input operations.

              %o Block output operations.

              %n Messages sent.

              %c Messages received.

              %k Signals received.

              %w Voluntary context switches.

              %w Involuntary context switches.

              %e Exit code.

              %t Running time.

              %M  The  current  time  expressed  as  seconds since epoch 1980,
              dumped as a network order 32 bit word. This  has  absolutely  no
              use   other   than   in   implementing   the   inetd-like   time

              %I The current time and date, in pretty-printed ctime format.


       rlinetd(8), hosts_access(5)


       This manual page was written by Mikolaj J. Habryn <>.
       Modified by Robert Luberda <>.