Provided by: inetutils-inetd_1.9.2-1_amd64 
NAME
inetd — internet “super-server”
SYNOPSIS
inetd [-d] [-R rate] [--environment] [--resolve] [configuration_files ...]
WARNING
The information in this man page may be inaccurate or incomplete. The authoritative documentation for
the inetd utility is contained in inetutils.info document. To access it from your command line, type
info inetd
The online copy of the documentation is available at the following address:
http://www.gnu.org/software/inetutils/manual.
DESCRIPTION
The inetd program should be run at boot time by /etc/rc (see rc(8)). It then listens for connections on
certain internet sockets. When a connection is found on one of its sockets, it decides what service the
socket corresponds to, and invokes a program to service the request. The server program is invoked with
the service socket as its standard input, output and error descriptors. After the program is finished,
inetd continues to listen on the socket (except in some cases which will be described below).
Essentially, inetd allows running one daemon to invoke several others, reducing load on the system.
The options available for inetd:
-d, --debug
Turns on debugging.
--environment
Pass local and remote address data via environment variables. See ENVIRONMENT below.
-R, --rate rate
Specifies the maximum number of times a service can be invoked in one minute; the default is 40.
--resolve
Resolve local and remote IP addresses and pass them to the server program via TCPLOCALHOST and
TCPREMOTEHOST environment variables. See ENVIRONMENT below. This option implies --environment.
--version
Shows the version.
--help Shows the help.
Upon execution, inetd reads its configuration information from a configuration file on the command line,
by default, /etc/inetd.conf and /etc/inetd.d. If the configuration pathname is a directory, all the
files in the directory are read like a configuration file. All of the configuration files are read and
merged. There must be an entry for each field in the configuration file, with entries for each field
separated by a tab or a space. Comments are denoted by a ``#'' at the beginning of a line. The fields
of the configuration file are as follows:
service name
socket type
protocol
wait/nowait[.max]
user
server program
server program arguments
There are two types of services that inetd can start: standard and TCPMUX. A standard service has a
well-known port assigned to it; it may be a service that implements an official Internet standard or is a
BSD-specific service. As described in RFC 1078, TCPMUX services are nonstandard services that do not
have a well-known port assigned to them. They are invoked from inetd when a program connects to the
“tcpmux” well-known port and specifies the service name. This feature is useful for adding locally-
developed servers.
The service-name entry is the name of a valid service in the file /etc/services. For “internal” services
(discussed below), the service name must be the official name of the service (that is, the first entry in
/etc/services). For TCPMUX services, the value of the service-name field consists of the string “tcpmux”
followed by a slash and the locally-chosen service name. The service names listed in /etc/services and
the name “help” are reserved. Try to choose unique names for your TCPMUX services by prefixing them with
your organization's name and suffixing them with a version number.
The socket-type should be one of “stream”, “dgram”, “raw”, “rdm”, or “seqpacket”, depending on whether
the socket is a stream, datagram, raw, reliably delivered message, or sequenced packet socket. TCPMUX
services must use “stream”.
The protocol must be a valid protocol as given in /etc/protocols. Examples might be “tcp” or “udp”.
TCPMUX services must use “tcp”.
The wait/nowait[.max] entry specifies whether the server that is invoked by inetd will take over the
socket associated with the service access point, and thus whether inetd should wait for the server to
exit before listening for new service requests. Datagram servers must use “wait”, as they are always
invoked with the original datagram socket bound to the specified service address. These servers must
read at least one datagram from the socket before exiting. If a datagram server connects to its peer,
freeing the socket so inetd can received further messages on the socket, it is said to be a
“multi-threaded” server; it should read one datagram from the socket and create a new socket connected to
the peer. It should fork, and the parent should then exit to allow inetd to check for new service
requests to spawn new servers. Datagram servers which process all incoming datagrams on a socket and
eventually time out are said to be “single-threaded”. Comsat(8), (biff(1)) and talkd(8) are both
examples of the latter type of datagram server. Tftpd(8) is an example of a multi-threaded datagram
server. The optional “max” suffix (separated from “wait” or “nowait” by a dot) specifies the maximum
number of times a service can be invoked in one minute; the default is 40. If a service exceeds this
limit, inetd will log the problem and stop servicing requests for the specific service for ten minutes.
See also the -R option above.
Servers using stream sockets generally are multi-threaded and use the “nowait” entry. Connection
requests for these services are accepted by inetd, and the server is given only the newly-accepted socket
connected to a client of the service. Most stream-based services operate in this manner. Stream-based
servers that use “wait” are started with the listening service socket, and must accept at least one
connection request before exiting. Such a server would normally accept and process incoming connection
requests until a timeout. TCPMUX services must use “nowait”.
The optional “max” suffix (separated from “wait” or “nowait” by a dot) is a decimal number that specifies
the maximum number of server instances that may be spawned from inetd within an interval of 60 seconds.
It overrides the settings of the -R command line option.
The user entry should contain the user name of the user as whom the server should run. This allows for
servers to be given less permission than root.
The server-program entry should contain the pathname of the program which is to be executed by inetd when
a request is found on its socket. If inetd provides this service internally, this entry should be
“internal”.
The server program arguments should be just as arguments normally are, starting with argv[0], which is
the name of the program. If the service is provided internally, the word “internal” should take the
place of this entry.
The inetd program provides several “trivial” services internally by use of routines within itself. These
services are “echo”, “discard”, “chargen” (character generator), “daytime” (human readable time), and
“time” (machine readable time, in the form of the number of seconds since midnight, January 1, 1900).
All of these services are tcp based. For details of these services, consult the appropriate RFC from the
Network Information Center.
The inetd program rereads its configuration file when it receives a hangup signal, SIGHUP. Services may
be added, deleted or modified when the configuration file is reread.
TCPMUX
RFC 1078 describes the TCPMUX protocol: ``A TCP client connects to a foreign host on TCP port 1. It
sends the service name followed by a carriage-return line-feed <CRLF>. The service name is never case
sensitive. The server replies with a single character indicating positive (+) or negative (-)
acknowledgment, immediately followed by an optional message of explanation, terminated with a <CRLF>. If
the reply was positive, the selected protocol begins; otherwise the connection is closed.'' The program
is passed the TCP connection as file descriptors 0 and 1.
If the TCPMUX service name begins with a ``+'', inetd returns the positive reply for the program. This
allows you to invoke programs that use stdin/stdout without putting any special server code in them.
The special service name “help” causes inetd to list TCPMUX services in inetd.conf.
ENVIRONMENT
If a connection is made with a streaming protocol (TCP) and if --environment option has been given, inetd
will set the following environment variables before starting the program:
PROTO: always "TCP".
TCPLOCALIP: the local IP address of the interface which accepted the connection.
TCPLOCALPORT: the port number on which the TCP connection was established.
TCPREMOTEIP: the IP address of the remote client.
TCPREMOTEPORT: the port number on the client side of the TCP connection.
In addition, if given the --remote option, inetd will set the following environment variables:
TCPLOCALHOST: the DNS name of TCPLOCALIP.
TCPREMOTEHOST: the DNS name of TCPREMOTEIP.
EXAMPLES
Here are several example service entries for the various types of services:
ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd
tcpmux/+date stream tcp nowait guest /bin/date date
tcpmux/phonebook stream tcp nowait guest /usr/local/bin/phonebook phonebook
ERROR MESSAGES
The inetd server logs error messages using syslog(3). Important error messages and their explanations
are:
service/protocol server failing (looping), service terminated.
The number of requests for the specified service in the past minute exceeded the limit. The limit exists
to prevent a broken program or a malicious user from swamping the system. This message may occur for
several reasons: 1) there are lots of hosts requesting the service within a short time period, 2) a
'broken' client program is requesting the service too frequently, 3) a malicious user is running a
program to invoke the service in a 'denial of service' attack, or 4) the invoked service program has an
error that causes clients to retry quickly. Use the [-R] option, as described above, to change the rate
limit. Once the limit is reached, the service will be reenabled automatically in 10 minutes.
service/protocol: No such user 'user', service ignored
service/protocol: getpwnam: user: No such user
No entry for user exists in the passwd file. The first message occurs when inetd (re)reads the
configuration file. The second message occurs when the service is invoked.
service: can't set uid number
service: can't set gid number
The user or group ID for the entry's user is invalid.
SEE ALSO
comsat(8), fingerd(8), ftpd(8), rexecd(8), rlogind(8), rshd(8), telnetd(8), tftpd(8)
BUGS
The environment variables (see ENVIRONMENT) are set only for TCP IPv4 nowait connections.
HISTORY
The inetd command appeared in 4.3BSD. TCPMUX is based on code and documentation by Mark Lottor.
4.4BSD October 21, 2006 INETD(8)