Super-server configuration file (UNIX)
The /etc/inetd.conf file is the default configuration file for the inetd (super-server) daemon.
The file must have an entry in each of its fields, with each field separated by a tab or a space. Comments are denoted by a pound sign (#) at the beginning of a line.
The fields in the configuration file are:
[addr:]service-name | service-name/version socket-type protocol[,sndbuf=size][,rcvbuf=size] wait|nowait[:max] user[:group] server-program server program arguments
Here's a description of the arguments:
- The local host address that inetd uses when listening for a service.
A single asterisk character (*) indicates that it is to listen on all local addresses
When a line contains an address specifier and colon only (no service-name field is specified), the address specifier is assumed for all further lines until another line with an explicit address specifier appears, or until the end of the file is reached.
- Name of a valid service in the
For internal services (see server program arguments), the service name must be the official name of the service (i.e. the first entry in /etc/services).
- The RPC version number. It can simply be a single numeric argument or a range of versions. A range is bounded by the low version to the high version (e.g. rusers/1-3).
- One of stream, dgram, or raw, depending on whether the socket is a stream, datagram, or raw socket.
- A valid protocol; for example, tcp or udp from /etc/protocols.
If you need to specify an IP version explicitly, use protocols such as tcp4 (for IPv4) or udp6 (for IPv6). Protocols, such as tcp or udp, default to the current IP version (currently IPv4).
- rcvbuf=size or sndbuf=size
- Size of the send or receive buffer for the listening socket.
This may be useful for the TCP protocol because the window scale factor,
that's based on the receive socket buffer size, is advertised when the connection handshake occurs.
Therefore, the socket buffer size for the server must be set on the listening socket.
In some situations, you may realize better TCP performances when increasing the socket buffer sizes.
The socket buffer sizes are specified by appending their values to the protocol specification as follows:
tcp,rcvbuf=16384 tcp,sndbuf=64k tcp,rcvbuf=64k,sndbuf=1m
A literal value may be specified or modified using k (for kilobytes) or m (for megabytes). Socket buffer sizes may be specified for all services and protocols except for the TCP port service multiplexer (TCPMUX) services.
- Tell inetd if it should wait for the server program to return,
or to continue processing connections on the socket.
Sockets other than datagram sockets should have a
nowait entry in this space.
If a datagram server connects to its peer,
freeing the socket so inetd can receive further
messages on the socket, it's said to be a
multi-threaded server and should use the nowait entry.
If a datagram server processes all incoming datagrams on a socket and eventually times out, that server is said to be single-threaded and should use a wait entry. The tftpd daemon is an exception; it's a datagram server that establishes pseudo-connections. It must be listed as wait in order to avoid a race; the server reads the first packet, creates a new socket, and then forks and exits to let inetd check for new service requests to spawn new servers.
Stream servers are usually marked as nowait, but if a single server process is to handle multiple connections, it may be marked as wait. The master socket is passed as fd 0 to the server, which then needs to accept the incoming connection. The server should eventually time out and exit when no more connections are active. The inetd daemon will continue to listen on the master socket for connections. The identd server is usually the only stream server marked as wait.
- Maximum number of server instances that may be spawned from inetd within an interval of 60 seconds. If omitted, max defaults to 40 server instances.
- Name of the user that the server runs as. This allows servers to be given less permission than root.
- Allow servers to run with a different (primary) group ID than specified in the password file.
If a group is specified and user isn't root,
the supplementary groups associated with that user will still be set.
A group name is specified by appending a colon or dot (allowed for backwards compatibility) to the user name followed by the group name.
- Pathname of the program that inetd executes when a request is found on inetd's socket. If the desired service is provided internally by inetd (e.g. see echo in the inetd utility page), this field would contain the word internal.
- server program arguments
- Any arguments to be passed to the server program. The name of the program is passed as argv. If the server program field is internal, you can leave this field blank.
Setting the IPsec policy
You can specify the IPsec policy setting for each socket in a special comment line. A line that starts with the special comment #@ identifies the policy specifier, and the content of the comment line is treated as the IPsec policy string.
Valid policy settings for /etc/inetd.conf include:
direction bypass direction entrust direction ipsec request ...
Multiple IPsec policy strings may be specified using semicolons as separators. If conflicting strings are found in a single line, the last string takes effect.
When a policy specifier is set with #@, all further lines in the /etc/inetd.conf configuration file are also affected. You can reset the IPsec policy by inserting a comment line without a policy string (i.e. a comment line containing #@ only).
If an invalid IPsec policy string appears in /etc/inetd.conf, inetd leaves error messages using syslog() and terminates itself.
IPv6 TCP/UDP behavior
If you want to run a server for both IPv4 and IPv6 traffic, you'll need to run two separate processes for the same server program. You do this by adding two separate lines in inetd.conf, one for tcp4 and one for tcp6.
Under various combination of IPv4/v6 daemon settings, inetd behaves as follows:
|If you have:||IPv4 traffic:||IPv6 traffic:|
|Only one server on tcp4||Routed to the server||Isn't accepted|
|Two servers: one on tcp4 and one on tcp6||Routed to the server on tcp4||Routed to the server on tcp6|
|Only one server on tcp6||For certain configurations, may be routed to the tcp6 server (see the IP6 protocol page for details).||Routed to the server on tcp6.|
The following is an example from a working inetd.conf file:
ftp stream tcp nowait root /usr/sbin/ftpd in.ftpd -el
- Is the service name (see /etc/services).
- Is the socket type.
- Is the protocol.
- Is the wait/nowait entry.
- Is the user.
- Is the server program.
- Is argv (server program arguments).
- Is argv (server program arguments).