inetd

inetd(internetservicedaemon) is asuper-server daemonon manyUnixsystems that providesInternetservices. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such asechoare served by inetd itself. External executables, which are run on request, can be single- ormulti-threaded.First appearing in4.3BSD,^[1]it is generally located at/usr/sbin/inetd.inetd is based on the (service) activator pattern^[2]

Function[edit]

Often called asuper-server,inetd listens on designatedportsused by Internet services such asFTP,POP3,andtelnet.When aTCPpacket orUDPpacket arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, in inetd's "nowait" mode of service management, no network code is required in the service-specific programs, as inetd hooks the network stream directly tostdinandstdoutof the spawned process. For protocols that have frequent traffic, such asHTTPand POP3, either inetd's "wait" mode of operation, or a dedicated server that intercepts the traffic directly may be preferable.

Setup[edit]

The list of services that will be serviced is given in a configuration file, usually/etc/inetd.conf.AGUIfor managing the configuration file is an optional accessory. The daemon may need a signal in order to re-read its configuration. For an example,telnetcan be configured as follows (line taken from a machine runningAIXversion 5.1):

telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a

The first word,telnet,is the official name of the service. It is resolved using the system database to map port numbers and protocols to service names. In this case,/etc/servicesshould contain:

telnet 23/tcp

The second and third words describe the type of socket and underlying protocol respectively. The/etc/protocolsdatabase is consulted.

The fourth word is the wait/nowait switch. A single-threaded server expects inetd to wait until it finishes reading all the data. Otherwise inetd lets the server run and spawns new, concurrent processes for new requests.

The fifth word is the user name, from the/etc/passwddatabase, that the service program should run as.

Finally, the path and the arguments of an external program are given. As usual, the first argument is the program name. In the example, inetd is told to launch the program/usr/sbin/telnetdwith the command line argumentstelnetd -a.inetd automatically hooks the socket to stdin, stdout, and stderr of the server program.

Generally TCP sockets are handled by spawning a separate server to handle each connection concurrently. UDP sockets are generally handled by a single server instance that handles all packets on that port.

Some simple services, such asecho,are handled directly by inetd, without spawning an external server.

Creating an inetd service[edit]

This is a simple inetd service, written inC.It expects a command line argument containing a filename for a log file, and then it logs all strings sent through the socket to the log file. Note that this is a very insecure example program.

#include<stdio.h>
#include<stdlib.h>

intmain(intargc,char**argv)
{
constchar*fn=argv[1];
FILE*fp=fopen(fn,"a+");
if(fp==NULL)
exit(EXIT_FAILURE);

charstr[4096];
/* inetd passes its information to us in stdin. */
while(fgets(str,sizeofstr,stdin)){
fputs(str,fp);
fflush(fp);
}
fclose(fp);
return0;
}

The example usesstdiofunctions and it responds to network traffic coming in on stdin. In this case, we want all messages logged to a single file, so we only want one instance of the service running to service all requests. This means UDP is the correct protocol to use. First, an unused port number must be selected. In this sample, 9999 will be used. The/etc/servicesentry will look like this:

errorLogger 9999/udp

And the entry in/etc/inetd.confwill look like this:

errorLogger dgram udp wait root /usr/local/bin/errlogd errlogd /tmp/logfile.txt

This tells inetd to run the/usr/local/bin/errlogdprogram, with the commandline:errlogd /tmp/logfile.txt(refer to the inetd.confman pagefor information on the other arguments). The first argument contains the filename to be used for the log file:/tmp/logfile.txt.inetd will run the service when needed, and attach port 9999 to the input and output streams, and all strings sent to that port will be logged to the file. By specifyingwait,it tells inetd to only use one instance of the server to handle all requests.

Note: the functionality of the above example is usually implemented by usingsyslogand a process like syslogd. syslogd would normally be started in parallel with inetd, not as an inetd service.

inetd replacements[edit]

In recent years, because of the security limitations in the original design of inetd, it has been replaced byxinetd,rlinetd,ucspi-tcp,and others in many systems. Distributions ofLinuxespecially have many options andMac OS X(beginning withMac OS X v10.2) usesxinetd.As of versionMac OS X v10.4,Apple has merged the functionality of inetd intolaunchd.

The services provided by inetd can be omitted entirely. This is becoming more common where machines are dedicated to a single function. For example, an HTTP server could be configured to just runhttpdand have no other ports open. A dedicated firewall could have no services started.

systemdsupports inetd services, and expands socket activation beyond IP messaging (AF INET+6) to includeAF UNIX,AF NETLINKand more.^[3]^[4]

Security concerns[edit]

While the inetd concept as a service dispatcher is not inherently insecure, the long list of services that inetd traditionally provided gave computer security experts pause. The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered. Unnecessary services being disabled and "off by default" became the mantra. It is not uncommon to find an/etc/inetd.confwith almost all the servicescommented outin a modern Unix distribution.

References[edit]

^inetd(8)–FreeBSDSystem Manager'sManual
^Lecture 21: Android Services and Local IPC (part 17),retrieved2023-10-23
^"Systemd for Developers I".
^"Rethinking PID 1".

External links[edit]

inetd(8):internet 'super-server' –FreeBSDSystem Manager'sManual

[1] inetd(8)–FreeBSDSystem Manager'sManual

[2] Lecture 21: Android Services and Local IPC (part 17),retrieved2023-10-23

[3] "Systemd for Developers I".

[4] "Rethinking PID 1".

[1]

[2]

[3]

[4]

v t e Unix command-line interfaceprograms andshell builtins
File system	cat chattr chmod chown chgrp cksum cmp cp dd du df file fuser ln ls mkdir mv pax pwd rm rmdir split tee touch type umask
Processes	at bg crontab fg kill nice ps time
User environment	env exit logname mesg talk tput uname who write
Text processing	awk basename comm csplit cut diff dirname ed ex fold head iconv join m4 more nl paste patch printf read sed sort strings tail tr troff uniq vi wc xargs
Shell builtins	alias cd echo test unset wait
Searching	find grep
Documentation	man
Software development	ar ctags lex make nm strip yacc
Miscellaneous	bc cal expr lp od sleep true and false
Categories Standard Unix programs Unix SUS2008 utilities List