next up previous contents
Next: The tcpd access control Up: Various Network Applications Previous: Various Network Applications

The inetd Super-Server

         

Frequently, services are performed by so-called daemons. A daemon is a program that opens a certain port, and waits for incoming connections. If one occurs, it creates a child process which accepts the connection, while the parent continues to listen for further requests. This concept has the drawback that for every service offered, a daemon has to run that listens on the port for a connection to occur, which generally means a waste of system resources like swap space.

Thus, almost all installations run a ``super-server'' that creates sockets for a number of services, and listens on all of them simultaneously using the select(2) system call. When a remote host requests one of the services, the super-server notices this and spawns the server specified for this port.

      The super-server commonly used is inetd, the Internet Daemon. It is started at system boot time, and takes the list of services it is to manage from a startup file named /etc/inetd.conf. In addition to those servers invoked, there are a number of trivial services which are performed by inetd itself called internal services. They include chargen which simply generates a string of characters, and daytime which returns the system's idea of the time of day.

An entry in this file consists of a single line made up of the following fields:

The meaning of each field is as follows:

 
Figure:   A sample /etc/inetd.conf file.

    A sample inetd.conf file is shown in figure gif. The finger service commented out, so that it is not available. This is often done for security reasons, because may be used by attackers to obtain names of users on your system.

      The tftp is shown commented out as well. tftp implements the Primitive File Transfer Protocol that allows to transfer any world-readable files from your system without password checking etc. This is especially harmful with the /etc/passwd file, even more so when you don't use shadow password.

TFTP is commonly used by diskless clients and X terminals to download their code from a boot server. If you need to run tftpd for this reason, make sure to limit its scope to those directories clients will retrieve files from by adding those directory names to tftpd's command line. This is shown in the second tftp line in the example.

 


next up previous contents
Next: The tcpd access control Up: Various Network Applications Previous: Various Network Applications

Andrew Anderson
Thu Mar 7 23:22:06 EST 1996