Understanding inetd

inetd: the Internet Daemon

inetd starts at boot time and gets the list of services that it will manage from its configuration file. This file is typically /etc/inetd.conf, but sometimes /usr/etc/inetd.conf or /etc/servers. The format of this file is the same on all platforms:

    service type protocol wait user server cmdline

service: The service name. Service names are translated to port numbers by looking them up in the services file (often /etc/services) for TCP and UDP services, or the portmap daemon for RPC services.
type: The type of socket the service will use. This will be either stream, for connection-oriented protocols, or dgram, for datagram protocols. TCP-based services should always use stream, while UDP-based services should use dgram.
protocol: The communication protocol used by the service. This must be a protocol listed in the protocols file (usually found in the same directory as the inetd configuration file). This is usually tcp or udp. RPC services prepend rpc/ to the type.
wait: Whether the service can process multiple requests at one time. This option applies only to dgram sockets. If the service in question can process multiple requests, this should be wait. Otherwise, and for stream sockets, this should be nowait.
user: The user under which the process should run. Oftentimes this will be root, but if the daemon does not require root privileges, you should consider running it under a less privileged user. Programs which you do not particularly trust, or that you know have security problems are prime candidates to be run under a less privileged user.
server: The absolute pathname of the daemon to be executed. Internal services are marked by the keyword internal.
cmdline: The command-line arguments to the daemon. The first argument should be the short name of the program. This is a traditional Unix convention which is normally hidden by the shell.

Here is an example configuration file:

    ftp           stream  tcp     nowait  root    /usr/etc/ftpd ftpd -l
    telnet        stream  tcp     nowait  root    /usr/etc/telnetd telnetd
    shell         stream  tcp     nowait  root    /usr/etc/rshd rshd -L -a
    finger        stream  tcp     nowait  guest   /usr/etc/fingerd fingerd -l
    bootp         dgram   udp     wait    root    /usr/etc/bootp bootp
    mountd/1      stream  rpc/tcp wait    root    /usr/etc/rpc.mountd mountd
    mountd/1      dgram   rpc/udp wait    root    /usr/etc/rpc.mountd mountd
    chargen       stream  tcp     nowait  root    internal
    chargen       dgram   udp     wait    root    internal
    daytime       stream  tcp     nowait  root    internal
    daytime       dgram   udp     wait    root    internal
    time          stream  tcp     nowait  root    internal
    time          dgram   udp     wait    root    internal

The services file

``Standard'' services are offered on ports defined in the Assigned Numbers RFC, which is optional reading. This list (or, in practice, part of it) is kept in a Unix system's services file so that programs can convert service names to port numbers. This file is usually found in the same directory as the inetd configuration file.

If you add a new service to inetd.conf, you may also need to add that service to the services file. Typically, the standard services are already provided in the system's distributed services file, so you won't have to edit this file very often. You'll only need to add new services which you are providing that are not already listed..

The format of an entry in the services file is:

	service	port/protocol	[aliases]

service is the name of the service, which you use in inetd.conf. The port is the port number (from the Assigned Numbers RFC) which the service monitors. In the case of a client service of inetd, inetd would monitor the port. The protocol is the protocol used by the service, either tcp or udp. If a service can use either UDP or TCP, you must specify a line for each. aliases are any other names for the service (e.g. specifying www as an alternate name for http).

Effecting changes in the inetd configuration file

Whenever you change the configuration of inetd, you have to tell the daemon to re-read its configuration file before those changes will go into effect. To do this, send inetd a hangup signal with kill -HUP PID. It is a good idea to check the system log files after restarting inetd, to make sure you haven't introduced any errors to the configuration file.

Terms used: TCP, UDP, RPC, socket, process, RFC, port.