Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ inetd(1M) — DG/UX R4.11MU05

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

syslog(3C)

inetd.conf(4M)

syslog.conf(5)



inetd(1M)                      DG/UX R4.11MU05                     inetd(1M)


NAME
       inetd - Internet services server

SYNOPSIS
       /usr/bin/inetd [ -d ] [ configuration-file ]

DESCRIPTION
       The inetd process (daemon) listens for connections on the appropriate
       designated ports of the services specified in inetd.conf.  When a
       connection is found, inetd invokes the server program specified by
       that configuration file for the service requested.  Once a server is
       finished, inetd continues to listen on the socket (except in some
       cases that are described below).

       Use the -d option to write various diagnostic messages to syslog at
       level LOG_NOTICE.  See syslog(3C) for more information.

       The inetd server itself provides a number of simple TCP-based
       services.  These include echo, discard, chargen (character
       generator), daytime (human readable time), and time (machine readable
       time, in the form of the number of seconds since midnight, January 1,
       1900).  For details about these services, obtain Requests for Comment
       (RFC) 862, 863, 864, 867, and 868.  (The Guide to AViiON and DG/UX®
       System Documentation gives the address to use for obtaining RFCs.)

       New services can be activated and existing services deleted or
       modified by editing the configuration file and then sending the inetd
       server a hangup signal, SIGHUP.

       When you start inetd, the Internet server, it reads its configuration
       information from configuration-file. The default configuration file
       is /etc/inetd.conf. See inetd.conf(4M) for information on the format
       of this file.  There are two inetd.conf prototype files:
       inetd.conftcpip.proto and inetd.confnfs.proto.  During setup, the
       inetd.conf file is established by concatenating the two prototype
       files.

       The following items pertain to trusted DG/UX systems only.

       ·   If inetd is not already running, you can start inetd only by
           rebooting your system. If inetd is running, you can restart inetd
           by sending it a hangup signal, SIGHUP.

       ·   Several services that are normally provided on a standard DG/UX
           system are disabled. See the manual Managing Security on the
           DG/UX® System and the inetd.conf(4) man page for more
           information.

       ·   Inetd behaves differently depending upon whether the service it
           is launching is trusted or non-trusted.  A service is typically
           marked as trusted for one of two reasons: either the executable
           communicates with the session monitor on its own behalf, or it is
           known to introduce no security risk to the system.  See
           inetd.conf(4M) for how inetd determines if a service is trusted
           or non-trusted.

           For non-trusted services, inetd communicates with the session
           monitor on behalf of the service to determine if the user has
           authorization.  See inetd.conf(4M) for how inetd determines the
           user; the service is always taken directly from /etc/inetd.conf.
           In order for the session monitor to grant inetd's request, the
           user account must have service authorization.  Furthermore, it
           must not require any authentication since inetd can not, for
           example, ask for a password on behalf of the service.  If the
           request is granted, the credentials of the child process are set
           appropriately prior to exec'ing the service's executable.  The
           actual credentials are never more powerful than those configured
           for the user and service, but may also be constrained by the
           credentials from Trusted IP; this is dependent upon which service
           inetd is launching.

           For trusted services, inetd does not communicate with the session
           monitor on the service's behalf.  On a system running with MAC
           and network security (that is, Trusted IP), the process's MAC
           label and range are set to those provided by Trusted IP prior to
           exec'ing the service's executable.  On a system running with CAC
           and network security, the process's CAP state is set so that the
           DG_CAP_MULTILEVEL_DEVICE capability is turned off if it were not
           in the credentials provided by Trusted IP; otherwise, the trusted
           process's CAP state is identical to inetd's CAP state.  If the
           DG_CAP_MULTILEVEL_DEVICE is set, any device that is associated
           with the network session will have a MAC range equal to the
           process's MAC range; otherwise, the device's MAC range will be a
           trivial range equal to the process's MAC label.  The upshot of
           this is that unless the DG_CAP_MULTILEVEL_DEVICE capability is
           set, authorization can only occur at the process MAC label (which
           was the MAC label provided by Trusted IP).


FILES
       /etc/inetd.conf
       /etc/syslog.conf

SEE ALSO
       syslog(3C), inetd.conf(4M), syslog.conf(5).

       Managing Security on the DG/UX® System


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026