inetd (internet service daemon) is a super-server

daemon Daimon or Daemon (Ancient Greek: , "god", "godlike", "power", "fate") originally referred to a lesser deity or guiding spirit such as the daimons of ancient Greek religion and mythology and of later Hellenistic religion and philosophy. The word ...

on many

Unix Unix (; trademarked as UNIX) is a family of multitasking, multiuser computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, and ot ...

systems that provides

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...

services. For each configured service, it listens for requests from connecting clients. Requests are served by spawning a process which runs the appropriate executable, but simple services such as ''echo'' are served by inetd itself. External executables, which are run on request, can be single- or multi-threaded. First appearing in 4.3BSD, it is generally located at /usr/sbin/inetd.

Function

Often called a super-server, inetd listens on designated

ports A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...

used by Internet services such as

FTP The File Transfer Protocol (FTP) is a standard communication protocol used for the transfer of computer files from a server to a client on a computer network. FTP is built on a client–server model architecture using separate control and data ...

POP3 In computing, the Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. POP version 3 (POP3) is the version in common use, and along with IMAP the most common p ...

, and

telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...

. When a TCP packet or UDP packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection. For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, in inetd's "nowait" mode of service management, no network code is required in the service-specific programs, as inetd hooks the network stream directly to

stdin In computer programming, standard streams are interconnected input and output communication channels between a computer program and its environment when it begins execution. The three input/output (I/O) connections are called standard input (stdin ...

and

stdout In computer programming, standard streams are interconnected input and output communication channels between a computer program and its environment when it begins execution. The three input/output (I/O) connections are called standard input (stdin ...

of the spawned process. For protocols that have frequent traffic, such as

HTTP The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...

and POP3, either inetd's "wait" mode of operation, or a dedicated server that intercepts the traffic directly may be preferable.

Setup

The list of services that will be serviced is given in a configuration file, usually /etc/inetd.conf. A

GUI The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...

for managing the configuration file is an optional accessory. The daemon may need a signal in order to re-read its configuration. For an example,

can be configured as follows (line taken from a machine running

AIX Aix or AIX may refer to: Computing * AIX, a line of IBM computer operating systems *An Alternate Index, for a Virtual Storage Access Method Key Sequenced Data Set * Athens Internet Exchange, a European Internet exchange point Places Belgi ...

version 5.1): telnet stream tcp6 nowait root /usr/sbin/telnetd telnetd -a The first word, telnet, is the official name of the service. It is resolved using the system database to map port numbers and protocols to service names. In this case, /etc/services should contain: telnet 23/tcp The second and third words describe the type of socket and underlying protocol respectively. The /etc/protocols database is consulted. The fourth word is the wait/nowait switch. A single-threaded server expects inetd to wait until it finishes reading all the data. Otherwise inetd lets the server run and spawns new, concurrent processes for new requests. The fifth word is the user name, from the /etc/passwd database, that the service program should run as. Finally, the path and the arguments of an external program are given. As usual, the first argument is the program name. In the example, inetd is told to launch the program /usr/sbin/telnetd with the command line arguments telnetd -a. inetd automatically hooks the socket to stdin, stdout, and stderr of the server program. Generally TCP sockets are handled by spawning a separate server to handle each connection concurrently. UDP sockets are generally handled by a single server instance that handles all packets on that port. Some simple services, such as

echo In audio signal processing and acoustics, an echo is a reflection of sound that arrives at the listener with a delay after the direct sound. The delay is directly proportional to the distance of the reflecting surface from the source and the lis ...

, are handled directly by inetd, without spawning an external server.

Creating an inetd service

This is a simple inetd service, written in C. It expects a command line argument containing a filename for a log file, and then it logs all strings sent through the socket to the log file. Note that this is a very insecure example program. #include #include int main(int argc, char **argv) The example uses

stdio The C programming language provides many standard library functions for file input and output. These functions make up the bulk of the C standard library header . The functionality descends from a "portable I/O package" written by Mike Lesk at ...

functions and it responds to network traffic coming in on stdin. In this case, we want all messages logged to a single file, so we only want one instance of the service running to service all requests. This means UDP is the correct protocol to use. First, an unused port number must be selected. In this sample, 9999 will be used. The /etc/services entry will look like this: errorLogger 9999/udp And the entry in /etc/inetd.conf will look like this: errorLogger dgram udp wait root /usr/local/bin/errlogd errlogd /tmp/logfile.txt This tells inetd to run the /usr/local/bin/errlogd program, with the commandline: errlogd /tmp/logfile.txt (refer to the inetd.conf

man page A man page (short for manual page) is a form of software documentation usually found on a Unix or Unix-like operating system. Topics covered include computer programs (including library and system calls), formal standards and conventions, and ev ...

for information on the other arguments). The first argument contains the filename to be used for the log file: /tmp/logfile.txt. inetd will run the service when needed, and attach port 9999 to the input and output streams, and all strings sent to that port will be logged to the file. By specifying wait, it tells inetd to only use one instance of the server to handle all requests. Note: the functionality of the above example is usually implemented by using

syslog In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, i ...

and a process like syslogd. syslogd would normally be started in parallel with inetd, not as an inetd service.

inetd replacements

In recent years, because of the security limitations in the original design of inetd, it has been replaced by

xinetd In computer networking, xinetd (''Extended Internet Service Daemon'') is an open-source super-server daemon which runs on many Unix-like systems, and manages Internet-based connectivity. It offers a more secure alternative to the older inetd ...

, rlinetd,

ucspi-tcp ucspi-tcp is a public domain Unix TCP command-line tool for building TCP client-server applications. It consists of super-server ''tcpserver'' and ''tcpclient'' application. Fro"Life with qmail" Dave Sill, 2 January 200 ''ucspi-tcp'' is an a ...

, and others in many systems. Distributions of

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...

especially have many options and

Mac OS X macOS (; previously OS X and originally Mac OS X) is a Unix operating system developed and marketed by Apple Inc. since 2001. It is the primary operating system for Apple's Mac (computer), Mac computers. Within the market of ...

(beginning with

Mac OS X v10.2 Mac OS X Jaguar (version 10.2) is the third major release of macOS, Apple's desktop and server operating system. It superseded Mac OS X 10.1 and preceded Mac OS X Panther. The operating system was released on August 23, 2002 either for sin ...

) uses

. As of version

Mac OS X v10.4 Mac OS X Tiger (version 10.4) is the 5th major release of macOS, Apple's desktop and server operating system for Mac computers. Tiger was released to the public on April 29, 2005 for US$129.95 as the successor to Mac OS X 10.3 Panther. Som ...

, Apple has merged the functionality of inetd into

launchd launchd is an init and operating system service management daemon created by Apple Inc. as part of macOS to replace its BSD-style init and SystemStarter. There have been efforts to port launchd to FreeBSD and derived systems. Components Th ...

. The services provided by inetd can be omitted entirely. This is becoming more common where machines are dedicated to a single function. For example, an HTTP server could be configured to just run

and have no other ports open. A dedicated firewall could have no services started.

systemd systemd is a software suite that provides an array of system components for Linux operating systems. Its main aim is to unify service configuration and behavior across Linux distributions; Its primary component is a "system and service manager ...

supports inetd services, and expands socket activation beyond IP messaging ( AF INET+6) to include

AF UNIX A Unix domain socket aka UDS or IPC socket (inter-process communication socket) is a data communications endpoint for exchanging data between processes executing on the same host operating system. It is also referred to by its address family AF_UN ...

AF NETLINK Netlink is a socket family used for inter-process communication (IPC) between both the kernel and userspace processes, and between different userspace processes, in a way similar to the Unix domain sockets available on certain Unix-like operat ...

and more.

Security concerns

While the inetd concept as a service dispatcher is not inherently insecure, the long list of services that inetd traditionally provided gave computer security experts pause. The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered. Unnecessary services being disabled and "off by default" became the mantra. It is not uncommon to find an /etc/inetd.conf with almost all the services commented out in a modern Unix distribution.

References

External links

* {{unix commands Articles with example C code Unix network-related software