Describe how server processes start and stop under the control of inetd.
Server Processes start and stop under the Control of inetd
As we discussed earlier, a system that offers many network services needs many server processes listening on many ports.
This need creates a substantial load on the system. The internet daemon[1], inetd, provides a mechanism for reducing the number of different listening servers and a
central location for controlling network services.
To accomplish these goals, the inetd process listens on many ports simultaneously for incoming connections.
When a connection arrives at one of the ports under its control, the inetd process uses the fork() and exec() system calls to
start specific server process needed to handle a connection at that well-known port.
For example, suppose that inetd is listening to TCP port 23.
When a new connection for port 23 arrives, inetd starts a telnet server process and passes the incoming connection to this new server process.
The inetd process is controlled by its configuration file /etc/inetd.conf. This file tells inetd how to respond to incoming connections on a given port. A typical line in the /etc/inetd.conf file looks like this:
service type protocol wait-status uid server arguments
Why is inetd called the Super Server?
inetd, also known as the "Internet super server" or simply "super server," is a daemon in Unix-based systems that manages incoming network connections for multiple services. It is called the "super server" because it centralizes the management of multiple network services, reducing the overhead of having each service run as a standalone daemon.
Here's how inetd works and why it is called the "super server":
Centralized management: inetd manages multiple network services by listening on the configured ports for incoming connections on behalf of these services. When a connection request is received, inetd determines the appropriate service to handle the request and starts the service, if not already running.
Reduced overhead: Instead of having multiple standalone daemons running continuously and consuming system resources, inetd allows services to be started on-demand when a connection request is received. This reduces the memory and CPU overhead of running multiple daemons simultaneously, particularly for services that are infrequently used.
Simplified configuration: With inetd, administrators can manage the configuration of multiple network services in one place, typically in the /etc/inetd.conf or /etc/xinetd.conf file (depending on the system). This simplifies the process of configuring, enabling, and disabling network services.
Access control: inetd can be configured to provide basic access control, such as allowing or denying connections from specific IP addresses or networks, for the services it manages. This can help improve security by restricting access to sensitive services.
Support for various protocols: inetd supports both TCP and UDP protocols, allowing it to manage a wide range of network services that use these protocols.
However, it is essential to note that inetd has been replaced by more modern alternatives in many Unix-based systems, such as xinetd and systemd. These alternatives provide more advanced features, better performance, and improved security compared to the traditional inetd daemon.
Here are some sample lines from /etc/inetd.conf, taken from a Linux machine: Below is an example from
/etc/inetd.conf
The name of the service that this line controls. This must be mentioned in /etc/services.
The socket type. The most common possibilities are stream or dgram. The stream type is used with tcp in the next field, the dgram type with UDP.
Specifies whether this is a TCP or UDP service.
Wait status. Wait means run this service as an iterative server (wait for one server to finish before starting another). Nowait means run it as a concurrent server (fork a server process, then go right back to listening on the port).
The user ID that will own the server process started by inetd.
The path name of the server process inetd will start.
Arguments. Any arguments to the server process started by inetd.
The name of the service that this line controls. This must be mentioned in /etc/services. typical line etcInetdConf
The first line of this file means that if an incoming connection arrives on the FTP port, then inetd should run the command:
/usr/sbin/tcpd in.ftpd -l –a
This line will handle a TCP connection (stream TCP) and root will own the resulting process. Furthermore, inetd will not wait for this process to finish before listening again on the FTP port, so FTP is treated concurrently. The program /usr/sbin/tcpd is a front end for network services. It provides additional levels of access control and logging. It will start the in.ftpd daemon process, which is the real FTP server process. We will not discuss tcpd in this course;
it could be eliminated (at some cost in security) by modifying the inetd.conf line to read:
Here are the steps you needed to follow to successfully complete this simulation:
The inetd daemon is a vital component of your UNIX system. It controls server processes, such as FTP, telnet, and finger. In this particular exercise, you will edit the inetd.conf file so that it forbids telnet access.
You are logged on locally as root. Switch to the /etc directory, where all UNIX systems store the inetd.conf file. Solution:cd /etc
You are now in the /etc directory. Open the inetd.conf file using vi. Solution:vi inetd.conf
View the contents of inetd.conf. Note that the telnet line is not commented out. These entries are the FTP and telnet entries.
They govern how these systems operate. Normally, you would have to press Esc, then ZZ to edit vi and save changes. However, for the purposes of this simulation, press Enter to exit the vi editor. Solution:Enter
You have now exited the vi editor. Issue the following command to determine what processes are open on your system: ps aux | grep in.telnetd Solution:ps aux | grep in.telnetd
Notice that you have three processes named in.telnetd. This means that three remote users are accessing this system. Issue ps aux | grep in.telnetd again. Solution:ps aux | grep in.telnetd
Note that the in.telnetd processes are no longer running. This means that the users have ended their sessions. In the next few steps, you are going to edit the inetd.conf file to block telnet access.
First, however, you should back up this file before you edit it. This ensures that you can solve any problems if you edit the file incorrectly. Issue the following command: cp inetd.conf inetd.conf.orig Solution:cp inetd.conf inetd.conf.orig
You have backed up inetd.conf and are now ready to edit it. The original inetd.conf file is now open for you in vi. Click on the appropriate line and use the appropriate character in the appropriate place to deny all telnet access. Solution:#
You have already saved your entry. Now, to finish the job of denying telnet access, you need to kill the existing inetd process.
This is because inetd is using the old inetd.conf file, and has not re-read it. First, determine what the process ID (PID) is by issuing the following command: ps aux | grep inetd Solution:ps aux | grep inetd
What is the PID of the inetd process you want to kill? Solution: 229
Use kill to kill this PID, then force inetd to scan inetd again. Solution:kill -HUP 229
You have now killed and restarted inetd. It is now using the inetd.conf file you have edited. Your UNIX box will no longer receive any requests coming through telnet.
Server Processes inetd using Solaris
In these simulations, you will explore how server processes start and stop under the control of inetd. Choose which UNIX version you would like to simulate by clicking either the Linux or the Solaris button.
iterative Concurrent Servers - Quiz
Click the Quiz link below to take a short multiple-choice quiz on server processes and iterative/concurrent servers.
iterative Concurrent Servers - Quiz
[1]Daemon: On UNIX systems, a process which runs independently of any login session and performs system maintenance or functions as a server.