Frequently, services are performed by so-called daemons. A daemon is a program that opens a certain port, and waits for incoming connections. If one occurs, it creates a child process which accepts the connection, while the parent continues to listen for further requests. This concept has the drawback that for every service offered, a daemon has to run that listens on the port for a connection to occur, which generally means a waste of system resources like swap space.
Thus, almost all installations run a ``super-server'' that creates sockets for a number of services, and listens on all of them simultaneously using the select(2) system call. When a remote host requests one of the services, the super-server notices this and spawns the server specified for this port.
The super-server commonly used is inetd, the Internet Daemon. It is started at system boot time, and takes the list of services it is to manage from a startup file named /etc/inetd.conf. In addition to those servers invoked, there are a number of trivial services which are performed by inetd itself called internal services. They include chargen which simply generates a string of characters, and daytime which returns the system's idea of the time of day.
An entry in this file consists of a single line made up of the following fields:
service type protocol wait user server cmdlineThe meaning of each field is as follows:
Figure: A sample /etc/inetd.conf file
# # inetd services ftp stream tcp nowait root /usr/sbin/ftpd in.ftpd -l telnet stream tcp nowait root /usr/sbin/telnetd in.telnetd -b/etc/issue #finger stream tcp nowait bin /usr/sbin/fingerd in.fingerd #tftp dgram udp wait nobody /usr/sbin/tftpd in.tftpd #tftp dgram udp wait nobody /usr/sbin/tftpd in.tftpd /boot/diskless login stream tcp nowait root /usr/sbin/rlogind in.rlogind shell stream tcp nowait root /usr/sbin/rshd in.rshd exec stream tcp nowait root /usr/sbin/rexecd in.rexecd # # inetd internal services # daytime stream tcp nowait root internal daytime dgram udp nowait root internal time stream tcp nowait root internal time dgram udp nowait root internal echo stream tcp nowait root internal echo dgram udp nowait root internal discard stream tcp nowait root internal discard dgram udp nowait root internal chargen stream tcp nowait root internal chargen dgram udp nowait root internalThe finger service is commented out, so that it is not available. This is often done for security reasons, because may be used by attackers to obtain names of users on your system.
The tftp is shown commented out as well. tftp implements the Primitive File Transfer Protocol that allows to transfer any world-readable files from your system without password checking etc. This is especially harmful with the /etc/passwd file, even more so when you don't use shadow password.
TFTP is commonly used by diskless clients and X-terminals to download their code from a boot server. If you need to run tftpd for this reason, make sure to limit its scope to those directories clients will retrieve files from by adding those directory names to tftpd's command line. This is shown in the second tftp line in the example.
Thu Mar 7 23:22:06 EST 1996