30.1 Introduction to Internet Services

Internet services work in the client-server model. The server programs are either started at the system startup time or are invoked by the inetd daemon when a new request arrives. One machine can act as a server for multiple services by using port numbers . A system may be acting as a server for one type of service and a client for another type. Internet services are used for many purposes, including remote login, remote file transfer, electronic mail, and host name resolution. Some of the widely used services are discussed in this chapter.

ARPA Services

ARPA services are commonly available on all network operating systems in common use today. These services are popular due to their use on the Internet. For example, you can use HP-UX, Windows PC, Linux, or any other modern operating system to transfer files from one place to another using FTP. Similarly, you can use the telnet client available on a Windows PC to log in to an HP-UX server connected to the Internet. Some of the common ARPA services are presented here.

REMOTE LOGIN USING TELNET

Telnet can be used to remotely log in to a UNIX system. The telnet command is used on the client side while the telnetd daemon runs as a server process on the HP-UX server. If you are currently logged into a system named myhp and want to log into another system named hp0 using user name boota , the telnet session will be as follows .

 $  telnet hp0  Trying... Connected to hp0. Escape character is '^]'. Local flow control on Telnet TERMINAL-SPEED option ON HP-UX hp0 B.11.00 A 9000/839 (tb) login:  boota  Password: Please wait...checking for disk quotas (c)Copyright 1983-1997 Hewlett-Packard Co.,  All Rights Reserved. (c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of   California (c)Copyright 1980, 1984, 1986 Novell, Inc. (c)Copyright 1986-1992 Sun Microsystems, Inc. (c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology (c)Copyright 1989-1993  The Open Software Foundation, Inc. (c)Copyright 1986 Digital Equipment Corp. (c)Copyright 1990 Motorola, Inc. (c)Copyright 1990, 1991, 1992 Cornell University (c)Copyright 1989-1991 The University of Maryland (c)Copyright 1988 Carnegie Mellon University (c)Copyright 1991-1997 Mentat, Inc. (c)Copyright 1996 Morning Star Technologies, Inc. (c)Copyright 1996 Progressive Systems, Inc. (c)Copyright 1997 Isogon Corporation                            RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause in DFARS 252.227-7013.                            Hewlett-Packard Company                            3000 Hanover Street                            Palo Alto, CA 94304 U.S.A. Rights for non-DOD U.S. Government Departments and Agencies are as set forth in FAR 52.227-19(c)(1,2). $ 

After logging into the remote system, you can perform any task you want depending on user privileges on the system, just as on your local system. To terminate the telnet session established with the remote system, use the exit command. You will see a "connection closed" message similar to the one shown here.

 $  exit  logout Connection closed by foreign host. $ 

Pseudoterminal devices are used to establish a telnet session. The default number of pseudoterminal devices is 60, which can be increased using the npty kernel configuration parameter (See Chapter 16, Reconfiguring the HP-UX Kernel).

FILE TRANSFER USING FTP

File transfer protocol (FTP) is used to transfer files from one system to another over a network. Files can be received from or sent to a system depending on the type of permissions you have. On the client side, you use the ftp command with the remote host name as the first command-line argument. The command then contacts the server process on the remote system. The server system requests a login name and password from the client to authenticate a user. If you supply a login name and password that are valid on the remote system, you are granted access. After that, you can perform different operations on files, such as listing, uploading, or downloading files. In the following FTP session, you are currently logged into system myhp as user root and download a file myfile from the home directory of user boota on system hp0 .

 #  ftp hp0  Connected to hp0. 220 hp0 FTP server (Version 1.1.214.4 Mon Feb 15 08:48:46 GMT 1999) ready. Name (myhp:root):  boota  331 Password required for boota. Password: 230 User boota logged in. Remote system type is UNIX. Using binary mode to transfer files. ftp>  get myfile  200 PORT command successful. 150 Opening BINARY mode data connection for myfile (655 bytes). 226 Transfer complete. 655 bytes received in 0.00 seconds (1071.44 Kbytes/s) ftp>  quit  221 Goodbye. # 

After establishing the FTP session, the ftp command displays its prompt, which is used to issue FTP commands. This command prompt is ftp> , as shown in the above FTP session. The words shown in boldface are FTP commands. The FTP get command is used to download a file while the FTP quit command is used to end an FTP session. A list of available commands can be displayed using the help command on an FTP prompt at any time as shown here. Help about a particular command can be found by using the command name as an argument to the help command.

 ftp>  help  Commands may be abbreviated.  Commands are: !               debug           mget            put             size $               dir             mkdir           pwd             status account         disconnect      mls             quit            struct append          form            mode            quote           system ascii           get             modtime         recv            sunique bell            glob            mput            reget           tenex binary          hash            newer           rstatus         trace bye             help            nmap            rhelp           type case            idle            nlist           rename          user cd              image           ntrans          reset           umask cdup            lcd             open            restart         verbose chmod           ls              prompt          rmdir           ? close           macdef          proxy           runique cr              mdelete         sendport        send delete          mdir            passive         site ftp> 

Many systems on the Internet allow anonymous FTP, where any user can log into a system and download files with the help of user name anonymous . You can enter your email address as the password for this user. The anonymous FTP is usually limited to file download from files under a restricted directory tree.

NETWORK TIME PROTOCOL (NTP)

Network Time Protocol (NTP) is used to synchronize the system time of a machine with a standard time source. Many time servers are available on the Internet that can be used as standard sources of time. NTP uses the xntpd daemon on HP-UX, which is responsible for synchronization of time with one or more time sources. Time synchronization is necessary for applications that exchange time-critical data. More explanation of NTP is provided in Chapter 35.

DYNAMIC ROUTING USING GATED

You have already used static routes in the last chapter. Static routes are used in simple networks. If you have a complex network where multiple paths exist from a source to a destination, dynamic routes are more efficient. Dynamic routing tables change depending on the availability of paths and load conditions on these paths. The gated daemon is used on HP-UX to keep the dynamic routing table updated. It supports several routing protocols, such as RIP, BGP, and OSPF.

Berkeley Services

In many cases, Berkeley services provide the same functionality as the ARPA services. Traditionally, Berkeley services are those applications that are used with the Berkeley System distribution (BSD). Many of the commands used as client processes start with the letter r and sometimes may be more convenient in LANs, as you don't have to type login names and passwords when switching from one system to another. However, the commands starting with r are considered to be less secure compared with the ARPA commands.

REMOTE LOGIN USING RLOGIN

The command used for remote login is rlogin . Like the telnet command, it needs the remote system name as its first argument. The remote login daemon rlogind should be enabled on the server side. To log into a system hp0 , you can use the following command:

 rlogin hp0 

REMOTE COPY USING RCP

The rcp command is used to copy files to and from a host on a network. Its syntax is similar to the UNIX cp command, where a remote system name followed by a colon character is added to the source or destination file name. The following command is used to copy file /etc/passwd from a remote system hp0 to the current directory.

 rcp hp0:/etc/profile . 

Proper permissions are required for executing the rcp command on the remote system. The user and group ownership can't be copied with the rcp command.

REMOTE EXECUTION USING REMSH

A command can be executed remotely on another system on a network. The remsh command is used for this purpose. The result of the command is displayed on a local terminal screen. For example, the following command shows a listing of the /etc directory of remote system hp0 .

 remsh hp0 ll /etc 

Again, a user with the same name as your login name must exist on the remote system, and you must be permitted to execute this command on that system.

BIND

Berkeley Internet Name Domain (BIND) is used for host name resolution. The system that is running the BIND service is also called Domain Name Server (DNS). It can resolve host names to IP addresses and vice versa. You don't need to run DNS in small isolated LANs. The configuration of DNS is discussed in detail in the next chapter.

SENDMAIL

Sendmail is used to transfer electronic mail within and across networks. Sendmail supports a number of mail transfer protocols including SMTP, which is the standard protocol for mail transfer on the Internet. Sendmail is the most widely used Mail Transport Agent (MTA) on the Internet. HP-UX includes a sendmail package in its standard distribution.

REMOTE PRINTING

You have already studied the use of the remote printer in Chapter 21. The rlpdaemon is responsible for managing remote print requests.

NETWORK INFORMATION

Different types of information about a network can be collected using HP-UX commands: You can get information about a user on any host on your network. To get information about another user on a remote system, you can use the finger command. Similarly, to get information about how long a remote server is up, you can use the ruptime command. A list of common client and server processes for Internet services is presented in Table 30-1.

Table 30-1. Clients and Servers for Internet Services

As mentioned earlier, all services use port numbers for establishing connections between a client and server. Table 30-2 shows well-known services and related port numbers.

Table 30-2. Ports Used by the ARPA and Berkeley Services

Security of Commands Starting with "r"

Commands starting with the letter " r " ( rlogin , rcp , remsh ) can be used on a network if proper security is maintained . There are two ways to enable users of one system to remotely access another system using these commands. The first method is where all users of a system are allowed to access services on another system. This method is called host equivalency, and it is enabled by the system administrator on the server system. In the second method, individual users can allow users on other systems to access the system with their own login name. This method is called user equivalency.

HOST EQUIVALENCY

To allow all users of a remote system to access resources on the local system, the /etc/ hosts .equiv file is used. The following conditions apply for host equivalency.

• If a remote host name is listed in the file, users of the remote host are allowed to access the local system if the local user name also matches the remote system user name.

• If the host name starts with a negative sign, access for all users on that system is denied . However, access for individual users can be granted using user equivalency.

• If a line contains a + symbol, it matches every host. For example, if the file consists of only one line with a + symbol in it, every host is granted access.

USER EQUIVALENCY

A user can set up his or her own permissions for the use of r-commands by overriding host equivalency. The remote user has the same privileges and restrictions as the local user. Each user can create a .rhosts file in the home directory. The syntax of this file is like the /etc/hosts.equiv file, the only difference being that user names that don't match the local user name can also be specified to grant access to the account. For example, the following line in the .rhosts file of user boota grants permission to a remote user jeff from any system to log in as user boota on the local system without a password.

 + jeff 

The line below allows access to user jeff from host myhp only.

 myhp jeff 

The following rules apply to this file.

• This file can allow or deny access, overriding the /etc/hosts.equiv file.

• A line that contains only a host name allows a user with the similar name from that host.

• A line starting with the host name and containing a user name allows the user with that name from that host.

• If a + symbol is used in the host name, all hosts are granted access.

• If a host name or user name starts with a - symbol, the access for that host or user is denied.

These two files must be readable for everybody, but write permissions should be granted only to the owners of these files. To disable use of the .rhosts file by system users (and hence to increase system security), you can use the -l option when a daemon is invoked through inetd by using the /etc/inetd.conf file.