os/doc
3
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

First 1/2 of edits to this section.

Browse source 
Shuffle content into a more logical order and clarify text.
Rename a few sub-sections and remove reference to a section that was merged into another section.

Sponsored by: iXsystems
This commit is contained in:
Dru Lavigne 2014-01-31 15:30:54 +00:00
parent 2223d9a1a6
commit c09698e58c
Notes: svn2git 2020-12-08 03:00:23 +00:00 
svn path=/head/; revision=43706
2 changed files with 131 additions and 134 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
View file

@ -4232,7 +4232,7 @@ cd /usr/src/etc; make distribution</programlisting>
<step>
<para>Enable &man.inetd.8; by following the steps outlined
in <xref linkend="network-inetd-settings"/>.</para>
in <xref linkend="network-inetd-conf"/>.</para>
</step>
<step>

263
en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
View file

@ -132,20 +132,20 @@
-->
<title>The <application>inetd</application>
<quote>Super-Server</quote></title>
Super-Server</title>
<sect2 xml:id="network-inetd-overview">
<title>Overview</title>
<para>The &man.inetd.8; daemon is sometimes referred to as the
<quote>Internet Super-Server</quote> because it manages
connections for many services. When a connection is received
by <application>inetd</application>, it determines which
program the connection is destined for, spawns the particular
process and delegates the socket to it (the program is invoked
with the service socket as its standard input, output and
error descriptors). Running <application>inetd</application>
for servers that are not heavily used can reduce the overall
<para>The &man.inetd.8; daemon is sometimes referred to as a
Super-Server because it manages
connections for many services. Instead of starting multiple
applications, only the <application>inetd</application> service
needs to be started. When a connection is received
for a service that is managed by <application>inetd</application>, it determines which
program the connection is destined for, spawns a
process for that program, and delegates the program a socket.
Using <application>inetd</application>
for services that are not heavily used can reduce
system load, when compared to running each daemon individually
in stand-alone mode.</para>
@ -155,133 +155,44 @@
<application>auth</application>, and
<application>daytime</application>.</para>
<para>This section covers the basics in configuring
<application>inetd</application> through its command-line
options and its configuration file,
<filename>/etc/inetd.conf</filename>.</para>
</sect2>
<sect2 xml:id="network-inetd-settings">
<title>Settings</title>
<para><application>inetd</application> is initialized through
the &man.rc.8; system. The <literal>inetd_enable</literal>
option is set to <literal>NO</literal> by default. It can be
enabled by placing:</para>
<programlisting>inetd_enable="YES"</programlisting>
<para>into <filename>/etc/rc.conf</filename>.
<application>inetd</application> will now start at boot time.
The command:</para>
<screen>&prompt.root; <userinput>service inetd rcvar</userinput></screen>
<para>can be run to display the current effective
setting.</para>
<para>Additionally, different command-line options can be passed
to <application>inetd</application> via the
<literal>inetd_flags</literal> option.</para>
</sect2>
<sect2 xml:id="network-inetd-cmdline">
<title>Command-Line Options</title>
<para>Like most server daemons, <application>inetd</application>
has a number of options that it can be passed in order to
modify its behaviour. Refer to &man.inetd.8; for
the full list of options.</para>
<para>Options can be passed to <application>inetd</application>
using the <literal>inetd_flags</literal> option in
<filename>/etc/rc.conf</filename>. By default,
<literal>inetd_flags</literal> is set to
<literal>-wW -C 60</literal>, which turns on TCP wrapping for
<application>inetd</application>'s services, and prevents any
single <acronym>IP</acronym> address from requesting any
service more than 60 times in any given minute.</para>
<para>Although we mention rate-limiting options below, novice
users may be pleased to note that these parameters usually do
not need to be modified. These options may be useful if
an excessive amount of connections are being established.
A full list of options can be found in
&man.inetd.8;.</para>
<variablelist>
<varlistentry>
<term>-c maximum</term>
<listitem>
<para>Specify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
<option>max-child</option> parameter.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-C rate</term>
<listitem>
<para>Specify the default maximum number of times a
service can be invoked from a single
<acronym>IP</acronym> address in one minute; the default
is unlimited. May be overridden on a per-service basis
with the
<option>max-connections-per-ip-per-minute</option>
parameter.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-R rate</term>
<listitem>
<para>Specify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s maximum</term>
<listitem>
<para>Specify the maximum number of times a service can be
invoked from a single <acronym>IP</acronym> address at
any one time; the default is unlimited. May be
overridden on a per-service basis with the
<option>max-child-per-ip</option> parameter.</para>
</listitem>
</varlistentry>
</variablelist>
<para>This section covers the basics of configuring
<application>inetd</application>.</para>
</sect2>
<sect2 xml:id="network-inetd-conf">
<!-- XXX This section is not very clear and could do with some tlc -->
<title><filename>inetd.conf</filename></title>
<title>Configuration File</title>
<para>Configuration of <application>inetd</application> is
done by editing <filename>/etc/inetd.conf</filename>.</para>
done by editing <filename>/etc/inetd.conf</filename>. Each line of this configuration file represents an application
which can be started by <application>inetd</application>. By
default, every line starts with a comment
(<literal>#</literal>), meaning that <application>inetd</application>
is not listening for any applications. To configure
<application>inetd</application> to listen for an application's
connections, remove the <literal>#</literal> at the beginning of
the line for that application.</para>
<para>When a modification is made to
<filename>/etc/inetd.conf</filename>,
<application>inetd</application> can be forced to re-read its
configuration file by running the command:</para>
<para>After saving your edits, configure <application>inetd</application>
to start at system boot by editing <filename>/etc/rc.conf</filename>:</para>
<example xml:id="network-inetd-reread">
<title>Reloading the <application>inetd</application>
Configuration File</title>
<programlisting>inetd_enable="YES"</programlisting>
<screen>&prompt.root; <userinput>service inetd reload</userinput></screen>
</example>
<para>To start
<application>inetd</application> now, so that it listens for
the service you configured, type:</para>
<para>Each line of the configuration file specifies an
individual daemon. Comments in the file are preceded by a
<quote>#</quote>. The format of each entry in
<filename>/etc/inetd.conf</filename> is as follows:</para>
<screen>&prompt.root; <userinput>service inetd start</userinput></screen>
<para>Typically, the default entry for an application does not
need to be edited beyond removing the <literal>#</literal>.
In some situations, it may be appropriate to edit the default
entry.</para>
<para>As an example, this is the default entry for &man.ftpd.8; using IPv4:</para>
<programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
<para>The seven columns in an entry are as follows:</para>
<programlisting>service-name
socket-type
@ -291,10 +202,7 @@ user[:group][/login-class]
server-program
server-program-arguments</programlisting>
<para>An example entry for the &man.ftpd.8; daemon using IPv4
might read:</para>
<programlisting>ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l</programlisting>
<para>where:</para>
<variablelist>
<varlistentry>
@ -489,6 +397,95 @@ server-program-arguments</programlisting>
</listitem>
</varlistentry>
</variablelist>
<para>When a modification is made to
<filename>/etc/inetd.conf</filename>,
<application>inetd</application> can be forced to re-read its
configuration file by running the command:</para>
<example xml:id="network-inetd-reread">
<title>Reloading the <application>inetd</application>
Configuration File</title>
<screen>&prompt.root; <userinput>service inetd reload</userinput></screen>
</example>
</sect2>
<sect2 xml:id="network-inetd-cmdline">
<title>Command-Line Options</title>
<para>Additionally, different command-line options can be passed
to <application>inetd</application> via the
<literal>inetd_flags</literal> option.</para>
<para>Like most server daemons, <application>inetd</application>
has a number of options that it can be passed in order to
modify its behaviour. Refer to &man.inetd.8; for
the full list of options.</para>
<para>Options can be passed to <application>inetd</application>
using the <literal>inetd_flags</literal> option in
<filename>/etc/rc.conf</filename>. By default,
<literal>inetd_flags</literal> is set to
<literal>-wW -C 60</literal>, which turns on TCP wrapping for
<application>inetd</application>'s services, and prevents any
single <acronym>IP</acronym> address from requesting any
service more than 60 times in any given minute.</para>
<para>Although we mention rate-limiting options below, novice
users may be pleased to note that these parameters usually do
not need to be modified. These options may be useful if
an excessive amount of connections are being established.
A full list of options can be found in
&man.inetd.8;.</para>
<variablelist>
<varlistentry>
<term>-c maximum</term>
<listitem>
<para>Specify the default maximum number of simultaneous
invocations of each service; the default is unlimited.
May be overridden on a per-service basis with the
<option>max-child</option> parameter.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-C rate</term>
<listitem>
<para>Specify the default maximum number of times a
service can be invoked from a single
<acronym>IP</acronym> address in one minute; the default
is unlimited. May be overridden on a per-service basis
with the
<option>max-connections-per-ip-per-minute</option>
parameter.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-R rate</term>
<listitem>
<para>Specify the maximum number of times a service can be
invoked in one minute; the default is 256. A rate of 0
allows an unlimited number of invocations.</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s maximum</term>
<listitem>
<para>Specify the maximum number of times a service can be
invoked from a single <acronym>IP</acronym> address at
any one time; the default is unlimited. May be
overridden on a per-service basis with the
<option>max-child-per-ip</option> parameter.</para>
</listitem>
</varlistentry>
</variablelist>
</sect2>
<sect2 xml:id="network-inetd-security">