# Inetd

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/Inetd
> Markdown URL: https://mediated.wiki/source/Inetd.md
> Source: https://en.wikipedia.org/wiki/Inetd
> Source revision: 1353549345
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Unix daemon}}
{{Refimprove|date = June 2012}}
{{Lowercase title}}
'''inetd''' ('''i'''nter'''net''' service '''d'''aemon) is a [super-server](/source/super-server) [daemon](/source/Daemon_(computing)) on many [Unix](/source/Unix) systems that provides [Internet](/source/Internet) services. For each configured service, it listens for requests from connecting clients.  Requests are served by spawning a process which runs the appropriate executable, but simple services such as ''echo'' are served by inetd itself.  First appearing in [4.3BSD](/source/BSD),<ref>{{man|8|inetd|FreeBSD}}</ref> it is generally located at <code>/usr/sbin/inetd</code>. inetd is based on the (service) activator pattern<ref>{{Citation |title=Lecture 21: Android Services and Local IPC (part 17) | date=4 November 2013 |url=https://www.youtube.com/watch?v=QeR3Gfo8mhg&t=1135 |access-date=2023-10-23 |language=en}}</ref>

==Function==
Often called a [super-server](/source/super-server), inetd listens on designated [ports](/source/Port_(computer_networking)) used by Internet services such as [FTP](/source/File_Transfer_Protocol), [POP3](/source/POP3), and [telnet](/source/telnet).  When a [TCP](/source/Transmission_Control_Protocol) packet  or [UDP](/source/User_Datagram_Protocol) packet arrives with a particular destination port number, inetd launches the appropriate server program to handle the connection.  For services that are not expected to run with high loads, this method uses memory more efficiently, since the specific servers run only when needed. Furthermore, in inetd's "nowait" mode of service management, no network code is required in the service-specific programs, as inetd hooks the network stream directly to [stdin](/source/stdin) and [stdout](/source/stdout) of the spawned process.  For protocols that have frequent traffic, such as [HTTP](/source/HTTP) and POP3, either inetd's "wait" mode of operation, or a dedicated server that intercepts the traffic directly may be preferable.

==Setup==

The list of services that will be serviced is given in a configuration file, usually <code>/etc/inetd.conf</code>. A [GUI](/source/Graphical_user_interface) for managing the configuration file is an optional accessory.  The daemon may need a signal in order to re-read its configuration.  For an example, [telnet](/source/telnet) can be configured as follows (line taken from a machine running [AIX](/source/IBM_AIX) version 5.1):

 telnet  stream  tcp6    nowait  root    /usr/sbin/telnetd      telnetd -a

The first word, <code>telnet</code>, is the official name of the service.  It is resolved using the system database to map port numbers and protocols to service names.  In this case, <code>/etc/services</code> should contain:

 telnet          23/tcp

The second and third words describe the type of socket and underlying protocol respectively.  The <code>/etc/protocols</code> database is consulted.

The fourth word is the wait/nowait switch.  A single-threaded server expects inetd to wait until it finishes reading all the data.  Otherwise inetd lets the server run and spawns new, concurrent processes for new requests.

The fifth word is the user name, from the <code>/etc/passwd</code> database, that the service program should run as.

Finally, the path and the arguments of an external program are given.  As usual, the first argument is the program name.  In the example, inetd is told to launch the program <code>/usr/sbin/telnetd</code> with the command line arguments <code>telnetd -a</code>.  inetd automatically hooks the socket to stdin, stdout, and stderr of the server program.

Generally TCP sockets are handled by spawning a separate server to handle each connection concurrently.  UDP sockets are generally handled by a single server instance that handles all packets on that port.

Some simple services, such as [echo](/source/Echo_Protocol), are handled directly by inetd, without spawning an external server.

==Creating an inetd service==
This is a simple inetd service, written in [C](/source/C_(programming_language)).  It expects a command line argument containing a filename for a log file, and then it logs all strings sent through the socket to the log file. Note that this is a very insecure example program.

<syntaxhighlight lang="c">
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv)
{
  const char *fn = argv[1];
  FILE *fp = fopen(fn, "a+");
  if (fp == NULL) 
    exit(EXIT_FAILURE);

  char str[4096];
  /* inetd passes its information to us in stdin. */
  while (fgets(str, sizeof str, stdin)) {
    fputs(str, fp);
    fflush(fp);
  }
  fclose(fp);
  return 0;
}
</syntaxhighlight>
The example uses [stdio](/source/stdio) functions and it responds to network traffic coming in on stdin. In this case, we want all messages logged to a single file, so we only want one instance of the service running to service all requests.  This means UDP is the correct protocol to use.  First, an unused port number must be selected.  In this sample, 9999 will be used.  The <code>/etc/services</code> entry will look like this:

 errorLogger 9999/udp

And the entry in <code>/etc/inetd.conf</code> will look like this:

 errorLogger dgram udp wait root /usr/local/bin/errlogd errlogd /tmp/logfile.txt

This tells inetd to run the <code>/usr/local/bin/errlogd</code> program, with the commandline: <code>errlogd /tmp/logfile.txt</code> (refer to the inetd.conf [man page](/source/man_page) for information on the other arguments). The first argument contains the filename to be used for the log file: <code>/tmp/logfile.txt</code>.  inetd will run the service when needed, and attach port 9999 to the input and output streams, and all strings sent to that port will be logged to the file.  By specifying '''wait''', it tells inetd to only use one instance of the server to handle all requests.

Note: the functionality of the above example is usually implemented by using [syslog](/source/syslog) and a process like syslogd.  syslogd would normally be started in parallel with inetd, not as an inetd service.

==inetd replacements==
In recent years, because of the security limitations in the original design of inetd, it has been replaced by [xinetd](/source/xinetd), rlinetd, [ucspi-tcp](/source/ucspi-tcp), and others in many systems. Distributions of [Linux](/source/Linux) especially have many options and [Mac OS X](/source/Mac_OS_X) (beginning with [Mac OS X v10.2](/source/Mac_OS_X_v10.2)) uses [xinetd](/source/xinetd).  As of version [Mac OS X v10.4](/source/Mac_OS_X_v10.4), Apple has merged the functionality of inetd into [launchd](/source/launchd).

The services provided by inetd can be omitted entirely.  This is becoming more common where machines are dedicated to a single function.  For example, an HTTP server could be configured to just run [httpd](/source/httpd) and have no other ports open.  A dedicated firewall could have no services started.

[systemd](/source/systemd) supports inetd services, and expands socket activation beyond IP messaging ([AF INET](/source/AF_INET)+6) to include [AF UNIX](/source/AF_UNIX), [AF NETLINK](/source/AF_NETLINK) and more.<ref>{{Cite web|url=http://0pointer.de/blog/projects/socket-activation.html|title = Systemd for Developers I}}</ref><ref>{{Cite web|url=http://0pointer.de/blog/projects/systemd.html|title=Rethinking PID 1}}</ref>

== Security ==
While the inetd concept as a service dispatcher is not inherently insecure, the long list of services that inetd traditionally provided gave  computer security experts pause.  The possibility of a service having an exploitable flaw, or the service just being abused, had to be considered.  Unnecessary services being disabled and "off by default" became the mantra.  It is not uncommon to find an <code>/etc/inetd.conf</code> with almost all the services [commented out](/source/comment_out) in a modern Unix distribution.

== See also ==
* [TCP Wrapper](/source/TCP_Wrapper)
* [xinetd](/source/xinetd)
* [List of TCP and UDP port numbers](/source/List_of_TCP_and_UDP_port_numbers)
* [Svchost.exe](/source/Svchost.exe)

== References ==

{{reflist}}

== External links ==

* {{man|8|inetd|FreeBSD|internet 'super-server'}}

{{unix commands}}

Category:Articles with example C code
Category:Unix network-related software

---
Adapted from the Wikipedia article [Inetd](https://en.wikipedia.org/wiki/Inetd) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/Inetd?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
