Product SiteDocumentation Site

9.6. inetd 超级服务器

Inetd(常被称为“网络超级服务”)是一个服务器服务。它按需求运行一些不常用的服务,而且不需要连续运行。
/etc/inetd.conf 文件列出服务器及其通用的端口号。inetd 命令侦测它们;若发现任何端口号已被链接,则运行对应的程序。

DEBIAN POLICY Register a server in /etc/inetd.conf

软件包经常需要在 /etc/inetd.conf 文件登录新的服务器,但 Debian 政策禁止任何软件包编辑不属于自身的配置档。所以有 update-inetd 脚本 (在同名软件包内):管理配置文件以及其他软件包,使其在超级服务器的配置中登录新的服务器。
/etc/inetd.conf 文件中的每列条目以 7 个字段 (以空格区分) 描述服务器:
The following example illustrates some use-cases after installing talkd, nullidentd (ident-server), and fingerd:

例 9.1. 摘自 /etc/inetd.conf

#:BSD: Shell, login, exec and talk are BSD protocols.
talk   dgram   udp     wait    nobody.tty   /usr/sbin/in.talkd      in.talkd
ntalk  dgram   udp     wait    nobody.tty   /usr/sbin/in.ntalkd     in.ntalkd

#:INFO: Info services
ident  stream  tcp     nowait  nobody       /usr/sbin/nullidentd    nullidentd
finger stream  tcp     nowait  nobody       /usr/sbin/tcpd          /usr/sbin/in.fingerd
The tcpd program is frequently used in the /etc/inetd.conf file. It allows limiting incoming connections by applying access control rules, documented in the hosts_access(5) manual page, and which are configured in the /etc/hosts.allow and /etc/hosts.deny files. Once it has been determined that the connection is authorized, tcpd executes the real server (like in.fingerd in our example). It is worth noting that tcpd relies on the name under which it was invoked (that is the first argument, argv[0]) to identify the real program to run. So you should not start the arguments list with tcpd but with the program that must be wrapped.

社区 Wietse Venema

Wietse Venema, whose expertise in security has made him a renowned programmer, is the author of the tcpd program. He is also the main creator of Postfix, the modular e-mail server (SMTP, Simple Mail Transfer Protocol), designed to be safer and more reliable than sendmail, which features a long history of security vulnerabilities. We will have a closer look at this mail server in 第 11.1 节 “邮件服务器”.

选择 其他 inetd 命令

While Debian installs openbsd-inetd by default, there is no lack of alternatives: we can mention inetutils-inetd, rlinetd, and xinetd, which all provide the virtual package inet-superserver.
Most of these alternatives share the same configuration file /etc/inetd.conf.
This last incarnation of a super-server however, offers different syntax and very interesting possibilities. Most notably, its configuration can be split into several files (stored, of course, in the /etc/xinetd.d/ directory), which can make an administrator's life easier. It is considered to be more powerful, but also more complex.
最后但同样重要的是,甚至可以仿真 inetd 的行为,以 systemd 的插座启用模式运作 (见 第 9.1.1 节 “Systemd 启动系统”)。