Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi there?
Iīd like to know what is xinetd. Let me explain why this all of a sudden.
I recently was configuring my vsFTPd following the installing via RPM link. And everything went fine except that I didnīt follow this section "If you are running xinetd, do the following:" because I tried by myself to make it work as a service. The thing is that when I shut down the linuxbox, a lot of services failed to stop and the vsftpd failed to unload even manually (./vsftpd stop). So I went for the xinetd configuration, made everything the tutorial said and everything worked fine. Anyway it doesnīt work as a service. It is permanently working on my machine without being a service. Now, when I shut down the machine, every service unloads correctly so I prefer it like this.
But I donīt understand a single line, I donīt know what the lines do within my linux and I donīt understand what xinetd is... Here are the lines I stated on the vsftpd files inside xinetd.d folder:
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/vsftpd
nice = 10
}
Iīd like to know what each line does and what is xinetd!!!
Thanks.
Palula,
xinetd is a tcp wrapper super service. It can be use to control access to network services. The link below will provide details on TCP Wrapper and xinetd. If you want to dive right into what xinetd is you can go to the second link.
Xinetd is like inetd, but more configurable (or at least I feel it is). I replaced inet on our Solaris boxes with xinetd, and it works splendedly for us. We currently run telnet and ftp on one box, as well as ssh through it.
One fun thing that we did was to leave FTP open on a few of our servers, but as a sensor only. That way, if anything hits FTP on that machine, it locks that IP out of all of the services that are open on that machine through xinetd. And as we get security scans occasionally, it blocks a LOT of TCP Wrapper denials for us since any request against a service through xinetd gets dropped as soon as xinetd sees it.
ANYway, what the lines do ...
disable ... tells xinet to run this service or not. Yes means do NOT run it, no means to run it. (Another way to stop a service from running is to append a ~ to the file name in the /etc/xinetd.d directory I.e. ftp~)
socket_type ... don't really know as I never really got into networking and the like. I think the man page explains it though.
wait ... determines if the service runs single or multi-thread. Yes means that the service will start on a request, but will not start another request until the first is done. No means that you can have more than one going.
user ... who to start the service as.
server ... what service to start.
nice ... what priority the service has on the system. man nice for more info.
Oh, and be sure to man xinetd and xinetd.conf for more information. Some other links to check ...
There are a lot of sites out there that explains what xinetd is and what those lines mean. Another thing to try is google.
xinetd
The xinetd daemon is a TCP wrapped super service which controls access to a subset of popular network services including FTP, IMAP, and Telnet. It also provides service-specific configuration options for access control, enhanced logging, binding, redirection, and resource utilization control.
When a client host attempts to connect to a network service controlled by xinetd, the super service receives the request and checks for any TCP wrappers access control rules. If access is allowed, xinetd verifies that the connection is allowed under its own access rules for that service and that the service is not consuming more than its alloted amount of resources or in breach of any defined rules. It then starts an instance of the requested service and passes control of the connection to it. Once the connection is established, xinetd does not interfere further with communication between the client host and the server.
Service is telling you what it is.
disable
"yes" or "no". This will result in the service being disabled and not starting..
socket_type
Possible values include:
stream
stream-based service
dgram
datagram-based service
raw
service that requires direct access to IP
seqpacket
service that requires reliable sequential datagram transmission
wait
This attribute determines if the service is single-threaded or multi-threaded and whether or not xinetd accepts the connection or the server program accepts the connection. If its value is yes, the service is single-threaded; this means that xinetd will start the server and then it will stop handling requests for the service until the server dies and that the server software will accept the connection. If the attribute value is no, the service is multi-threaded and xinetd will keep handling new service requests and xinetd will accept the connection. It should be noted that udp/dgram services normally expect the value to be yes since udp is not connection oriented, while tcp/stream servers normally expect the value to be no.
user
determines the uid for the server process. The user attribute can either be numeric or a name. If a name is given (recommended), the user name must exist in /etc/passwd. This attribute is ineffective if the effective user ID of xinetd is not super-user.
server
determines the program to execute for this service.
nice
determines the server priority. Its value is a (possibly negative) number.
Nice! I read somethings about xinetd and intend to read a lot more since it can provide security to my online services... But I have a small question, almost useless...
Okay so I start some of my services through /etc/rc.d/init.d/service (I think itīs this).
For example: I enter that folder, and type ./service start/stop/restart
My question is: Are there automated forms like this to start/stop/restart a service within xinetd?
When some process wants to connect to a service on your computer, they will ask to open a well-known port number. For example, http requests (for web pages) will always be made to port #80. FTP, SSH, Telnet, and so-on all have their own ports (see /etc/services).
It would be possible, but wasteful, to have a whole bunch of server processes sitting around idle, each waiting for a connection on "their" port. What Xinetd does instead is to wait for a connection on all of those port-numbers at once. When a valid connection request comes in, Xinetd will start the appropriate service, then pass the connection request to it. The advantage is that Linux only has to deal with one process, Xinetd, to wait for potential connections on many ports.
In addition to the above explanations, the usual rule of thumb is that if the listening service will be accessed rarely, the use xinetd to control it.
On the other hand, if it's going to be busy eg you have a popular website, then make the service (Apache: ports 80, 443) a standalone daemon ie not via xinetd.
It is better to use iptables instead of xinetd. xinetd has problems with certain services such as ssh and apache. It is better to just run them at certain schedules using cron. If you setup the services and iptables correctly, then you do not have to use xinetd. Use xinetd as little as possible because it also uses a port that can be compromise.
hi ,
I'm trying to access CVS on server from remote system i get the following error message ,
******************************************
Logging in to server:admin@localhost:2401/home/cvs/repository
CVS password:
cvs [login aborted]: connect to localhost(127.0.0.1):2401 failed: Connection refused
********************************************
when i did the root cause analysis i found that the service xinetd is not working properly
[root@WiproODC admin]# /sbin/service xinetd status
xinetd is stopped
[root@WiproODC admin]# /sbin/service xinetd stop
Stopping xinetd: [FAILED]
[root@WiproODC admin]# /sbin/service xinetd start
Starting xinetd: [ OK ]
so i could not figure out what is wrong with the service
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
server:admin@localhost:2401/home/cvs/repository
