Re: Offering external services, rlogins, smtp etc: how does it work?

Wed, 05 Jul 2000 19:34:23 -0500 

On Thu, Jul 06, 2000 at 09:56:11AM +0930, Mark Phillips wrote:
> Hi, 
> 
> I am a little confused about how the external services thing works.
> 
> Suppose for example you want to allow exteral rlogins to your
> computer.  I presume you modify the inetd.conf file to include the line:
> 
> login stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.rlogind
> 
> Now when is this file read?  Is it only when you do something like
> "/etc/init.d/inetd restart", or is it whenever an external machine
> asks to connect to one of your ports?

It's read every time inetd starts, or you send inetd a "HUP" signal
like "kill -hup `cat /var/run/inetd.pid`" or "/etc/init.d/inetd
reload"

> Now am I right in thinking that there is not an rlogin daemon running
> all the time, listening for rlogin connections?  I think what happens
> is that inetd listens for connections, and then if it receives one for
> rlogin, it executes in.rlogind --- one for each incomming connection
> --- is that right?

Sort of.  First it executes /usr/sbin/tcpd which applies rules found
in /etc/hosts/allow and /etc/hosts.deny.
 
> Now the above is all correct, I'm still a little confused, because
> what about smtp?  Currently I have the following line in inetd.conf
> 
> #disabled#smtp stream tcp nowait mail /usr/sbin/exim exim -bs
> 
> So it is disabled, yet mail still works on my system!  Is this because
> it is handled through a different mechanism?  I notice that I have the
> following process:

It's disabled in inetd ... doesn't mean it's disabled for the system!
 
> mail 286 0.0 0.3 2324 204 ?  S Jun24 0:00 /usr/sbin/exim -bd -q30m
                                                            ^^
"Be a Daemon" - exim opens port 25 itself and forks off children as
connections arrive.  inetd is out of the picture altogether.
 
> Which I am guessing does the job instead of inetd?  If so, why do it
> this way instead of through inetd?

Daemons are fast - you skip the overhead of inetd!  On the other hand,
sometimes inetd gives you more security (it depends on the service).
 
> Any clarifications of my understanding of these things would be much
> appreciated.

Hope this helps.

-- 
Nathan Norman         "Eschew Obfuscation"          Network Engineer
GPG Key ID 1024D/51F98BB7            http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7

Attachment: pgpSU6imyA4Dc.pgp
Description: PGP signature

Reply via email to