Daemon(2)

$B%G!<%b%s$N;EAH$_(B(2)

apache $B$J$I$N%5!<%P$O(BOS$B5/F0;~$+$i(B$B%G!<%b%s$H$7$F%a%b%j$K>oCs$7$F(B $B%]!<%H$r4F;k$7$^$9!#(B $B$3$l$i$N%5!<%P$OMW5a$r=hM}$7$F$$$J$$$H$-$O!"C1$KMW5a$,Mh$k$+$I$&$+(B $BFCDj$N%]!<%H$r4F;k$7$F$$$k$@$1$G$9!#(B

$B0l$D0l$D$N%5!<%P<+BN$,;H$&%a%b%jNL$O>/$J$/$F$b!"$$$/$D$b$N%5!<%P$,(B $BF0:n$7$F$$$k$H7W;;5!$N%a%b%j$r05Gw$7$F$7$^$$$^$9!#(B $B$=$3$G!"%]!<%H4F;k@lLg$N%G!<%b%s$r(B1$B$D$@$1F0$+$7$F%]!<%H$r(B $B4F;k$5$;$F$*$$$F!"%/%i%$%"%s%H$+$i$NMW5a$,%]!<%H$KFO$$$?;~E@$G(B $B$=$NMW5a$r=hM}$9$k%5!<%P$r5/F0$9$k!"$H$$$&J}K!$,9M$($i$l$^$9!#(B $B%]!<%H$XMW5a$,$?$^$K$7$+Mh$J$$%5!<%P$d!"N)$A>e$,$j$K$"$^$j(B $B;~4V$,3]$+$i$J$$%5!<%P$O!"$3$N$h$&$J5/F0J}K!$,E,$7$F$$$^$9!#(B

$B$3$N$h$&$J%]!<%H4F;k@lLg$N%G!<%b%s$O!"(B $B!V%5!<%P$r5/F0$9$k$?$a$N%5!<%P!W$H$$$&$3$H$G(B $B!V%9!<%Q!<%5!<%P!W$d!V%9!<%Q!<%5!<%P%G!<%b%s!W$H(B $B8F$P$l$k$3$H$,$"$j$^$9!#(B

$B%9!<%Q!<%5!<%P$H$7$F$h$/;H$o$l$F$$$k$N$,

inetd --- $B@N$O$h$/;H$o$l$F$$$^$7$?!#(B $B%"%/%;%9@)8f$,C1BN$G$O$G$-$J$$$N$G(B tcpd $B$J$I$HAH$_9g$o$;$F;H$&(B $BI,MW$,$"$j$^$9!#(B

xinetd --- $B:G6a!"$h$/;H$o$l$F$$$F!"(BFedora Core (RedHat) Linux $B$G$b$3$A$i$,I8=`$K$J$C$F$$$^$9!#(B $B%]!<%HHV9fKh$K$$$m$$$m$J%"%/%;%9@)8f$,$G$-$^$9!#(B $B$?$@$7!"(BRedHat7.0.1$B$KIUB0$7$F$$$?%P!<%8%g%s$K$O(B $B%;%-%e%j%F%#%[!<%k$,8+IU$+$C$?$j$7$F$$$^$9$N$G!"(B $B$$$D$b:G?7HG$r;H$&$h$&$KCm0U$,I,MW$G$9(B ($B%M%C%H%o!<%/4X78$N%=%U%H$K$OA4$FEv$F$O$^$k;v$G$9$,(B)$B!#(B

inetd

$B%]!<%H4F;kMQ%G!<%b%s$H$7$F$h$/MxMQ$5$l$F$$$?$N$,(B inetd $B$G$9!#(B inetd$B$N@_Dj$O(B /etc/inetd.conf $B$G9T$J$$$^$9!#(B

/usr/sbin/inetd --- $B/etc/inetd.conf --- $B@_Dj%U%!%$%k(B

/etc/inetd.conf (Solaris2.6$B$N>l9g(B)
ftp     stream  tcp     nowait  root    /etc/ftpd/in.ftpd       in.ftpd
telnet  stream  tcp     nowait  root    /usr/sbin/in.telnetd    in.telnetd
    ...
shell	stream	tcp	nowait	root	/usr/sbin/in.rshd	in.rshd
login	stream	tcp	nowait	root	/usr/sbin/in.rlogind	in.rlogind

/etc/inetd.conf (RedHat 6.2J$B$N>l9g(B)
ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a
telnet  stream  tcp     nowait  root    /usr/sbin/tcpd  in.telnetd
    ...
shell   stream  tcp     nowait  root    /usr/sbin/tcpd  in.rshd
login   stream  tcp     nowait  root    /usr/sbin/tcpd  in.rlogind

/etc/services --- $B!V%]!<%HHV9f!W$H!V%5!<%S%9L>!W$NBP1~I=(B

/etc/services
# Network services, Internet style
# service-name  port/protocol  [aliases ...]   [# comment]
ssh		22/tcp				# SSH Remote Login Protocol
ssh		22/udp				# SSH Remote Login Protocol
telnet		23/tcp
smtp		25/tcp		mail
...
pop3		110/tcp		pop-3		# POP version 3
pop3		110/udp		pop-3
...

/etc/inetd.conf $B$rJQ99$7$?>l9g$O!"(Binetd $B$K(B HUP $B%7%0%J%k$rAw$C$F$*$/(B $BI,MW$,$"$j$^$9!#(B

# kill -HUP `cat /var/run/inetd.pid`

[$BCm0U(B]tcpd

inetd $B$K$h$C$F5/F0$5$l$k%G!<%b%s$O!"(BRedHat6.2J $B$N>l9g(B tcpd$B$K$h$C$F%U%#%k%?$,3]$1$i$l$F$$$^$9!#(B

tcpd $B$O!"

/etc/hosts.allow $B$,B8:_$9$k>l9g(B --- /etc/hosts.allow $B$K=q$+$l$F$$$k%[%9%H$d(BIP$B%"%I%l%9$N(B $B%/%i%$%"%s%H$+$i$N@\B3$r5v$9(B

/etc/hosts.deny $B$,B8:_$9$k>l9g(B --- $B$3$3$K=q$+$l$?%[%9%H$d(BIP$B%"%I%l%9(B($B$NHO0O(B)$B$N(B $B%/%i%$%"%s%H$+$i$N@\B3$r5v$5$J$$(B

xinetd

$B:G6a$N(BRedHat $B$d(B Fedora Core Linux $B$G$O(B inetd $B$NBe$j$K(B xinetd $B$,(B $B;H$o$l$k$h$&$K$J$j$^$7$?!#(B

/etc/xinetd.conf --- $B@_Dj%U%!%$%k(B

/etc/xinetd.d/$B%5!<%S%9L>(B --- $B8D!9$N%G!<%b%s$N@_Dj%U%!%$%k(B

    service  $B%5!<%S%9L>(B
    {
        $BB0@-(B = $BCM(B
        ...
    }

$B>\$7$/$O(Bman$B%3%^%s%I$r;H$C$F(B xinetd $B$N%^%K%e%"%k$rFI$s$G2<$5$$!#(B

   # man xinetd
   # man xinetd.conf

man xinetd.conf$B$NH4?h(B
XINETD.CONF(5)                                     XINETD.CONF(5)

NAME
       xinetd.conf - Extended Internet Services Daemon configura-
       tion file

DESCRIPTION
       xinetd.conf is the configuration file that determines  the
       services  provided  by  xinetd.  Any line whose first non-
       whitespace character is a  '#'  is  considered  a  comment
       line. Empty lines are ignored.

       The file contains entries of the form:

              service <service_name>
              {
                     <attribute> <assign_op> <value> <value> ...
                     ...
              }

       The  assignment  operator,  assign_op,  can be one of '=',
       '+=', '='.  The majority of attributes  support  only  the
       simple  assignment  operator, '='.  Attributes whose value
       is a set of values support all assignment operators.   For
       such  attributes, '+=' means adding a value to the set and
       '=' means removing a value from the set.  A list of  these
       attributes  will  be  given  after  all the attributes are
       described.

       Each entry  defines  a  service  identified  by  the  ser-
       vice_name.    The   following   is  a  list  of  available
       attributes:

       socket_type      Possible   values   for   this  attribute
                        include:

                        stream      streambased service

                        dgram       datagrambased service

                        raw         service that requires  direct
                                    access to IP

                        seqpacket   service  that  requires reli-
                                    able   sequential    datagram
                                    transmission

       wait             This  attribute determines if the service
                        is singlethreaded  or  multithreaded.  If
                        its  value  is yes the service is single-
                        threaded; this  means  that  xinetd  will
                        start  the  server  and then it will stop
                        handling requests for the  service  until
                        the  server dies.  If the attribute value
                        is no, the service is  multithreaded  and
                        xinetd  will  keep  handling  new service
                        requests.

       user             determines the uid for  the  server  pro-
                        cess.   The   user  name  must  exist  in
                        /etc/passwd.  This attribute is  ineffec-
                        tive  if  the effective user ID of xinetd
                        is not superuser.

       server           determines  the  program  to  execute for
                        this service.

       server_args      determines the arguments  passed  to  the
                        server.  In contrast to inetd, the server
                        name   should   not   be   included    in
                        server_args.

       only_from        determines  the remote hosts to which the
                        particular  service  is  available.   Its
                        value is a list of IP addresses which can
                        be specified in any  combination  of  the
                        following ways:

                        a)   a  numeric  address  in  the form of
                             %d.%d.%d.%d. If the rightmost compo-
                             nents  are  0,  they  are treated as
                             wildcards (for example, 128.138.12.0
                             matches  all hosts on the 128.138.12
                             subnet).  0.0.0.0 matches all Inter-
                             net addresses.

                        b)   a  factorized address in the form of
                             %d.%d.%d.{%d,%d,...}.  There  is  no
                             need  for  all  4  components  (i.e.
                             %d.%d.{%d,%d,...%d}  is  also   ok).
                             However, the factorized part must be
                             at the end of the address.

                        c)   a network name (from /etc/networks)

                        d)   a host name.  When a  connection  is
                             made  to xinetd, a reverse lookup is
                             performed, and  the  canonical  name
                             returned  is  compared to the speci-
                             fied host name.  You  may  also  use
                             domain   names   in   the   form  of
                             .domain.com.  If the reverse  lookup
                             of   the   client's   IP  is  within
                             .domain.com, a match occurs.

                        e)   an ip address/netmask range  in  the
                             form of 1.2.3.4/32.

                        Specifying this attribute without a value
                        makes the service available to nobody.

(略)
       port             determines  the  service  port.  If  this
                        attribute  is  specified  for  a  service
                        listed in /etc/services, it must be equal
                        to the port number listed in that file.

(略)

EXAMPLE
              #
              # Sample configuration file for xinetd
              #

              defaults
              {
                     log_type            = FILE /var/log/servicelog
                     log_on_success      = PID
                     log_on_failure      = HOST RECORD
                     only_from           = 128.138.193.0 128.138.204.0 128.138.209.0
                     only_from           = 128.138.252.1
                     instances           = 10
                     disabled            = rstatd
              }

              #
              # Note 1: the protocol attribute is not required
              # Note 2: the instances attribute overrides the default
              #
              service login
              {
                     socket_type         = stream
                     protocol            = tcp
                     wait                = no
                     user                = root
                     server              = /usr/etc/in.rlogind
                     instances           = UNLIMITED
              }

              #
              # Note 1: the instances attribute overrides the default
              # Note 2: the log_on_success flags are augmented
              #
              service shell
              {
                     socket_type         = stream
                     wait                = no
                     user                = root
                     instances           = UNLIMITED
                     server              = /usr/etc/in.rshd
                     log_on_success      += HOST RECORD
              }

              service ftp
              {
                     socket_type         = stream
                     wait                = no
                     nice                = 10
                     user                = root
                     server              = /usr/etc/in.ftpd
                     server_args         = l
                     instances           = 4
                     log_on_success      += DURATION HOST USERID
                     access_times        = 2:009:00 12:0024:00
              }

              # Limit telnet sessions to 8 Mbytes of memory and a total
              # 20 CPU seconds for child processes.
              service telnet
              {
                     socket_type         = stream
                     wait                = no
                     nice                = 10
                     user                = root
                     server              = /usr/etc/in.telnetd
                     rlimit_as           = 8M
                     rlimit_cpu          = 20
              }

（略）

Daemon(2)

$B%G!<%b%s$N;EAH$_(B(2)

inetd

[$BCm0U(B]tcpd

xinetd

$B%G!<%b%s$N;EAH$_(B(2)

[$BCm0U(B]tcpd