| blob | 0d285652f7f27dc8adc58a377b1ab31128f43a02 |
1 .TH TCPD 8
2 .SH NAME
3 tcpd, tcpdp \- waits for a TCP connection request and starts a server
4 .SH SYNOPSIS
5 .B tcpd
6 .RB [ \-d ]
7 .RB [ \-m
8 .RI maxclients ]
9 .RI service
10 .RI program
11 .RB [ arg ... ]
12 .SH DESCRIPTION
13 .de SP
14 .if t .sp 0.4
15 .if n .sp
16 ..
17 .B Tcpd
18 is a daemon, that is, a user-space program that is normally started when the
19 operating system is started and that normally does not terminate until the
20 system is shut down.
21 Conceptually, you can think of
22 .B tcpd
23 as doing nothing but listening to a port for a connection attempt. Several
24 copies of
25 .B tcpd
26 will typically be started, one for each service that is to be provided.
27 When a connection is detected the tcpd for that port
28 .IR fork s
29 and then the child process
30 .IR exec s
31 an instance of the server for that port.
32 .P
33 The above description is simplified.
34 Normally two versions of the tcpd.c source code are compiled.
35 .B Tcpd
36 is the one that waits for a connection. When a connection occurs
37 .B tcpd
38 .IR fork s.
39 If
40 .B tcpd
41 was started with options or if the child detects that the access
42 control file
43 .IR /etc/serv.access
44 exists, the child will
45 .IR exec
46 its paranoid twin,
47 .B tcpdp,
48 which checks that the connection attempt is from an allowed node or network,
49 or that it is not from a disallowed node or network.
50 .B Tcpdp
51 also tries to look up the name corresponding to an IP address, and denies
52 the connection if a name cannot be found. Finally,
53 .B tcpdp
54 determines whether the connection is supposed to be logged.
55 If all is well, the child
56 .B tcpd
57 or
58 .B tcpdp
59 then
60 .IR exec s
61 the server for the service with any arguments specified on the command line
62 for that server.
63 .SH OPTIONS
64 .TP
65 .B \-d
66 turn on debugging.
67 .TP
68 .B \-m
69 allow no more than the specified
70 .IR maxclients
71 to start.
72 .SH EXAMPLES
73 .de EX
74 .TP 20
75 \\fB\\$1\\fR
76 # \\$2
77 ..
78 .TP 15n
79 .EX "tcpd telnet in.telnetd &" "wait for a telnet connection on the normal port"
80 .EX "tcpd 8000 in.httpd /etc/httpd8000.conf &" "wait for web page request on port 8000 and use a custom config file for the in.httpd program."
81 .P
82 Note that command lines must be terminated with "&" to return control to the
83 calling process, leaving the daemon executing as a background process.
84 .P
85 The above examples show how tcpd might be invoked from /etc/rc or
86 another script that runs during system initialization. You will also
87 see this in the supplied startup scripts:
88 .EX "daemonize tcpd shell in.rshd" "daemonize is a shell function that tests whether a daemon is present and starts it if so, using the & to start it in the background."
89 .P
90 Another case that should be mentioned is that when a system administrator
91 wants to start (or restart) a daemon from a command line,
92 .BR intr (8)
93 should be used, like this:
94 .EX "intr -d tcpd telnet in.telnetd &" "remove the daemon from a process group and connect its input to /dev/null and its output to /dev/log."
95 .SH FILES
96 .TP 25n
97 .B /etc/serv.access
98 The access control file.
99 .SH "SEE ALSO"
100 .BR execve (2),
101 .BR fork (2),
102 .BR intr (8),
103 .BR serv.access (5).
104 .SH NOTES
105 That daemons cannot daemonize themselves is a way in which Minix differs from
106 most other Unix-like systems.
107 .P
108 Allowing access to your system from the net is dangerous. Be sure you
109 know what you are doing. Be sure the owner of your net knows what you are
110 doing. Don't enable services you don't need. Enable logging and look at your
111 logs.
112 .SH BUGS
113 None known, let us know...
114 .SH AUTHOR
115 Kees J. Bot <kjb@cs.vu.nl>
116 .P
117 Man page by Al Woodhull <asw@woodhull.com>
118 .\" rev 2006-06-02