2 .\" Copyright 2015 Nexenta Systems, Inc. All rights reserved.
3 .\" Copyright 1989 AT&T
4 .\" Copyright (C) 2006, Sun Microsystems, Inc. All Rights Reserved
5 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
6 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
7 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
8 .TH RPCBIND 1M "Feb 13, 2015"
10 rpcbind \- universal addresses to RPC program number mapper
14 \fBrpcbind\fR [\fB-d\fR] [\fB-w\fR] [\fB-l\fR \fIlisten_backlog\fR]
19 \fBrpcbind\fR is a server that converts \fBRPC\fR program numbers into
20 universal addresses. It must be running on the host to be able to make
21 \fBRPC\fR calls on a server on that machine.
24 When an \fBRPC\fR service is started, it tells \fBrpcbind\fR the address at
25 which it is listening, and the \fBRPC\fR program numbers it is prepared to
26 serve. When a client wishes to make an \fBRPC\fR call to a given program
27 number, it first contacts \fBrpcbind\fR on the server machine to determine the
28 address where \fBRPC\fR requests should be sent.
31 \fBrpcbind\fR should be started before any other \fBRPC\fR service. Normally,
32 standard \fBRPC\fR servers are started by port monitors, so \fBrpcbind\fR must
33 be started before port monitors are invoked.
36 When \fBrpcbind\fR is started, it checks that certain name-to-address
37 translation-calls function correctly. If they fail, the network configuration
38 databases can be corrupt. Since \fBRPC\fR services cannot function correctly in
39 this situation, \fBrpcbind\fR reports the condition and terminates.
42 \fBrpcbind\fR maintains an open transport end for each transport that it uses
43 for indirect calls. This is the \fBUDP\fR port on most systems.
46 The \fBrpcbind\fR service is managed by the service management facility,
47 \fBsmf\fR(5), under the service identifier:
58 Administrative actions on this service, such as enabling, disabling, or
59 requesting restart, can be performed using \fBsvcadm\fR(1M). \fBrpcbind\fR can
60 only be started by the superuser or someone in the Primary Administrator role.
63 The configuration properties of this service can be modified with
67 The following SMF property is used to allow or disallow access to \fBrpcbind\fR
72 config/local_only = true
78 The default value, \fBtrue\fR, shown above, disallows remote access; a value of
79 \fBfalse\fR allows remove access. See EXAMPLES.
82 The FMRI \fBsvc:network/rpc/bind\fR property group \fBconfig\fR contains the
83 following property settings:
87 \fB\fBenable_tcpwrappers\fR\fR
90 Specifies that the TCP wrappers facility is used to control access to TCP
91 services. The value \fBtrue\fR enables checking. The default value for
92 \fBenable_tcpwrappers\fR is \fBfalse\fR. If the \fBenable_tcpwrappers\fR
93 parameter is enabled, then all calls to \fBrpcbind\fR originating from
94 non-local addresses are automatically wrapped by the TCP wrappers facility. The
95 \fBsyslog\fR facility code daemon is used to log allowed connections (using the
96 \fBinfo\fR severity level) and denied traffic (using the \fBwarning\fR severity
97 level). See \fBsyslog.conf\fR(4) for a description of \fBsyslog\fR codes and
98 severity levels. The stability level of the TCP wrappers facility and its
99 configuration files is External. As the TCP wrappers facility is not controlled
100 by Sun, intrarelease incompatibilities are not uncommon. See
107 \fB\fBverbose_logging\fR\fR
110 Specifies whether the TCP wrappers facility logs all calls or just the denied
111 calls. The default is \fBfalse\fR. This option has no effect if TCP wrappers
118 \fB\fBallow_indirect\fR\fR
121 Specifies whether \fBrpcbind\fR allows indirect calls at all. By default,
122 \fBrpcbind\fR allows most indirect calls, except to a number of standard
123 services (\fBkeyserv\fR, \fBautomount\fR, \fBmount\fR, \fBnfs\fR, \fBrquota\fR,
124 and selected NIS and \fBrpcbind\fR procedures). Setting \fBallow_indirect\fR to
125 \fBfalse\fR causes all indirect calls to be dropped. The default is \fBtrue\fR.
126 NIS broadcast clients rely on this functionality on NIS servers.
132 \fB\fBlisten_backlog\fR\fR
135 Set connection queue length for \fBrpcbind\fR over a connection-oriented
136 transport. The default value is 64 entries. Modification of this property will
137 take effect only after the \fBrpcbind\fR restart.
143 \fB\fBmax_threads\fR\fR
146 Maximum number of worker threads spawn by \fBrpcbind\fR. The default value
147 is 72. The indirect \fBRPC\fR calls facility might cause a worker thread to
148 block for some time waiting for a response from the indirectly called \fBRPC\fR
149 service. To maintain basic \fBrpcbind\fR functionality, up to eight worker
150 threads are always reserved, and will never be used for indirect \fBRPC\fR calls.
151 Setting \fBmax_threads\fR to less than 9 effectively disables the indirect
157 The following options are supported:
164 Run in debug mode. In this mode, \fBrpcbind\fR does not fork when it starts. It
165 prints additional information during operation, and aborts on certain errors.
166 With this option, the name-to-address translation consistency checks are shown
176 Do a warm start. If \fBrpcbind\fR aborts or terminates on \fBSIGINT\fR or
177 \fB\fR\fBSIGTERM\fR, it writes the current list of registered services to
178 \fB/var/run/daemon/portmap.file\fR and \fB/var/run/daemon/rpcbind.file\fR. Starting
179 \fBrpcbind\fR with the \fB-w\fR option instructs it to look for these files and
180 start operation with the registrations found in them. This allows \fBrpcbind\fR
181 to resume operation without requiring all \fBRPC\fR services to be restarted.
187 \fB\fB-l\fR\fR \fI\fIlisten_backlog\fR\fR
190 This can be used to override \fBconfig/listen_backlog\fR SMF property.
195 \fBExample 1 \fRAllowing Remote Access
198 The following sequence of commands allows remote access to \fBrpcbind\fR.
203 # \fBsvccfg -s svc:/network/rpc/bind setprop config/local_only = false\fR
204 # \fBsvcadm refresh svc:/network/rpc/bind\fR
212 \fB\fB/var/run/daemon/portmap.file\fR\fR
215 Stores the information for \fBRPC\fR services registered over IP based
216 transports for warm start purposes.
222 \fB\fB/var/run/daemon/rpcbind.file\fR\fR
225 Stores the information for all registered \fBRPC\fR services for warm start
231 See \fBattributes\fR(5) for descriptions of the following attributes:
239 ATTRIBUTE TYPE ATTRIBUTE VALUE
241 Interface Stability See below.
246 TCP wrappers is External.
249 \fBsmf\fR(5), \fBrpcinfo\fR(1M), \fBsvcadm\fR(1M), \fBsvccfg\fR(1M),
250 \fBrpcbind\fR(3NSL), \fBsyslog.conf\fR(4), \fBattributes\fR(5), \fBsmf\fR(5)
253 For information on the TCP wrappers facility, see the \fBhosts_access(4)\fR man
254 page available in the \fBSUNWtcpd\fR package.
257 Terminating \fBrpcbind\fR with \fBSIGKILL\fR prevents the warm-start files from
261 All \fBRPC\fR servers are restarted if the following occurs: \fBrpcbind\fR
262 crashes (or is killed with \fBSIGKILL)\fR and is unable to write the
263 warm-start files; \fBrpcbind\fR is started without the \fB-w\fR option after a
264 graceful termination. Otherwise, the warm start files are not found by