topic Re: problems with inetd.sec in Operating System - HP-UX

problems with inetd.sec

Greta Blamire — Thu, 28 Sep 2000 15:55:09 GMT

I need to cut off access to the production server from two other servers on my network. I put the entries in inetd.sec to deny ftp and login for each server, but only the last entry is being used. It's only cutting off service for last line. This is what the man page says it will do:
from inetd.sec man page:

Multiple
allow|deny lines for each service are not unsupported. If there are
multiple allow|deny lines for a particular service, all but the last
line are ignored.

I'm a bit confused about what "not unsupported" means, but logically that means that multiple lines are supported. Should I attempt this another way or is there still a way to use the inetd.sec file? The environment is a K260 using 11.0

Re: problems with inetd.sec

James R. Ferguson — Thu, 28 Sep 2000 16:05:47 GMT

Greta:

"...not unsupported..." -- clearly a typographical error. As the man (4) inetd.sec entry says, "To continue a line, terminate it with \."

Does this help resolve your problem?

...JRF...

Re: problems with inetd.sec

Alan Riggs — Thu, 28 Sep 2000 16:18:33 GMT

You must put all allow/deny entries on one line. Use the line ocntinuation charachter \ for increased readability.

Re: problems with inetd.sec

Manju Kampli — Fri, 29 Sep 2000 01:55:52 GMT

put all the entries in to one line of allow|deny

Re: problems with inetd.sec

Shannon Petry — Fri, 29 Sep 2000 13:26:11 GMT

What it means (I think) from "not unsupported" is that inetd will not fail to run if you have more than one entry. However here is what happens. {example inetd.sec
mountd allow 127.0.0.1 host1
mountd deny host2 host3 host4 }
The first line for mountd is IGNORED. All hosts are allowed access except host2, host3 and host4. What one may have tried to accomplish was allowing only host1 and the localhost access. To accomplish this, the logic must be changed.
As someone mentionied, the "\" is used as a continuation, so if you had 90 hosts to enter each line can be continued.

Hope it helps explain!
Shannondsa

Re: problems with inetd.sec

Shannon Petry — Fri, 29 Sep 2000 13:26:18 GMT

Re: problems with inetd.sec

Tim Nelson — Fri, 29 Sep 2000 20:54:21 GMT

I'm sure if this is correct, but attempting to use implement it won't hurt your server.

Simply don't put either of the two servers in the inetd.sec file. Just make sure the inetd.sec file is in /var/adm I believe the default is not to allow as long /var/adm/inetd.sec exists. This may not help your particular situation, but I wanted to put it out on the table anyway. Good luck to you.

Re: problems with inetd.sec

Hector Mota — Wed, 29 Nov 2006 15:21:26 GMT

Good afternoon, I have the same problem with the inetd.sec:
I add the it lines mountd deny, I export a directory and I can
to have access from any machine That can be happening?

Re: problems with inetd.sec

Patrick Wallek — Wed, 29 Nov 2006 15:25:02 GMT

inetd.sec is only used for services spawned by the 'inetd' daemon.

mountd does not get spawned by inetd, hence inetd.sec will have no effect on it.