/var/adm/inetd.sec

David Peacock · ‎11-13-2002

I am using /var/adm/inetd.sec to restrict ftp access to our server.

I have one line with
ftp allow X.X.X.X X.X.X.* etc...

Today I added an entry to this file.

Do I have to stop/start inetd daemon for the changes to take effect?

If I stop/start inetd will logged-in users loose their connection?

veni, vidi, vmstat

Christopher McCray_1 · ‎11-13-2002

Hello,

You should only need to run:

# inetd -c

But, if you want to stop/start inetd, the users will not get kicked off.

Hope this helps

Chris

It wasn't me!!!!

Jeff Schussele · ‎11-13-2002

Nope - just need
inetd -c
that will cause the inetd to reread the conf & sec files.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Deshpande Prashant · ‎11-13-2002

Hi
Running "#inetd -c "will not affect any existing connecitons & will load the new config.

Thanks.
Prashant.

Take it as it comes.

Darrell Allen · ‎11-13-2002

Hi,

Sorry to disagree. I verified this on an 11.0 system.

You do not have to stop/start inetd when you change inetd.sec. Neither do you have to re-read the configuration (inetd -c).

If you do stop/start inetd, existing connections will not be dropped. New connections will be denied while inetd is stopped.

Darrell

"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)

Jeff Schussele · ‎11-13-2002

Yep, Darrell's correct.
inetd reads /var/adm/inetd.sec at each connection & uses it to determine whether to accept it or not.

/Quote inetd.sec man pg:

When inetd accepts a connection from a remote system, it checks the address of the host requesting the service against the list of hosts to be allowed or denied access to the specific service (see inetd(1M) ). The file inetd.sec allows the system administrator to control which hosts (or networks in general) are allowed to use the system remotely. This file constitutes an extra layer of security in addition to the normal checks done by the services. It precedes the security of the servers; that is, a server is not started by the Internet daemon unless the host requesting the service is a valid host according to inetd.sec.

/End Quote

So - bottom line - only /etc/inetd.conf changes require inetd -c. inetd.sec changes are real-time.
Good catch Darrell.

Rgds,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

/var/adm/inetd.sec

/var/adm/inetd.sec

Re: /var/adm/inetd.sec

Re: /var/adm/inetd.sec

Re: /var/adm/inetd.sec

Re: /var/adm/inetd.sec

Re: /var/adm/inetd.sec