Mercurial > illumos > illumos-gate

view usr/src/man/man1m/rpcbind.1m @ 13659:57451298f940

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
1469 ttyc/ttyd should be an allowed console device Reviewed by: Milan Jurik <milan.jurik@xylab.cz> Reviewed by: Alexander Eremin <alexander.r.eremin@gmail.com> Approved by: Richard Lowe <richlowe@richlowe.net>
author Gary Mills <gary_mills@fastmail.fm>
date Thu, 05 Apr 2012 08:47:21 -0500
parents 5b2854ecc12d
children
line wrap: on
line source

'\" te
.\" Copyright 1989 AT&T
.\" Copyright (C) 2006, Sun Microsystems, Inc. All Rights Reserved
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
.TH RPCBIND 1M "Aug 1, 2006"
.SH NAME
rpcbind \- universal addresses to RPC program number mapper
.SH SYNOPSIS
.LP
.nf
\fBrpcbind\fR [\fB-d\fR] [\fB-w\fR]
.fi

.SH DESCRIPTION
.sp
.LP
\fBrpcbind\fR is a server that converts \fBRPC\fR program numbers into
universal addresses. It must be running on the host to be able to make
\fBRPC\fR calls on a server on that machine.
.sp
.LP
When an \fBRPC\fR service is started, it tells \fBrpcbind\fR the address at
which it is listening, and the \fBRPC\fR program numbers it is prepared to
serve. When a client wishes to make an \fBRPC\fR call to a given program
number, it first contacts \fBrpcbind\fR on the server machine to determine the
address where \fBRPC\fR requests should be sent.
.sp
.LP
\fBrpcbind\fR should be started before any other \fBRPC\fR service. Normally,
standard \fBRPC\fR servers are started by port monitors, so \fBrpcbind\fR must
be started before port monitors are invoked.
.sp
.LP
When \fBrpcbind\fR is started, it checks that certain name-to-address
translation-calls function correctly. If they fail, the network configuration
databases can be corrupt. Since \fBRPC\fR services cannot function correctly in
this situation, \fBrpcbind\fR reports the condition and terminates.
.sp
.LP
\fBrpcbind\fR maintains an open transport end for each transport that it uses
for indirect calls. This is the \fBUDP\fR port on most systems.
.sp
.LP
The \fBrpcbind\fR service is managed by the service management facility,
\fBsmf\fR(5), under the service identifier:
.sp
.in +2
.nf
svc:/network/rpc/bind
.fi
.in -2
.sp

.sp
.LP
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using \fBsvcadm\fR(1M). \fBrpcbind\fR can
only be started by the superuser or someone in the Primary Administrator role.
.sp
.LP
The configuration properties of this service can be modified with
\fBsvccfg\fR(1M).
.sp
.LP
The following SMF property is used to allow or disallow access to \fBrpcbind\fR
by remote clients:
.sp
.in +2
.nf
config/local_only = true
.fi
.in -2

.sp
.LP
The default value, \fBtrue\fR, shown above, disallows remote access; a value of
\fBfalse\fR allows remove access. See EXAMPLES.
.sp
.LP
The FMRI \fBsvc:network/rpc/bind\fR property group \fBconfig\fR contains the
following property settings:
.sp
.ne 2
.na
\fB\fBenable_tcpwrappers\fR\fR
.ad
.RS 22n
Specifies that the TCP wrappers facility is used to control access to TCP
services. The value \fBtrue\fR enables checking. The default value for
\fBenable_tcpwrappers\fR is \fBfalse\fR. If the \fBenable_tcpwrappers\fR
parameter is enabled, then all calls to \fBrpcbind\fR originating from
non-local addresses are automatically wrapped by the TCP wrappers facility. The
\fBsyslog\fR facility code daemon is used to log allowed connections (using the
\fBinfo\fR severity level) and denied traffic (using the \fBwarning\fR severity
level). See \fBsyslog.conf\fR(4) for a description of \fBsyslog\fR codes and
severity levels. The stability level of the TCP wrappers facility and its
configuration files is External. As the TCP wrappers facility is not controlled
by Sun, intrarelease incompatibilities are not uncommon. See
\fBattributes\fR(5).
.RE

.sp
.ne 2
.na
\fB\fBverbose_logging\fR\fR
.ad
.RS 22n
Specifies whether the TCP wrappers facility logs all calls orjust the denied
calls. The default is \fBfalse\fR. This option has no effect if TCP wrappers
are not enabled.
.RE

.sp
.ne 2
.na
\fB\fBallow_indirect\fR\fR
.ad
.RS 22n
Specifies whether \fBrpcbind\fR allows indirect calls at all. By default,
\fBrpcbind\fR allows most indirect calls, except to a number of standard
services(\fBkeyserv\fR, \fBautomount\fR, \fBmount\fR, \fBnfs\fR, \fBrquota\fR,
and selected NIS and \fBrpcbind\fR procedures). Setting \fBallow_indirect\fR to
\fBfalse\fR causes all indirect calls to be dropped. The default is \fBtrue\fR.
NIS broadcast clients rely on this functionality on NIS servers.
.RE

.SH OPTIONS
.sp
.LP
The following options are supported:
.sp
.ne 2
.na
\fB\fB-d\fR\fR
.ad
.RS 6n
Run in debug mode. In this mode, \fBrpcbind\fR does not fork when it starts. It
prints additional information during operation, and aborts on certain errors.
With this option, the name-to-address translation consistency checks are shown
in detail.
.RE

.sp
.ne 2
.na
\fB\fB-w\fR\fR
.ad
.RS 6n
Do a warm start. If \fBrpcbind\fR aborts or terminates on \fBSIGINT\fR or
\fB\fR\fBSIGTERM\fR, it writes the current list of registered services to
\fB/var/run/portmap.file\fR and \fB/var/run/rpcbind.file\fR. Starting
\fBrpcbind\fR with the \fB-w\fR option instructs it to look for these files and
start operation with the registrations found in them. This allows \fBrpcbind\fR
to resume operation without requiring all \fBRPC\fR services to be restarted.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRAllowing Remote Access
.sp
.LP
The following sequence of commands allows remote access to \fBrpcbind\fR.

.sp
.in +2
.nf
# \fBsvccfg -s svc:/network/rpc/bind setprop config/local_only = false\fR
# \fBsvcadm refresh svc:/network/rpc/bind\fR
.fi
.in -2
.sp

.SH FILES
.sp
.ne 2
.na
\fB\fB/var/run/portmap.file\fR\fR
.ad
.RS 25n
Stores the information for \fBRPC\fR services registered over IP based
transports for warm start purposes.
.RE

.sp
.ne 2
.na
\fB\fB/var/run/rpcbind.file\fR\fR
.ad
.RS 25n
Stores the information for all registered \fBRPC\fR services for warm start
purposes.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
box;
c | c
l | l .
ATTRIBUTE TYPE	ATTRIBUTE VALUE
_
Interface Stability	See below.
.TE

.sp
.LP
TCP wrappers is External.
.SH SEE ALSO
.sp
.LP
\fBsmf\fR(5), \fBrpcinfo\fR(1M), \fBsvcadm\fR(1M), \fBsvccfg\fR(1M),
\fBrpcbind\fR(3NSL), \fBsyslog.conf\fR(4), \fBattributes\fR(5), \fBsmf\fR(5)
.sp
.LP
For information on the TCP wrappers facility, see the \fBhosts_access(4)\fR man
page, delivered as part of the Solaris operating environment in
\fB/usr/sfw/man\fR and available in the \fBSUNWtcpd\fR package.
.SH NOTES
.sp
.LP
Terminating \fBrpcbind\fR with \fBSIGKILL\fR prevents the warm-start files from
being written.
.sp
.LP
All \fBRPC\fR servers are restarted if the following occurs: \fBrpcbind\fR
crashes (or is killed with \fBSIGKILL)\fR and is unable to to write the
warm-start files; \fBrpcbind\fR is started without the \fB-w\fR option after a
graceful termination. Otherwise, the warm start files are not found by
\fBrpcbind\fR.