Manualshelf

NFS Services Administrator Guide for 11i v3 (5900-2572, September 2012)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
Table 9 RPC Services managed by inetd (continued)
DescriptionRPC Service
The rpc.rusersd program responds to requests from the rusers command, which collects and
displays information about all users who are logged in to the systems on the local network. For
more information, see rusersd (1M) and rusers (1).
rusersd
The rpc.rwalld program handles requests from the rwall program. The rwall program sends
a message to a specified system where the rpc.rwalld program is running, and the message is
written to all users logged in to the system. For more information, see rwalld (1M) and rwall (1M).
rwalld
The rpc.sprayd program is the server for the spray command, which sends a stream of packets
to a specified host and then reports how many were received and how fast. For more information,
see sprayd (1M) and spray (1M).
sprayd
The rpc.rquotad program responds to requests from the quota command, which displays
information about a user’s disk usage and limits. For more information, see rquotad (1M) and quota
(1).
rquotad
The gssd program operates between the Kernel RPC and the Generic Security Services Application
Program Interface (GSS-API) to generate and validate the GSS-API tokens. For more information,
see gssd(1M).
gssd
Restricting Access to RPC-based Services
To restrict access to RPC-based services, create an entry with the following syntax in the /var/
adm/inetd.sec file for each service to which you want to restrict access:
service {allow} host_or_network [host_or_network...] {deny}
If the /var/adm/inetd.sec file does not exist, you may have to create it.
The service must match one of the service names in the /etc/rpc file.
Specify either allow or deny, but not both. Enter only one entry per service.
The host_or_network can be either an official host name, a network name, or an IP address.
Any of the four numbers in an IP address can be specified as a range (for example, 1-28) or as
a wildcard character (*).
The inetd.sec file is checked only when the service starts. If a service remains active and accepts
more requests without being restarted, the inetd.sec file is not checked again.
You can use HP SMH to modify the /var/adm/inetd.sec file.
For more information, see inetd.conf (4) and inetd.sec (4).
Examples from /var/adm/inetd.sec
In the following example, only hosts on subnets 15.13.2.0 through 15.13.12.0 are allowed to
use the spray command:
sprayd allow 15.13.2-12.0
In the following example, the host cauliflower is prevented from using the rwall command:
rwalld deny cauliflower
46 Configuring and Administering NFS Services