Manualshelf

NFS Services Administrator's Guide (762805-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software
41424344454647484950
Table 9 RPC Services managed by inetd (continued)
DescriptionRPC Service
The rpc.rquotad program responds to requests from the quota command, which displays
information about a user’s disk usage and limits. For more information, see rquotad (1M) and quota
(1).
rquotad
The gssd program operates between the Kernel RPC and the Generic Security Services Application
Program Interface (GSS-API) to generate and validate the GSS-API tokens. For more information,
see gssd(1M).
gssd
Restricting access to RPC-based services
To restrict access to RPC-based services, create an entry with the following syntax in the /var/
adm/inetd.sec file for each service to which you want to restrict access:
service {allow} host_or_network [host_or_network...] {deny}
If the /var/adm/inetd.sec file does not exist, you may have to create it.
The service must match one of the service names in the /etc/rpc file.
Specify either allow or deny, but not both. Enter only one entry per service.
The host_or_network can be either an official host name, a network name, or an IP address.
Any of the four numbers in an IP address can be specified as a range (for example, 1-28) or as
a wildcard character (*).
The inetd.sec file is checked only when the service starts. If a service remains active and accepts
more requests without being restarted, the inetd.sec file is not checked again.
You can use HP SMH to modify the /var/adm/inetd.sec file.
For more information, see inetd.conf (4) and inetd.sec (4).
Examples from /var/adm/inetd.sec
In the following example, only hosts on subnets 15.13.2.0 through 15.13.12.0 are allowed to
use the spray command:
sprayd allow 15.13.2-12.0
In the following example, the host cauliflower is prevented from using the rwall command:
rwalld deny cauliflower
48 Configuring and administering NFS services