<i>xinetd</i> and Linux services

xinetd and Linux services

The UNIX/Linux inetd program starts daemons and services, frequently when the system is booted. The xinetd is extended inetd. The xinetd program uses a set of configuration files which are stored in the directory /etc/xinetd.d. The xinetd.d directory contains one file for each service. Commonly these services include finger, rsh, rwho and swat (the last being a service for Samba). There is also a main defaults definition in /etc/xinetd.conf. The format for the xinetd.conf files can be found in the man page xinetd.conf(5).

Samba is a software that allows Windows file systems and printers to be accessed by a Linux system. I delved into xinetd because I wanted to get the swat service to work. The swat service allows Samba to be configured via a web iterface. Once the service is running properly it can be accessed at http://localhost:901. There is a swat file in the /etc/xinetd.d directory. By default it contains:

# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#        to configure your Samba server. To use SWAT, \
#	        connect to port 901 with your favorite web browser.
service swat
{
    port= 901
    socket_type= stream
    wait = no
    only_from= 127.0.0.1
    user= root
    server= /usr/sbin/swat
    log_on_failure+= USERID
    disable= yes
}

The last line, "disable= yes", states that swat will not be run by default (when the system starts up). Presumably this is for security reasons. As a general rule, the more ports a system enables services on, the more chance there is that an attacker can harm the system or gain unauthorized access. To enable swat, "disable= yes" is changed to "disable= no". Then xinetd must be restarted. This can be done by entering the command

/etc/rc.d/init.d/xinetd restart

This must be done as root. The xinetd program will print

Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]

It should now be possible to connect to swat via the web browser, using the URL http://localhost:901.

Mapping services to ports

The /etc/services file contains the mapping between ports and services. It also defines the protocol to be used for the service (e.g., tcp or udp).

Ian Kaplan
Date: July 18, 2004

back to Linux Notes