[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-60-gae6b5b
|
From: |
Alfred M. Szmidt |
|
Subject: |
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-60-gae6b5b5 |
|
Date: |
Tue, 31 Mar 2015 07:46:04 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".
The branch, master has been updated
via ae6b5b5f5c134e710fb45e20ea7ff8b3da10c030 (commit)
from 3e7df6ebd742dc50a31406c1cb5f872a0a9b1cc7 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=ae6b5b5f5c134e710fb45e20ea7ff8b3da10c030
commit ae6b5b5f5c134e710fb45e20ea7ff8b3da10c030
Author: Alfred M. Szmidt <address@hidden>
Date: Tue Mar 31 07:43:44 2015 +0000
* doc/inetutils.texi: Re-order chapters.
diff --git a/ChangeLog b/ChangeLog
index f499500..f93388a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2015-03-31 Alfred M. Szmidt <address@hidden>
+
+ * doc/inetutils.texi: Re-order chapters.
+
2015-03-30 Mats Erik Andersson <address@hidden>
Texinfo: Slight reordering of nodes.
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 12ad8b1..775b9a8 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -19,8 +19,6 @@
@syncodeindex pg cp
@syncodeindex vr cp
address@hidden Francois Fran@,{c}ois
-
@dircategory Basics
@direntry
* Inetutils: (inetutils). GNU networking utilities.
@@ -35,8 +33,8 @@
* hostname: (inetutils)hostname invocation. Show or set system host name.
* inetd: (inetutils)inetd invocation. Internet super-server.
* logger: (inetutils)logger invocation. Send messages to the system
log.
-* ping: (inetutils)ping invocation. Packets to network hosts.
* ping6: (inetutils)ping6 invocation. Packets to IPv6 network
hosts.
+* ping: (inetutils)ping invocation. Packets to network hosts.
* rcp: (inetutils)rcp invocation. Remote copy
* rexec: (inetutils)rexec invocation. Remote execution client.
* rexecd: (inetutils)rexecd invocation. Remote execution server.
@@ -93,8 +91,6 @@ Documentation License''.
@insertcopying
@end ifnottex
address@hidden networking utilities
-
@menu
* Introduction:: Caveats, overview, and authors.
* Common options:: Common options.
@@ -122,16 +118,18 @@ Clients
Daemons
-* ftpd invocation:: FTP Daemon.
-* inetd invocation:: Internet super-server.
-* rexecd invocation:: Remote execution server.
-* rlogind invocation:: Remote login server.
-* rshd invocation:: Remote shell server.
-* syslogd invocation:: Syslog server.
-* talkd invocation:: Talk server.
-* telnetd invocation:: Telnet server.
-* tftpd invocation:: TFTP server.
-* uucpd invocation:: Unix to Unix Copy.
+* inetd invocation:: Internet super-server.
+* syslogd invocation:: Syslog server.
+* ftpd invocation:: FTP Daemon.
+* rexecd invocation:: Remote execution server.
+* rlogind invocation:: Remote login server.
+* rshd invocation:: Remote shell server.
+* talkd invocation:: Talk server.
+* telnetd invocation:: Telnet server.
+* tftpd invocation:: TFTP server.
+* uucpd invocation:: Unix to Unix Copy.
+
+Appendix
* GNU Free Documentation License:: The license for this manual.
* Index:: Index of manual.
@@ -228,10 +226,10 @@ majority of commands, an exit status of zero indicates
success.
Failure is indicated by a nonzero value --- typically @samp{1}, though
it may differ on unusual platforms, as POSIX requires only that it be
nonzero.
-
+�
@node dnsdomainname invocation
@chapter @command{dnsdomainname}: Show DNS domain name
address@hidden dnsdomainname
address@hidden dnsdomainname
@command{dnsdomainname} is a program to show the domain part of the
system's fully qualified domain name. For example, if the FQDN of the
@@ -253,10 +251,10 @@ dnsdomainname address@hidden@dots{}]
@noindent
There is no command specific option.
-
+�
@node hostname invocation
@chapter @command{hostname}: Show or set system host name.
address@hidden hostname
address@hidden hostname
@command{hostname} is a program to show or to set the name of a
host system.
@@ -322,10 +320,10 @@ Get short host name.
@opindex --nis
Get NIS/YP domain name.
@end table
-
+�
@node logger invocation
@chapter @command{logger}: Send messages to system log
address@hidden logger
address@hidden logger
@command{logger} is a program to send entries to system log. It
provides a shell command interface similar to the system log module.
@@ -476,10 +474,10 @@ logger -p daemon.warn -h logger.runasimi.org -S
10.10.10.1 \
@verb{| |}--file warnings
@end example
@end enumerate
-
+�
@node ping invocation
@chapter @command{ping}: Packets to network hosts
address@hidden ping
address@hidden ping
@c FIXME: The text is far to detailed about the actual implementation
@c of ping. A user doesn't need to know that we are using TIMEVAL, or
@@ -863,10 +861,10 @@ Some BSD variants offer a kernel setting to inhibit all
replies
to ICMP_MASKREQ packets, but in general, Unices are designed either
to answer the request with a valid netmask, or to drop the request,
causing @command{ping} to wait for a timeout condition.
-
+�
@node ping6 invocation
@chapter @command{ping6}: Packets to IPv6 network hosts
address@hidden ping6
address@hidden ping6
@command{ping6} uses ICMPv6 datagrams to get a response
from the chosen destination host.
@@ -1021,10 +1019,10 @@ the use of @command{ping6}.
Keep in mind, though, that the differing address family
causes some discrepancy.
@xref{ping invocation}.
-
+�
@node traceroute invocation
@chapter @command{traceroute}: Trace the route to a host
address@hidden traceroute
address@hidden traceroute
@command{traceroute} prints a trace of the route
address@hidden are travelling to a remote host.
@@ -1163,10 +1161,10 @@ Isolated host, not reachable.
@item !X
Forbidden by remote administration.
@end table
-
+�
@node whois invocation
@chapter @command{whois}: User interface to WHOIS data bases.
address@hidden whois
address@hidden whois
The functionality of a world wide Internet is dependent on
stored node information of different kinds.
@@ -1315,10 +1313,9 @@ When unset, @samp{whois.internic.net} is used as default
server.
@end table
�
-
@node ftp invocation
@chapter @command{ftp}: FTP client
address@hidden ftp
address@hidden ftp
@command{ftp} is the user interface to FTP,
the File Transfer Protocol.
@@ -2160,139 +2157,26 @@ and continue until a null line (consecutive new-line
characters) is
encountered. If a macro named init is defined, it is automatically
executed as the last step in the auto-login process.
@end table
+�
address@hidden rcp invocation
address@hidden @command{rcp}: Copy files between machines
address@hidden rcp
address@hidden tftp invocation
address@hidden @command{tftp}: TFTP client
address@hidden tftp
-
address@hidden is the user interface to the Internet TFTP, Trivial
-File Transfer Protocol, which allows users to transfer files to and
-from a remote machine. The remote host may be specified on the
-command line, in which case @command{tftp} uses host as the default
-host for future transfers.
address@hidden copies files between machines. Each file or directory
+argument is either a remote file name of the form
address@hidden@@rhost:path}, or a local file name (containing no @samp{:}
+characters, or a @samp{/} before any @samp{:}s).
@noindent
Synopsis:
@example
-tftp address@hidden@dots{} @var{host}
address@hidden example
-
address@hidden Commands
-
-Once @command{tftp} is running, it issues the prompt and recognizes
-the following commands:
-
address@hidden @code
address@hidden ? @var{command-name}
-Print help information.
-
address@hidden ascii
-Shorthand for @code{mode ascii}
-
address@hidden binary
-Shorthand for @code{mode binary}
-
address@hidden connect @var{host-name} address@hidden
-Set the host (and optionally port) for transfers. Note that the TFTP
-protocol, unlike the FTP protocol, does not maintain connections
-between transfers; thus, the connect command does not actually create
-a connection, but merely remembers what host is to be used for
-transfers. You do not have to use the connect command; the remote
-host can be specified as part of the get or put commands.
-
address@hidden get @var{file-name}
address@hidden get @var{remotename} @var{localname}
address@hidden get @address@hidden
-Get a file, or a set of files, from the specified sources. The source can
-be in one of two forms: a file name on the remote host, if the host has
-already been specified, or a string of the form @samp{host:filename}
-to specify both a host and file name at the same time. If the latter
-form is used, the last hostname specified becomes the default for
-future transfers. When specifying a numeric IPv6 address as host
-part, then this address must be enclosed between square brackets,
-since it contains colons and would interfere with the delimiter
-before the file name. Brackets are optional for IPv4 addresses.
-
address@hidden
-tftp> get [2001:1234::12]:issue
address@hidden example
-
address@hidden mode @var{transfer-mode}
-Set the mode for transfers; @var{transfer-mode} may be one of
address@hidden or @samp{binary}. The default is @samp{ascii}.
-
address@hidden put @var{file}
address@hidden put @var{localfile} @var{remotefile}
address@hidden put @address@hidden @var{remote-directory}
-Put a file or set of files to the specified remote file or directory.
-The destination can be in one of two forms: a filename on the remote
-host, if the host has already been specified, or a string of the form
address@hidden:filename} to specify both a host and filename at the same
-time. If the latter form is used, the hostname specified becomes the
-default for future transfers. If the @file{remote-directory} form is
-used, the remote host is assumed to be a UNIX machine. The same use
-of square brackets for enclosing numeric IPv6 addresses applies here,
-as was mentioned for the command @command{get}.
-
address@hidden quit
-Exit @command{tftp}. An end of file also exits.
-
address@hidden rexmt @var{retransmission-timeout}
-Set the per-packet retransmission timeout, in seconds.
-
address@hidden status
-Show current status.
-
address@hidden timeout @var{total-transmission-timeout}
-Set the total transmission timeout, in seconds.
-
address@hidden trace
-Toggle packet tracing.
-
address@hidden verbose
-Toggle verbose mode.
address@hidden table
-
-Because there is no user-login or validation within the @command{tftp}
-protocol, the remote site will probably have some sort of file-access
-restrictions in place. The exact methods are specific to each site
-and therefore difficult to document here.
-
address@hidden rsh invocation
address@hidden @command{rsh}: Remote shell
address@hidden rsh
-
address@hidden executes commands on a remote host and copies its local
-standard input to that of the remote command, as well as the remote
-standard output to the local standard output, and the remote standard
-error to the local standard error. Locally raised interrupt, quit and
-terminate signals are all propagated to the remote command. Normally
address@hidden terminates when the remote command does so.
-
-When using the @command{rsh} command, you can for convenience create
-a link in your path, using a host name as name of the link. For example:
-
address@hidden
-# ln -s /usr/bin/rsh @var{hostname}
-# @var{hostname} ls
+rcp address@hidden@dots{} @var{old-file} @var{new-file}
+rcp address@hidden@dots{} @address@hidden @var{directory}
@end example
address@hidden
-Afterwards, @var{hostname} will be passed to @command{rsh} as host name
-whenever the command @var{hostname} is issued.
-
address@hidden allows access to the remote host without the use of a
-password. The prerequisite is a suitable specification in @file{~/.rhosts}.
-For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}.
-
-If no command is specified for @command{rsh} ar argument following the
-host name, then you will be logged in on the remote host using
@command{rlogin}.
-
@section Command line options
address@hidden options}
-
-The options are as follows :
address@hidden options}
@table @option
@item -4
@@ -2307,42 +2191,23 @@ Use only IPv4.
@opindex --ipv6
Use only IPv6.
address@hidden -d
address@hidden --debug
address@hidden -d @var{directory}
address@hidden address@hidden
@opindex -d
address@hidden --debug
-Turns on socket debugging used for communication with the remote host.
-
address@hidden -l @var{user}
address@hidden address@hidden
address@hidden -l
address@hidden --user
-By default, the remote username is the same as the local username.
-The @option{-l} option and the @samp{username@@host} format allow the
-remote user name to be specified. Kerberos authentication is used,
-whenever available, and authorization is determined as in @command{rlogin}
-(@pxref{rlogin invocation}).
-
address@hidden -n
address@hidden --no-input
address@hidden -n
address@hidden --no-input
-Use @file{/dev/null} for all input, telling the server side that
-we send no material. This can prevent the remote process from
-blocking, should it optionally accept more input.
-The option is void together with encryption.
address@hidden table
address@hidden --target-directory
+Copy all source arguments into @var{directory}.
address@hidden
-The next three options are available only if the program
-has been compiled with support for Kerberos authentication.
address@hidden -f
address@hidden --from
address@hidden -f
address@hidden --from
+(Server mode only.) Copying from remote host.
address@hidden @option
@item -k @var{realm}
@itemx address@hidden
@opindex -k
@opindex --realm
-The option requests rsh to obtain tickets for the remote host in
+The option requests rcp to obtain tickets for the remote host in
realm @var{realm} instead of the remote host's realm.
@item -K
@@ -2351,62 +2216,135 @@ realm @var{realm} instead of the remote host's realm.
@opindex --kerberos
Turns off all Kerberos authentication.
address@hidden -p
address@hidden --preserve
address@hidden -p
address@hidden --preserve
+Causes @code{rcp} to attempt to preserve (duplicate) in its copies the
+modification times and modes of the source files, ignoring the umask.
+By default, the mode and owner of the target file are preserved
+if the target itself already exists; otherwise the mode of the source
+file is modified by the @code{umask} setting on the destination host.
+
address@hidden -r
address@hidden --recursive
address@hidden -r
address@hidden --recursive
+If any of the source files are directories, @command{rcp} copies each
+subtree rooted at that name; in this case the destination must be a
+directory.
+
address@hidden -t
address@hidden --to
address@hidden -t
address@hidden --to
+(Server mode only.) Copying to remote host.
+
@item -x
@itemx --encrypt
@opindex -x
@opindex --encrypt
-Turns on encryption for all data passed via the rsh session. This
-may impact response time and CPU utilization, but provides increased
+Turns on encryption for all data passed via the @command{rcp} session.
+This may impact response time and CPU utilization, but provides increased
security.
+
@end table
address@hidden
-Finally, some compatibility options are present:
address@hidden doesn't detect all cases where the target of a copy
+might be a file in cases where only a directory should be legal.
address@hidden @option
address@hidden -8
address@hidden --8-bit
address@hidden -e @var{char}
address@hidden address@hidden
address@hidden -E
address@hidden --no-escape
-Ignored during normal operation, but passed on to @command{rlogin}
-when @command{rsh} is invoked without a command argument.
address@hidden table
address@hidden can be confused by any output generated by commands in a
address@hidden, @file{.profile}, or @file{.cshrc} file on the remote
+host.
address@hidden Note on stream redirections
+The destination user and hostname may have to be specified as
address@hidden when the destination machine is running the 4.2BSD
+version of @command{rcp}.
+�
address@hidden rexec invocation
address@hidden @command{rexec}: a remote execution program
address@hidden rexec
-Beware that non-quoted shell metacharacters are interpreted on the local
-machine, while quoted metacharacters are interpreted on the remote
-machine. For example:
address@hidden is a program that executes a program on another host.
+
address@hidden
+Synopsis:
@example
-rsh otherhost cat remotefile >> localfile
-rsh otherhost cat remotefile ">>" otherfile
+rexec address@hidden address@hidden address@hidden \
address@hidden| |}[OPTION] @var{command}
@end example
address@hidden
-The first command appends the contents of @file{remotefile}, as found
-on the remote host, to the file @file{localfile} on the local host,
-since the local shell will intercept the redirection and will thus
-receive whatever the remote process directs to stdout.
address@hidden Command line options
address@hidden options}
-In contrast, the second command will append the contents of the same
-file @file{remotefile} to a file named @file{otherfile} again, but this
-time the file is located on the remote host. The effect of quoting
-the redirection operator is to execute the command
address@hidden @option
address@hidden -4
address@hidden --ipv4
address@hidden -4
address@hidden --ipv4
+Use only IPv4 connections as all times.
address@hidden
-cat remotefile >> localfile
address@hidden example
address@hidden -6
address@hidden --ipv6
address@hidden -6
address@hidden --ipv6
+Use only IPv6 connections.
address@hidden
-entirely on the remote most, whence stdout at the remote host will
-have nothing to transmit to the listening local host!.
address@hidden -a
address@hidden --ipany
address@hidden -a
address@hidden --ipany
+Allow any address family for connections. This is the default.
+
address@hidden -e
address@hidden address@hidden
address@hidden -e
address@hidden --error
+Specify the TCP port to use for stderr redirection, in case it is not
+specified a random port will be used.
+
address@hidden -h
address@hidden address@hidden
address@hidden -h
address@hidden --host
+Specify the host with whom to connect: symbolic name or address.
+
address@hidden -n
address@hidden --noerr
address@hidden -n
address@hidden --noerr
+If specified, an error stream will not be created.
+
address@hidden -p
address@hidden address@hidden
address@hidden -p
address@hidden --password
+Specify the password for logging-in. The special value
+consisting of a single dash @samp{-} will make @command{rexec}
+read a single line from stdin. This input is then used
+as password and is passed as such to the remote server.
+Thus it is possible to hide vital access information
+slightly better than the full disclosure implicit in
+the text of a command line option.
+
address@hidden -P
address@hidden address@hidden
address@hidden -P
address@hidden --port
+Specify to which numerical port a connection shall be sought.
+If it is not specified, then use port 512/tcp by default.
address@hidden -u
address@hidden address@hidden
address@hidden -u
address@hidden --user
+Specify the user with whom to log into the server.
address@hidden table
+�
@node rlogin invocation
@chapter @command{rlogin}: Remote login
address@hidden rlogin
address@hidden rlogin
The @command{rlogin} command starts a terminal session on the
specified remote host, provided the required authentication
@@ -2589,26 +2527,41 @@ for on the remote machine as in @command{login}. To
avoid certain
security problems, the @file{.k5login} file must be owned by the remote
user. If Kerberos authentication fails, a warning message is printed
and the standard Berkeley rlogin is used instead.
+�
address@hidden rsh invocation
address@hidden @command{rsh}: Remote shell
address@hidden rsh
address@hidden rcp invocation
address@hidden @command{rcp}: Copy files between machines
address@hidden rcp
-
address@hidden copies files between machines. Each file or directory
-argument is either a remote file name of the form
address@hidden@@rhost:path}, or a local file name (containing no @samp{:}
-characters, or a @samp{/} before any @samp{:}s).
address@hidden executes commands on a remote host and copies its local
+standard input to that of the remote command, as well as the remote
+standard output to the local standard output, and the remote standard
+error to the local standard error. Locally raised interrupt, quit and
+terminate signals are all propagated to the remote command. Normally
address@hidden terminates when the remote command does so.
address@hidden
-Synopsis:
+When using the @command{rsh} command, you can for convenience create
+a link in your path, using a host name as name of the link. For example:
@example
-rcp address@hidden@dots{} @var{old-file} @var{new-file}
-rcp address@hidden@dots{} @address@hidden @var{directory}
+# ln -s /usr/bin/rsh @var{hostname}
+# @var{hostname} ls
@end example
address@hidden
+Afterwards, @var{hostname} will be passed to @command{rsh} as host name
+whenever the command @var{hostname} is issued.
+
address@hidden allows access to the remote host without the use of a
+password. The prerequisite is a suitable specification in @file{~/.rhosts}.
+For details, @xref{rcmd, , rcmd, libc, The GNU C Library Reference Manual}.
+
+If no command is specified for @command{rsh} ar argument following the
+host name, then you will be logged in on the remote host using
@command{rlogin}.
+
@section Command line options
address@hidden options}
address@hidden options}
+
+The options are as follows :
@table @option
@item -4
@@ -2623,23 +2576,42 @@ Use only IPv4.
@opindex --ipv6
Use only IPv6.
address@hidden -d @var{directory}
address@hidden address@hidden
address@hidden -d
address@hidden --debug
@opindex -d
address@hidden --target-directory
-Copy all source arguments into @var{directory}.
address@hidden --debug
+Turns on socket debugging used for communication with the remote host.
address@hidden -f
address@hidden --from
address@hidden -f
address@hidden --from
-(Server mode only.) Copying from remote host.
address@hidden -l @var{user}
address@hidden address@hidden
address@hidden -l
address@hidden --user
+By default, the remote username is the same as the local username.
+The @option{-l} option and the @samp{username@@host} format allow the
+remote user name to be specified. Kerberos authentication is used,
+whenever available, and authorization is determined as in @command{rlogin}
+(@pxref{rlogin invocation}).
+
address@hidden -n
address@hidden --no-input
address@hidden -n
address@hidden --no-input
+Use @file{/dev/null} for all input, telling the server side that
+we send no material. This can prevent the remote process from
+blocking, should it optionally accept more input.
+The option is void together with encryption.
address@hidden table
+
address@hidden
+The next three options are available only if the program
+has been compiled with support for Kerberos authentication.
address@hidden @option
@item -k @var{realm}
@itemx address@hidden
@opindex -k
@opindex --realm
-The option requests rcp to obtain tickets for the remote host in
+The option requests rsh to obtain tickets for the remote host in
realm @var{realm} instead of the remote host's realm.
@item -K
@@ -2648,150 +2620,76 @@ realm @var{realm} instead of the remote host's realm.
@opindex --kerberos
Turns off all Kerberos authentication.
address@hidden -p
address@hidden --preserve
address@hidden -p
address@hidden --preserve
-Causes @code{rcp} to attempt to preserve (duplicate) in its copies the
-modification times and modes of the source files, ignoring the umask.
-By default, the mode and owner of the target file are preserved
-if the target itself already exists; otherwise the mode of the source
-file is modified by the @code{umask} setting on the destination host.
-
address@hidden -r
address@hidden --recursive
address@hidden -r
address@hidden --recursive
-If any of the source files are directories, @command{rcp} copies each
-subtree rooted at that name; in this case the destination must be a
-directory.
-
address@hidden -t
address@hidden --to
address@hidden -t
address@hidden --to
-(Server mode only.) Copying to remote host.
-
@item -x
@itemx --encrypt
@opindex -x
@opindex --encrypt
-Turns on encryption for all data passed via the @command{rcp} session.
-This may impact response time and CPU utilization, but provides increased
+Turns on encryption for all data passed via the rsh session. This
+may impact response time and CPU utilization, but provides increased
security.
address@hidden table
address@hidden
+Finally, some compatibility options are present:
+
address@hidden @option
address@hidden -8
address@hidden --8-bit
address@hidden -e @var{char}
address@hidden address@hidden
address@hidden -E
address@hidden --no-escape
+Ignored during normal operation, but passed on to @command{rlogin}
+when @command{rsh} is invoked without a command argument.
@end table
address@hidden doesn't detect all cases where the target of a copy
-might be a file in cases where only a directory should be legal.
address@hidden Note on stream redirections
address@hidden can be confused by any output generated by commands in a
address@hidden, @file{.profile}, or @file{.cshrc} file on the remote
-host.
+Beware that non-quoted shell metacharacters are interpreted on the local
+machine, while quoted metacharacters are interpreted on the remote
+machine. For example:
-The destination user and hostname may have to be specified as
address@hidden when the destination machine is running the 4.2BSD
-version of @command{rcp}.
address@hidden
+rsh otherhost cat remotefile >> localfile
+rsh otherhost cat remotefile ">>" otherfile
address@hidden example
address@hidden rexec invocation
address@hidden @command{rexec}: a remote execution program
address@hidden rexec
address@hidden
+The first command appends the contents of @file{remotefile}, as found
+on the remote host, to the file @file{localfile} on the local host,
+since the local shell will intercept the redirection and will thus
+receive whatever the remote process directs to stdout.
address@hidden is a program that executes a program on another host.
+In contrast, the second command will append the contents of the same
+file @file{remotefile} to a file named @file{otherfile} again, but this
+time the file is located on the remote host. The effect of quoting
+the redirection operator is to execute the command
+
address@hidden
+cat remotefile >> localfile
address@hidden example
+
address@hidden
+entirely on the remote most, whence stdout at the remote host will
+have nothing to transmit to the listening local host!.
+�
address@hidden talk invocation
address@hidden @command{talk}: a communication program
address@hidden talk
+
address@hidden is a visual communication program which copies lines
+from your terminal to that of another user.
@noindent
Synopsis:
@example
-rexec address@hidden address@hidden address@hidden \
address@hidden| |}[OPTION] @var{command}
+talk @var{person} address@hidden
@end example
address@hidden Command line options
address@hidden options}
address@hidden Invoking
address@hidden @option
address@hidden -4
address@hidden --ipv4
address@hidden -4
address@hidden --ipv4
-Use only IPv4 connections as all times.
-
address@hidden -6
address@hidden --ipv6
address@hidden -6
address@hidden --ipv6
-Use only IPv6 connections.
-
address@hidden -a
address@hidden --ipany
address@hidden -a
address@hidden --ipany
-Allow any address family for connections. This is the default.
-
address@hidden -e
address@hidden address@hidden
address@hidden -e
address@hidden --error
-Specify the TCP port to use for stderr redirection, in case it is not
-specified a random port will be used.
-
address@hidden -h
address@hidden address@hidden
address@hidden -h
address@hidden --host
-Specify the host with whom to connect: symbolic name or address.
-
address@hidden -n
address@hidden --noerr
address@hidden -n
address@hidden --noerr
-If specified, an error stream will not be created.
-
address@hidden -p
address@hidden address@hidden
address@hidden -p
address@hidden --password
-Specify the password for logging-in. The special value
-consisting of a single dash @samp{-} will make @command{rexec}
-read a single line from stdin. This input is then used
-as password and is passed as such to the remote server.
-Thus it is possible to hide vital access information
-slightly better than the full disclosure implicit in
-the text of a command line option.
-
address@hidden -P
address@hidden address@hidden
address@hidden -P
address@hidden --port
-Specify to which numerical port a connection shall be sought.
-If it is not specified, then use port 512/tcp by default.
-
address@hidden -u
address@hidden address@hidden
address@hidden -u
address@hidden --user
-Specify the user with whom to log into the server.
address@hidden table
-
-
address@hidden talk invocation
address@hidden @command{talk}: a communication program
address@hidden talk
-
address@hidden is a visual communication program which copies lines
-from your terminal to that of another user.
-
address@hidden
-Synopsis:
-
address@hidden
-talk @var{person} address@hidden
address@hidden example
-
address@hidden Invoking
-
-The command line arguments are as follows:
+The command line arguments are as follows:
@table @var
@item person
@@ -2847,10 +2745,10 @@ The ability to talk may be enabled or disabled by use
of the
this message passing is enabled at the outset of a terminal session.
Certain commands, in particular @command{nroff} and @command{pr},
disable messages in order to prevent messy output.
-
+�
@node telnet invocation
@chapter @command{telnet}: User interface to TELNET
address@hidden telnet
address@hidden telnet
Login to a remote system HOST, optionally using a (non-standard)
service port PORT.
@@ -2966,10 +2864,108 @@ Use this option multiple times if more than one type
is to be disabled. Standard choices are @samp{null},
@samp{kerberos_v4}, and @samp{kerberos_v5}.
@end table
+�
address@hidden tftp invocation
address@hidden @command{tftp}: TFTP client
address@hidden tftp
+
address@hidden is the user interface to the Internet TFTP, Trivial
+File Transfer Protocol, which allows users to transfer files to and
+from a remote machine. The remote host may be specified on the
+command line, in which case @command{tftp} uses host as the default
+host for future transfers.
+
address@hidden
+Synopsis:
+
address@hidden
+tftp address@hidden@dots{} @var{host}
address@hidden example
+
address@hidden Commands
+
+Once @command{tftp} is running, it issues the prompt and recognizes
+the following commands:
+
address@hidden @code
address@hidden ? @var{command-name}
+Print help information.
+
address@hidden ascii
+Shorthand for @code{mode ascii}
+
address@hidden binary
+Shorthand for @code{mode binary}
+
address@hidden connect @var{host-name} address@hidden
+Set the host (and optionally port) for transfers. Note that the TFTP
+protocol, unlike the FTP protocol, does not maintain connections
+between transfers; thus, the connect command does not actually create
+a connection, but merely remembers what host is to be used for
+transfers. You do not have to use the connect command; the remote
+host can be specified as part of the get or put commands.
address@hidden get @var{file-name}
address@hidden get @var{remotename} @var{localname}
address@hidden get @address@hidden
+Get a file, or a set of files, from the specified sources. The source can
+be in one of two forms: a file name on the remote host, if the host has
+already been specified, or a string of the form @samp{host:filename}
+to specify both a host and file name at the same time. If the latter
+form is used, the last hostname specified becomes the default for
+future transfers. When specifying a numeric IPv6 address as host
+part, then this address must be enclosed between square brackets,
+since it contains colons and would interfere with the delimiter
+before the file name. Brackets are optional for IPv4 addresses.
+
address@hidden
+tftp> get [2001:1234::12]:issue
address@hidden example
+
address@hidden mode @var{transfer-mode}
+Set the mode for transfers; @var{transfer-mode} may be one of
address@hidden or @samp{binary}. The default is @samp{ascii}.
+
address@hidden put @var{file}
address@hidden put @var{localfile} @var{remotefile}
address@hidden put @address@hidden @var{remote-directory}
+Put a file or set of files to the specified remote file or directory.
+The destination can be in one of two forms: a filename on the remote
+host, if the host has already been specified, or a string of the form
address@hidden:filename} to specify both a host and filename at the same
+time. If the latter form is used, the hostname specified becomes the
+default for future transfers. If the @file{remote-directory} form is
+used, the remote host is assumed to be a UNIX machine. The same use
+of square brackets for enclosing numeric IPv6 addresses applies here,
+as was mentioned for the command @command{get}.
+
address@hidden quit
+Exit @command{tftp}. An end of file also exits.
+
address@hidden rexmt @var{retransmission-timeout}
+Set the per-packet retransmission timeout, in seconds.
+
address@hidden status
+Show current status.
+
address@hidden timeout @var{total-transmission-timeout}
+Set the total transmission timeout, in seconds.
+
address@hidden trace
+Toggle packet tracing.
+
address@hidden verbose
+Toggle verbose mode.
address@hidden table
+
+Because there is no user-login or validation within the @command{tftp}
+protocol, the remote site will probably have some sort of file-access
+restrictions in place. The exact methods are specific to each site
+and therefore difficult to document here.
+�
@node inetd invocation
@chapter @command{inetd}: Internet super-server
address@hidden inetd
address@hidden inetd
@command{inetd} program should be run at boot time by /etc/rc. It
then listens for connections on certain internet sockets. When a
@@ -3317,10 +3313,10 @@ occurs when the service is invoked.
@itemx service: can't set gid number
The user or group ID for the entry's user is invalid.
@end table
-
+�
@node syslogd invocation
@chapter @command{syslogd}: system service logging faclity
address@hidden syslogd
address@hidden syslogd
@command{syslogd} is a system service that provides error logging
facility. Messages are read from the UNIX domain socket
@@ -3636,10 +3632,10 @@ The effects of multiple selectors are sometimes not
intuitive. For
example @samp{mail.crit,*.err} will select the @samp{mail} facility
messages at the level of @samp{err} or higher, not at the level of
@samp{crit} or higher.
-
+�
@node ftpd invocation
@chapter @command{ftpd}: FTP daemon
address@hidden ftpd
address@hidden ftpd
@command{ftpd} is the Internet File Transfer Protocol server process.
The server uses the TCP protocol and listens at the port specified in
@@ -3972,391 +3968,124 @@ that a single @samp{@@} on a line by itself in
@file{/etc/ftpchroot}, will enforce chrooting
upon every user allowed to access the FTP service.
This gives a Draconian, protective configuration.
+�
address@hidden rexecd invocation
address@hidden @command{rexecd}: server for @code{rexec}
address@hidden rexecd
address@hidden tftpd invocation
address@hidden @command{tftpd}: TFTP server
address@hidden tftpd
-
address@hidden is intended to be invoked via @command{inetd}
-at all times.
-
address@hidden
-Synopsis:
-
address@hidden
-tftpd address@hidden address@hidden @dots{}]
address@hidden example
-
address@hidden @option
address@hidden -g @var{group}
address@hidden address@hidden
address@hidden -g
address@hidden --group
-Specify group membership of the process owner.
-This is used only along with the option @option{-s},
-and replaces the group membership that comes from
-the process owner himself.
-
address@hidden -l
address@hidden --logging
address@hidden -l
address@hidden --logging
-Enable logging.
-
address@hidden -n
address@hidden --nonexistent
address@hidden -n
address@hidden --nonexistent
-Supress negative acknowledgement of requests for nonexistent relative
-filenames.
-
address@hidden -s @var{dir}
address@hidden address@hidden
address@hidden -s
address@hidden --secure-dir
-Let the serving process change its root directory to @var{dir}
-before attending to any requests.
-This directory is not observable by any client, but improves
-server isolation, since servable contents must be located
-below this chrooted directory @var{dir}.
-
address@hidden -u @var{user}
address@hidden address@hidden
address@hidden -u
address@hidden --user
-Specify the process owner for serving requests.
-Only relevant along with the option @option{-s}.
-The default name is @samp{nobody}.
address@hidden table
-
address@hidden Directory prefixes
address@hidden validation}
-
-In addition to options, an invocation of @command{tftpd} can
-specify an optional list of directory prefixes.
-These are approved of according to two principles:
-
address@hidden @bullet
address@hidden
-Relative pathnames are ignored.
-
address@hidden
-At most twenty prefixes are approved, the rest is discarded.
address@hidden itemize
-
address@hidden
-A request for a file is decided upon as a consequence
-of evaluating these criteria:
-
address@hidden @bullet
address@hidden
-Every file request containing the substring @samp{/../} is denied,
-as is a file name beginning with @samp{../}.
-
address@hidden
-Write requests must specify absolute locations.
-
address@hidden
-A file request, if specified as an @emph{absolute} pathname,
-must begin with one of the approved directory prefixes,
-should at least one such prefix have been accepted.
-
address@hidden
-In the absence of a prefix collection, any absolute pathname is
-accepted, should the corresponding file exist.
-
address@hidden
-A file request, if specified as a @emph{relative} name,
-will only be searched for below the acceptable prefixes,
-should at least one such prefix have been approved.
-
address@hidden
-A request for a relatively named file, is denied in the absence
-of approved directory prefixes.
-
address@hidden
-The resulting file must be world readable, or world writable,
-for a read request, or a write request, to succeed.
address@hidden itemize
-
address@hidden Use cases
address@hidden setup cases}
-
-The standard use case is an entry in @file{/etc/inetd.conf} like
-
address@hidden
-tftp dgram udp4 wait root /usr/sbin/tftpd \
address@hidden } tftpd /tftpboot /altboot
address@hidden example
-
address@hidden
-This would allow the TFTP client to use any of
-
address@hidden
-get kernel
-get /tftpboot/kernel
-get kernel.alt
-get /altboot/kernel.alt
-get /etc/motd
address@hidden example
-
address@hidden
-given that @file{/tftpboot/kernel} and @file{/altboot/kernel.alt} exist.
-Observe that also @file{/etc/motd} is accessible, inspite there being
-no explicit mention of standard file locations.
-
-A stronger mode of running a TFTP server is to use the `secure mode',
-meaning that the serving process is running in a chrooted mode.
-Then a suitable configuration could be
address@hidden is the server for the @code{rexec} routine. The
+server provides remote execution facilities with authentication based
+on user names and passwords. It passes error messages and notices
+to the @code{syslog} facility @samp{LOG_DAEMON}.
@example
-tftp dgram udp4 wait root /usr/sbin/tftpd \
address@hidden } tftpd --secure-dir=/srv/tftp-root /tftpboot /altboot
+rexecd address@hidden@dots{}
@end example
address@hidden
-Supposing the files @file{kernel} and @file{kernel.alt} to exist
-in the common directory @file{/srv/tftp-root/altboot/},
-all the previously suggested client requests for a kernel would
-still be granted, but now any request for @file{/etc/motd}
-would be declined, and would get a reply `File not found' back.
-
-The chrooted setting is denying access outside of
address@hidden/srv/tftp-root}, yet is not indicating this lock-in
-to the client, and is thus improving server isolation.
-Since neither of @option{-u} and @option{-g} were specified,
-the configuration reproduced above will in fact have the
-transmitting server process running with the default
-owner set to @samp{nobody:nogroup}.
-
address@hidden rshd invocation
address@hidden @command{rshd}: Remote shell server
address@hidden rshd
-
-The @command{rshd} server is the server for the @code{rcmd} routine
-and, consequently, for the @command{rsh} (@pxref{rsh invocation})
-program. The server provides remote execution facilities with
-authentication based on privileged port numbers from trusted hosts.
-The @command{rshd} server listens for service requests at the port
-indicated in the @samp{cmd} service specification. When a service
-request is received the following protocol is initiated:
address@hidden listens for service requests at the port indicated in
+the @samp{exec} service specification. When a service request is
+received the following protocol is initiated:
@enumerate
@item
-The server checks the client's source port. If the port is not in the
-range 512--1023, the server aborts the connection. However, this
-condition is not applied for Kerberized service.
-
address@hidden
The server reads characters from the socket up to a NUL (@samp{\0})
byte. The resultant string is interpreted as an ASCII number, base
10.
@item
-If the number received in step 2 is non-zero, it is interpreted as the
+If the number received in step 1 is non-zero, it is interpreted as the
port number of a secondary stream to be used for the stderr. A second
connection is then created to the specified port on the client's
-machine. The source port of this second connection is also in the
-range 512--1023.
-
address@hidden
-The server checks the client's source address and requests the
-corresponding host name. If the hostname cannot be determined, the
-dot-notation representation of the host address is used. If the
-hostname is in the same domain as the server (according to the last
-two components of the domain name), or if the @option{-a} option is
-given, the addresses for the hostname are requested, verifying that
-the name and address correspond. If address verification fails, the
-connection is aborted with the message, @samp{Host address mismatch.}
-
address@hidden
-A null terminated user name of at most 16 characters is retrieved on
-the initial socket. This user name is interpreted as the user
-identity on the client's machine.
-
address@hidden
-A null terminated user name of at most 16 characters is retrieved on
-the initial socket. This user name is interpreted as a user identity
-to use on the server's machine.
-
address@hidden
-A null terminated command to be passed to a shell is retrieved on the
-initial socket. The length of the command is limited by the upper
-bound on the size of the system's argument list.
-
address@hidden
-Rshd then validates the user using @code{ruserok}, which uses the file
address@hidden/etc/hosts.equiv} and the @file{.rhosts} file found in the
-user's home directory. The @option{-l} option prevents @code{ruserok}
-from doing any validation based on the user's @file{.rhosts} file,
-unless the user is the superuser.
-
address@hidden
-If the file @file{/etc/nologin} exists and the user is not the
-superuser, the connection is closed.
-
address@hidden
-A null byte is returned on the initial socket and the command line is
-passed to the normal login shell of the user. The shell inherits the
-network connections established by @command{rshd}.
+machine.
@item
-Transport-level keepalive messages are enabled unless the @option{-n}
-option is present. The use of keepalive messages allows sessions to
-be timed out if the client crashes or becomes unreachable.
+A NUL terminated user name of at most 16 characters is retrieved on
+the initial socket.
@item
-The @option{-L} option causes all successful accesses to be logged to
address@hidden (@pxref{syslogd invocation}) as @samp{auth.info}
-messages.
address@hidden enumerate
-
address@hidden, , ruserok, libc, The GNU C Library Reference Manual},
-for details.
-
address@hidden Invoking
-
-The options are as follows:
-
address@hidden @option
address@hidden -a
address@hidden --verify-hostname
address@hidden -a
address@hidden --verify-hostname
-Ask hostname for verification.
-
address@hidden @item -d
address@hidden @itemx --daemon
address@hidden @opindex -d
address@hidden @opindex --daemon
address@hidden Daemon mode.
-
address@hidden -k
address@hidden --kerberos
address@hidden -k
address@hidden --kerberos
-Use Kerberos authentication.
-
address@hidden -l
address@hidden --no-rhosts
address@hidden -l
address@hidden --no-rhosts
-Ignore @file{.rhosts} file.
-
address@hidden -L
address@hidden --log-sessions
address@hidden -L
address@hidden --log-sessions
-Log successful logins.
-
address@hidden -n
address@hidden --no-keepalive
address@hidden -n
address@hidden --no-keepalive
-Do not set SO_KEEPALIVE.
+A NUL terminated, unencrypted password of at most 16 characters is
+retrieved on the initial socket.
address@hidden -S @var{name}
address@hidden address@hidden
address@hidden -S
address@hidden --servername
-Set Kerberos server name, overriding canonical hostname.
address@hidden
+A NUL terminated command to be passed to a shell is retrieved on the
+initial socket. The length of the command is limited by the upper
+bound on the size of the system's argument list.
address@hidden -v
address@hidden --vacuous
address@hidden -v
address@hidden --vacuous
-Fail any call asking for non-Kerberos authentication.
address@hidden
address@hidden then validates the user as is done at login time and,
+if the authentication was successful, changes to the user's home
+directory, and establishes the user and group protections of the user.
+If any of these steps fail the connection is aborted with a diagnostic
+message returned.
address@hidden OBSOLETE?
address@hidden @item -x
address@hidden @itemx --encrypt
address@hidden @opindex -x
address@hidden @opindex --encrypt
address@hidden Turns on DES encryption for all data passed via the
@command{rshd}
address@hidden session. This may impact response time and CPU utilization, but
address@hidden provides increased security.
address@hidden
+A NUL byte is returned on the initial socket and the command line is
+passed to the normal login shell of the user. The shell inherits the
+network connections established by rexecd.
address@hidden enumerate
address@hidden @item address@hidden
address@hidden @itemx address@hidden
address@hidden @opindex -D
address@hidden @opindex -debug
address@hidden Set debug level, not implemented.
address@hidden Invoking
address@hidden @item -o
address@hidden @itemx --allow-root
address@hidden @opindex -o
address@hidden @opindex --allow-root
address@hidden Allow uid == 0 to login, disabled by default
+The only option is as follows:
address@hidden @item -p @var{port}
address@hidden @itemx address@hidden
address@hidden @opindex -p
address@hidden @opindex --port
address@hidden Listen on given port (valid only in daemon mode).
address@hidden @option
address@hidden -l
address@hidden --logging
address@hidden -l
address@hidden --logging
+Raise logging level for this service; use more than once for
+increased verbosity. The @code{syslog} facility in use is
address@hidden
address@hidden -r
address@hidden --reverse-required
address@hidden -r
address@hidden --reverse-required
-Demand that the client's IP address be resolvable
-as a host name.
@end table
-Should @command{rshd} have been built with PAM support,
-it reads any setting specified for a service named either
address@hidden or @samp{krsh}, the latter name for clients
-seeking Kerberised authentication.
+Should @command{rexecd} have been built with PAM support,
+it reads any setting specified for a service named @samp{rexec}.
@section Diagnostics
Except for the last one listed below, all diagnostic messages are
returned on the initial socket, after which any network connections
are closed. An error is indicated by a leading byte with a value of 1
-(0 is returned in step 10 above upon successful completion of all the
-steps prior to the execution of the login shell).
+(0 is returned in step 7 above upon successful completion of all the
+steps prior to the command execution).
@table @samp
address@hidden Locuser too long
-The name of the user on the client's machine is longer than 16
-characters.
address@hidden username too long
+The name is longer than 16 characters.
address@hidden Ruser too long
-The name of the user on the remote machine is longer than 16
-characters.
address@hidden password too long
+The password is longer than 16 characters.
address@hidden Command too long
address@hidden command too long
The command line passed exceeds the size of the argument list (as
configured into the system).
address@hidden Login incorrect
address@hidden Login incorrect.
No password file entry for the user name existed.
address@hidden Remote directory
-The chdir command to the home directory failed.
-
address@hidden Permission denied
-The authentication procedure described above failed,
-or address resolution was insufficient.
address@hidden Password incorrect.
+The wrong password was supplied.
address@hidden Can't make pipe.
-The pipe needed for the stderr, wasn't created.
address@hidden No remote directory.
+The chdir command to the home directory failed.
address@hidden Can't fork; try again.
address@hidden Try again.
A fork by the server failed.
@item <shellname>: @dots{}
The user's login shell could not be started. This message is returned
-on the connection associated with the stderr, and is not preceded by a
-flag byte.
+on the connection associated with the stderr, and is not ...
address@hidden FIXME: Fill this out.
@end table
-The authentication procedure used here assumes the integrity of each
-client machine and the connecting medium. This is insecure, but is
-useful in an ``open'' environment.
-
address@hidden, that indicating @samp{Login incorrect} as opposed to
address@hidden incorrect} is a security breach which allows people to
+probe a system for users with null passwords.
+�
@node rlogind invocation
@chapter @command{rlogind}: Remote login server
address@hidden rlogind
address@hidden rlogind
@command{rlogind} is the server for the @command{rlogin} client program
(@pxref{rlogin invocation}). The server provides a remote login
@@ -4582,125 +4311,235 @@ to pass the checks induced by options @option{-a} or
@option{-r}.
@item Try again.
A fork by the server failed.
@end table
+�
address@hidden rshd invocation
address@hidden @command{rshd}: Remote shell server
address@hidden rshd
address@hidden rexecd invocation
address@hidden @command{rexecd}: server for @code{rexec}
address@hidden rexecd
-
address@hidden is the server for the @code{rexec} routine. The
-server provides remote execution facilities with authentication based
-on user names and passwords. It passes error messages and notices
-to the @code{syslog} facility @samp{LOG_DAEMON}.
-
address@hidden
-rexecd address@hidden@dots{}
address@hidden example
-
address@hidden listens for service requests at the port indicated in
-the @samp{exec} service specification. When a service request is
-received the following protocol is initiated:
+The @command{rshd} server is the server for the @code{rcmd} routine
+and, consequently, for the @command{rsh} (@pxref{rsh invocation})
+program. The server provides remote execution facilities with
+authentication based on privileged port numbers from trusted hosts.
+The @command{rshd} server listens for service requests at the port
+indicated in the @samp{cmd} service specification. When a service
+request is received the following protocol is initiated:
@enumerate
@item
+The server checks the client's source port. If the port is not in the
+range 512--1023, the server aborts the connection. However, this
+condition is not applied for Kerberized service.
+
address@hidden
The server reads characters from the socket up to a NUL (@samp{\0})
byte. The resultant string is interpreted as an ASCII number, base
10.
@item
-If the number received in step 1 is non-zero, it is interpreted as the
+If the number received in step 2 is non-zero, it is interpreted as the
port number of a secondary stream to be used for the stderr. A second
connection is then created to the specified port on the client's
-machine.
+machine. The source port of this second connection is also in the
+range 512--1023.
@item
-A NUL terminated user name of at most 16 characters is retrieved on
-the initial socket.
+The server checks the client's source address and requests the
+corresponding host name. If the hostname cannot be determined, the
+dot-notation representation of the host address is used. If the
+hostname is in the same domain as the server (according to the last
+two components of the domain name), or if the @option{-a} option is
+given, the addresses for the hostname are requested, verifying that
+the name and address correspond. If address verification fails, the
+connection is aborted with the message, @samp{Host address mismatch.}
@item
-A NUL terminated, unencrypted password of at most 16 characters is
-retrieved on the initial socket.
+A null terminated user name of at most 16 characters is retrieved on
+the initial socket. This user name is interpreted as the user
+identity on the client's machine.
@item
-A NUL terminated command to be passed to a shell is retrieved on the
+A null terminated user name of at most 16 characters is retrieved on
+the initial socket. This user name is interpreted as a user identity
+to use on the server's machine.
+
address@hidden
+A null terminated command to be passed to a shell is retrieved on the
initial socket. The length of the command is limited by the upper
bound on the size of the system's argument list.
@item
address@hidden then validates the user as is done at login time and,
-if the authentication was successful, changes to the user's home
-directory, and establishes the user and group protections of the user.
-If any of these steps fail the connection is aborted with a diagnostic
-message returned.
+Rshd then validates the user using @code{ruserok}, which uses the file
address@hidden/etc/hosts.equiv} and the @file{.rhosts} file found in the
+user's home directory. The @option{-l} option prevents @code{ruserok}
+from doing any validation based on the user's @file{.rhosts} file,
+unless the user is the superuser.
+
address@hidden
+If the file @file{/etc/nologin} exists and the user is not the
+superuser, the connection is closed.
+
address@hidden
+A null byte is returned on the initial socket and the command line is
+passed to the normal login shell of the user. The shell inherits the
+network connections established by @command{rshd}.
+
address@hidden
+Transport-level keepalive messages are enabled unless the @option{-n}
+option is present. The use of keepalive messages allows sessions to
+be timed out if the client crashes or becomes unreachable.
+
address@hidden
+The @option{-L} option causes all successful accesses to be logged to
address@hidden (@pxref{syslogd invocation}) as @samp{auth.info}
+messages.
address@hidden enumerate
+
address@hidden, , ruserok, libc, The GNU C Library Reference Manual},
+for details.
+
address@hidden Invoking
+
+The options are as follows:
+
address@hidden @option
address@hidden -a
address@hidden --verify-hostname
address@hidden -a
address@hidden --verify-hostname
+Ask hostname for verification.
+
address@hidden @item -d
address@hidden @itemx --daemon
address@hidden @opindex -d
address@hidden @opindex --daemon
address@hidden Daemon mode.
+
address@hidden -k
address@hidden --kerberos
address@hidden -k
address@hidden --kerberos
+Use Kerberos authentication.
+
address@hidden -l
address@hidden --no-rhosts
address@hidden -l
address@hidden --no-rhosts
+Ignore @file{.rhosts} file.
+
address@hidden -L
address@hidden --log-sessions
address@hidden -L
address@hidden --log-sessions
+Log successful logins.
+
address@hidden -n
address@hidden --no-keepalive
address@hidden -n
address@hidden --no-keepalive
+Do not set SO_KEEPALIVE.
+
address@hidden -S @var{name}
address@hidden address@hidden
address@hidden -S
address@hidden --servername
+Set Kerberos server name, overriding canonical hostname.
+
address@hidden -v
address@hidden --vacuous
address@hidden -v
address@hidden --vacuous
+Fail any call asking for non-Kerberos authentication.
address@hidden
-A NUL byte is returned on the initial socket and the command line is
-passed to the normal login shell of the user. The shell inherits the
-network connections established by rexecd.
address@hidden enumerate
address@hidden OBSOLETE?
address@hidden @item -x
address@hidden @itemx --encrypt
address@hidden @opindex -x
address@hidden @opindex --encrypt
address@hidden Turns on DES encryption for all data passed via the
@command{rshd}
address@hidden session. This may impact response time and CPU utilization, but
address@hidden provides increased security.
address@hidden Invoking
address@hidden @item address@hidden
address@hidden @itemx address@hidden
address@hidden @opindex -D
address@hidden @opindex -debug
address@hidden Set debug level, not implemented.
-The only option is as follows:
address@hidden @item -o
address@hidden @itemx --allow-root
address@hidden @opindex -o
address@hidden @opindex --allow-root
address@hidden Allow uid == 0 to login, disabled by default
address@hidden @option
address@hidden -l
address@hidden --logging
address@hidden -l
address@hidden --logging
-Raise logging level for this service; use more than once for
-increased verbosity. The @code{syslog} facility in use is
address@hidden
address@hidden @item -p @var{port}
address@hidden @itemx address@hidden
address@hidden @opindex -p
address@hidden @opindex --port
address@hidden Listen on given port (valid only in daemon mode).
address@hidden -r
address@hidden --reverse-required
address@hidden -r
address@hidden --reverse-required
+Demand that the client's IP address be resolvable
+as a host name.
@end table
-Should @command{rexecd} have been built with PAM support,
-it reads any setting specified for a service named @samp{rexec}.
+Should @command{rshd} have been built with PAM support,
+it reads any setting specified for a service named either
address@hidden or @samp{krsh}, the latter name for clients
+seeking Kerberised authentication.
@section Diagnostics
Except for the last one listed below, all diagnostic messages are
returned on the initial socket, after which any network connections
are closed. An error is indicated by a leading byte with a value of 1
-(0 is returned in step 7 above upon successful completion of all the
-steps prior to the command execution).
+(0 is returned in step 10 above upon successful completion of all the
+steps prior to the execution of the login shell).
@table @samp
address@hidden username too long
-The name is longer than 16 characters.
address@hidden Locuser too long
+The name of the user on the client's machine is longer than 16
+characters.
address@hidden password too long
-The password is longer than 16 characters.
address@hidden Ruser too long
+The name of the user on the remote machine is longer than 16
+characters.
address@hidden command too long
address@hidden Command too long
The command line passed exceeds the size of the argument list (as
configured into the system).
address@hidden Login incorrect.
address@hidden Login incorrect
No password file entry for the user name existed.
address@hidden Password incorrect.
-The wrong password was supplied.
-
address@hidden No remote directory.
address@hidden Remote directory
The chdir command to the home directory failed.
address@hidden Try again.
address@hidden Permission denied
+The authentication procedure described above failed,
+or address resolution was insufficient.
+
address@hidden Can't make pipe.
+The pipe needed for the stderr, wasn't created.
+
address@hidden Can't fork; try again.
A fork by the server failed.
@item <shellname>: @dots{}
The user's login shell could not be started. This message is returned
-on the connection associated with the stderr, and is not ...
address@hidden FIXME: Fill this out.
+on the connection associated with the stderr, and is not preceded by a
+flag byte.
@end table
address@hidden, that indicating @samp{Login incorrect} as opposed to
address@hidden incorrect} is a security breach which allows people to
-probe a system for users with null passwords.
-
-
+The authentication procedure used here assumes the integrity of each
+client machine and the connecting medium. This is insecure, but is
+useful in an ``open'' environment.
+�
@node talkd invocation
@chapter @command{talkd}: a server for communication between users
address@hidden talkd
address@hidden talkd
@command{talkd} is a server that notifies users that someone else
wants to initiate a conversation. It acts as a repository of
@@ -4886,11 +4725,10 @@ The administrator must explicitly arrange some
admitting rule,
with an action @samp{allow}, and some suitable net list.
Still, the individual user can arrange his private file
for an even narrower selection of friends.
-
-
+�
@node telnetd invocation
@chapter @command{telnetd}: Telnet server
address@hidden telnetd
address@hidden telnetd
@example
telnetd address@hidden@dots{}
@@ -5085,10 +4923,166 @@ In all other cases the result would be
@noindent
where @code{$USER} is the value of the corresponding environment
variable and could possibly be empty.
+�
address@hidden tftpd invocation
address@hidden @command{tftpd}: TFTP server
address@hidden tftpd
+
address@hidden is intended to be invoked via @command{inetd}
+at all times.
+
address@hidden
+Synopsis:
+
address@hidden
+tftpd address@hidden address@hidden @dots{}]
address@hidden example
+
address@hidden @option
address@hidden -g @var{group}
address@hidden address@hidden
address@hidden -g
address@hidden --group
+Specify group membership of the process owner.
+This is used only along with the option @option{-s},
+and replaces the group membership that comes from
+the process owner himself.
+
address@hidden -l
address@hidden --logging
address@hidden -l
address@hidden --logging
+Enable logging.
+
address@hidden -n
address@hidden --nonexistent
address@hidden -n
address@hidden --nonexistent
+Supress negative acknowledgement of requests for nonexistent relative
+filenames.
+
address@hidden -s @var{dir}
address@hidden address@hidden
address@hidden -s
address@hidden --secure-dir
+Let the serving process change its root directory to @var{dir}
+before attending to any requests.
+This directory is not observable by any client, but improves
+server isolation, since servable contents must be located
+below this chrooted directory @var{dir}.
+
address@hidden -u @var{user}
address@hidden address@hidden
address@hidden -u
address@hidden --user
+Specify the process owner for serving requests.
+Only relevant along with the option @option{-s}.
+The default name is @samp{nobody}.
address@hidden table
+
address@hidden Directory prefixes
address@hidden validation}
+
+In addition to options, an invocation of @command{tftpd} can
+specify an optional list of directory prefixes.
+These are approved of according to two principles:
+
address@hidden @bullet
address@hidden
+Relative pathnames are ignored.
+
address@hidden
+At most twenty prefixes are approved, the rest is discarded.
address@hidden itemize
+
address@hidden
+A request for a file is decided upon as a consequence
+of evaluating these criteria:
+
address@hidden @bullet
address@hidden
+Every file request containing the substring @samp{/../} is denied,
+as is a file name beginning with @samp{../}.
+
address@hidden
+Write requests must specify absolute locations.
+
address@hidden
+A file request, if specified as an @emph{absolute} pathname,
+must begin with one of the approved directory prefixes,
+should at least one such prefix have been accepted.
+
address@hidden
+In the absence of a prefix collection, any absolute pathname is
+accepted, should the corresponding file exist.
address@hidden
+A file request, if specified as a @emph{relative} name,
+will only be searched for below the acceptable prefixes,
+should at least one such prefix have been approved.
+
address@hidden
+A request for a relatively named file, is denied in the absence
+of approved directory prefixes.
+
address@hidden
+The resulting file must be world readable, or world writable,
+for a read request, or a write request, to succeed.
address@hidden itemize
+
address@hidden Use cases
address@hidden setup cases}
+
+The standard use case is an entry in @file{/etc/inetd.conf} like
+
address@hidden
+tftp dgram udp4 wait root /usr/sbin/tftpd \
address@hidden } tftpd /tftpboot /altboot
address@hidden example
+
address@hidden
+This would allow the TFTP client to use any of
+
address@hidden
+get kernel
+get /tftpboot/kernel
+get kernel.alt
+get /altboot/kernel.alt
+get /etc/motd
address@hidden example
+
address@hidden
+given that @file{/tftpboot/kernel} and @file{/altboot/kernel.alt} exist.
+Observe that also @file{/etc/motd} is accessible, inspite there being
+no explicit mention of standard file locations.
+
+A stronger mode of running a TFTP server is to use the `secure mode',
+meaning that the serving process is running in a chrooted mode.
+Then a suitable configuration could be
+
address@hidden
+tftp dgram udp4 wait root /usr/sbin/tftpd \
address@hidden } tftpd --secure-dir=/srv/tftp-root /tftpboot /altboot
address@hidden example
+
address@hidden
+Supposing the files @file{kernel} and @file{kernel.alt} to exist
+in the common directory @file{/srv/tftp-root/altboot/},
+all the previously suggested client requests for a kernel would
+still be granted, but now any request for @file{/etc/motd}
+would be declined, and would get a reply `File not found' back.
+
+The chrooted setting is denying access outside of
address@hidden/srv/tftp-root}, yet is not indicating this lock-in
+to the client, and is thus improving server isolation.
+Since neither of @option{-u} and @option{-g} were specified,
+the configuration reproduced above will in fact have the
+transmitting server process running with the default
+owner set to @samp{nobody:nogroup}.
+�
@node uucpd invocation
@chapter @command{uucpd}: Unix to Unix Copy relay daemon.
address@hidden uucpd
address@hidden uucpd
@command{uucpd} is a relay daemon responsible for accepting
TCP transported connections for @command{uucico}. It is started
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 4 +
doc/inetutils.texi | 1546 ++++++++++++++++++++++++++--------------------------
2 files changed, 774 insertions(+), 776 deletions(-)
hooks/post-receive
--
GNU Inetutils
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_2-60-gae6b5b5,
Alfred M. Szmidt <=