129 lines
2.9 KiB
Groff
129 lines
2.9 KiB
Groff
.\" $NetBSD: rpcbind.8,v 1.11 2009/03/11 14:00:11 joerg Exp $
|
|
.\" @(#)rpcbind.1m 1.19 92/09/14 SMI; from SVr4
|
|
.\" Copyright 1989 AT&T
|
|
.\" Copyright 1991 Sun Microsystems, Inc.
|
|
.Dd October 19, 2008
|
|
.Dt RPCBIND 8
|
|
.Os
|
|
.Sh NAME
|
|
.Nm rpcbind
|
|
.Nd universal addresses to RPC program number mapper
|
|
.Sh SYNOPSIS
|
|
.Nm
|
|
.Op Fl dilLs
|
|
.Sh DESCRIPTION
|
|
.Nm
|
|
is a server that converts
|
|
.Tn RPC
|
|
program numbers into
|
|
universal addresses.
|
|
It must be running on the host to be able to make
|
|
.Tn RPC
|
|
calls
|
|
on a server on that machine.
|
|
.Pp
|
|
When an
|
|
.Tn RPC
|
|
service is started,
|
|
it tells
|
|
.Nm
|
|
the address at which it is listening,
|
|
and the
|
|
.Tn RPC
|
|
program numbers it is prepared to serve.
|
|
When a client wishes to make an
|
|
.Tn RPC
|
|
call to a given program number,
|
|
it first contacts
|
|
.Nm
|
|
on the server machine to determine
|
|
the address where
|
|
.Tn RPC
|
|
requests should be sent.
|
|
.Pp
|
|
.Nm
|
|
should be started before any other RPC service.
|
|
Normally, standard
|
|
.Tn RPC
|
|
servers are started by port monitors, so
|
|
.Nm
|
|
must be started before port monitors are invoked.
|
|
.Pp
|
|
When
|
|
.Nm
|
|
is started, it checks that certain name-to-address
|
|
translation-calls function correctly.
|
|
If they fail, the network configuration databases may be corrupt.
|
|
Since
|
|
.Tn RPC
|
|
services cannot function correctly in this situation,
|
|
.Nm
|
|
reports the condition and terminates.
|
|
.Pp
|
|
.Nm
|
|
can only be started by the super-user.
|
|
.Pp
|
|
Access control is provided by
|
|
.Pa /etc/hosts.allow
|
|
and
|
|
.Pa /etc/hosts.deny ,
|
|
as described in
|
|
.Xr hosts_access 5
|
|
with daemon name
|
|
.Nm .
|
|
.Sh OPTIONS
|
|
.Bl -tag -width Ds
|
|
.It Fl d
|
|
Run in debug mode.
|
|
In this mode,
|
|
.Nm
|
|
will not fork when it starts, will print additional information
|
|
during operation, and will abort on certain errors.
|
|
With this option, the name-to-address translation consistency
|
|
checks are shown in detail.
|
|
.It Fl i
|
|
.Dq insecure
|
|
mode.
|
|
Allows calls to SET and UNSET from any host.
|
|
Normally
|
|
.Nm
|
|
accepts these requests only from the loopback interface for security reasons.
|
|
This change is necessary for programs that were compiled with earlier
|
|
versions of the rpc library and do not make those requests using the
|
|
loopback interface.
|
|
.It Fl l
|
|
Turns on libwrap connection logging.
|
|
.It Fl s
|
|
Causes
|
|
.Nm
|
|
to change to the user daemon as soon as possible.
|
|
This causes
|
|
.Nm
|
|
to use non-privileged ports for outgoing connections, preventing non-privileged
|
|
clients from using
|
|
.Nm
|
|
to connect to services from a privileged port.
|
|
.It Fl L
|
|
Allow old-style local connections over the loopback interface.
|
|
Without this flag, local connections are only allowed over a local socket,
|
|
.Pa /var/run/rpcbind.sock
|
|
.El
|
|
.Sh NOTES
|
|
All RPC servers must be restarted if
|
|
.Nm
|
|
is restarted.
|
|
.Sh FILES
|
|
.Bl -tag -width "/var/run/rpcbind.sock" -compact
|
|
.It Pa /var/run/rpcbind.sock
|
|
.It Pa /etc/hosts.allow
|
|
explicit remote host access list.
|
|
.It Pa /etc/hosts.deny
|
|
explicit remote host denial of service list.
|
|
.El
|
|
.Sh SEE ALSO
|
|
.Xr rpcbind 3 ,
|
|
.Xr hosts_access 5 ,
|
|
.Xr hosts_options 5 ,
|
|
.Xr netconfig 5 ,
|
|
.Xr rpcinfo 8
|