System Administration Commands rpcbind(1M)
NAME
rpcbind - universal addresses to RPC program number mapper
SYNOPSIS
rpcbind [-d] [-w]
DESCRIPTION
rpcbind is a server that converts RPC program numbers into
universal addresses. It must be running on the host to be
able to make RPC calls on a server on that machine.
When an RPC service is started, it tells rpcbind the address
at which it is listening, and the RPC program numbers it is
prepared to serve. When a client wishes to make an RPC call
to a given program number, it first contacts rpcbind on the
server machine to determine the address where RPC requests
should be sent.
rpcbind should be started before any other RPC service. Nor-
mally, standard RPC servers are started by port monitors, so
rpcbind must be started before port monitors are invoked.
When rpcbind is started, it checks that certain name-to-
address translation-calls function correctly. If they fail,
the network configuration databases can be corrupt. Since
RPC services cannot function correctly in this situation,
rpcbind reports the condition and terminates.
rpcbind maintains an open transport end for each transport
that it uses for indirect calls. This is the UDP port on
most systems.
The rpcbind service is managed by the service management
facility, smf(5), under the service identifier:
svc:/network/rpc/bind
Administrative actions on this service, such as enabling,
disabling, or requesting restart, can be performed using
svcadm(1M). rpcbind can only be started by the superuser or
someone in the Primary Administrator role.
SunOS 5.11 Last change: 1 Aug 2006 1
System Administration Commands rpcbind(1M)
The configuration properties of this service can be modified
with svccfg(1M).
The following SMF property is used to allow or disallow
access to rpcbind by remote clients:
config/localonly = true
The default value, true, shown above, disallows remote
access; a value of false allows remove access. See EXAMPLES.
The FMRI svc:network/rpc/bind property group config contains
the following property settings:
enabletcpwrappers Specifies that the TCP wrappers facil-
ity is used to control access to TCP
services. The value true enables
checking. The default value for
enabletcpwrappers is false. If the
enabletcpwrappers parameter is
enabled, then all calls to rpcbind
originating from non-local addresses
are automatically wrapped by the TCP
wrappers facility. The syslog facility
code daemon is used to log allowed
connections (using the info severity
level) and denied traffic (using the
warning severity level). See
syslog.conf(4) for a description of
syslog codes and severity levels. The
stability level of the TCP wrappers
facility and its configuration files
is External. As the TCP wrappers
facility is not controlled by Sun,
intrarelease incompatibilities are not
uncommon. See attributes(5).
verboselogging Specifies whether the TCP wrappers
facility logs all calls orjust the
denied calls. The default is false.
This option has no effect if TCP
wrappers are not enabled.
allowindirect Specifies whether rpcbind allows
indirect calls at all. By default,
rpcbind allows most indirect calls,
SunOS 5.11 Last change: 1 Aug 2006 2
System Administration Commands rpcbind(1M)
except to a number of standard
services(keyserv, automount, mount,
nfs, rquota, and selected NIS and
rpcbind procedures). Setting
allowindirect to false causes all
indirect calls to be dropped. The
default is true. NIS broadcast clients
rely on this functionality on NIS
servers.
OPTIONS
The following options are supported:
-d Run in debug mode. In this mode, rpcbind does not fork
when it starts. It prints additional information dur-
ing operation, and aborts on certain errors. With this
option, the name-to-address translation consistency
checks are shown in detail.
-w Do a warm start. If rpcbind aborts or terminates on
SIGINT or SIGTERM, it writes the current list of
registered services to /var/run/portmap.file and
/var/run/rpcbind.file. Starting rpcbind with the -w
option instructs it to look for these files and start
operation with the registrations found in them. This
allows rpcbind to resume operation without requiring
all RPC services to be restarted.
EXAMPLES
Example 1 Allowing Remote Access
The following sequence of commands allows remote access to
rpcbind.
# svccfg -s svc:/network/rpc/bind setprop config/localonly = false
# svcadm refresh svc:/network/rpc/bind
FILES
/var/run/portmap.file Stores the information for RPC ser-
vices registered over IP based
transports for warm start purposes.
/var/run/rpcbind.file Stores the information for all
registered RPC services for warm
SunOS 5.11 Last change: 1 Aug 2006 3
System Administration Commands rpcbind(1M)
start purposes.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWcsu
Interface Stability See below.
TCP wrappers is External.
SEE ALSO
smf(5), rpcinfo(1M), svcadm(1M), svccfg(1M), rpcbind(3NSL),
syslog.conf(4), attributes(5), smf(5)
For information on the TCP wrappers facility, see the
hostsaccess(4) man page, delivered as part of the Solaris
operating environment in /usr/sfw/man and available in the
SUNWtcpd package.
NOTES
Terminating rpcbind with SIGKIL prevents the warm-start
files from being written.
All RPC servers are restarted if the following occurs:
rpcbind crashes (or is killed with SIGKIL) and is unable to
to write the warm-start files; rpcbind is started without
the -w option after a graceful termination. Otherwise, the
warm start files are not found by rpcbind.
SunOS 5.11 Last change: 1 Aug 2006 4
|
