illumos: manual page: rpcbind.8

RPCBIND(8) Maintenance Commands and Procedures RPCBIND(8)

NAME

rpcbind - universal addresses to RPC program number mapper

SYNOPSIS

rpcbind [-d] [-w] [-l listen_backlog]

DESCRIPTION

rpcbind is a server that converts RPC program numbers into universal
addresses. It must be running on the host to be able to make RPC calls on
a server on that machine.

When an RPC service is started, it tells rpcbind the address at which it
is listening, and the RPC program numbers it is prepared to serve. When a
client wishes to make an RPC call to a given program number, it first
contacts rpcbind on the server machine to determine the address where RPC
requests should be sent.

rpcbind should be started before any other RPC service. Normally,
standard RPC servers are started by port monitors, so rpcbind must be
started before port monitors are invoked.

When rpcbind is started, it checks that certain name-to-address
translation-calls function correctly. If they fail, the network
configuration databases can be corrupt. Since RPC services cannot
function correctly in this situation, rpcbind reports the condition and
terminates.

rpcbind maintains an open transport end for each transport that it uses
for indirect calls. This is the UDP port on most systems.

The rpcbind service is managed by the service management facility,
smf(7), under the service identifier:

svc:/network/rpc/bind

Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(8). rpcbind can only be
started by the superuser or someone in the Primary Administrator role.

The configuration properties of this service can be modified with
svccfg(8).

The following SMF property is used to allow or disallow access to rpcbind
by remote clients:

config/local_only = true

The default value, true, shown above, disallows remote access; a value of
false allows remove access. See EXAMPLES.

The FMRI svc:network/rpc/bind property group config contains the
following property settings:

enable_tcpwrappers
Specifies that the TCP wrappers facility is used to
control access to TCP services. The value true
enables checking. The default value for
enable_tcpwrappers is false. If the
enable_tcpwrappers parameter is enabled, then all
calls to rpcbind originating from non-local
addresses are automatically wrapped by the TCP
wrappers facility. The syslog facility code daemon
is used to log allowed connections (using the info
severity level) and denied traffic (using the
warning severity level). See syslog.conf(5) for a
description of syslog codes and severity levels.
The stability level of the TCP wrappers facility
and its configuration files is External. As the TCP
wrappers facility is not controlled by Sun,
intrarelease incompatibilities are not uncommon.
See attributes(7).

verbose_logging
Specifies whether the TCP wrappers facility logs
all calls or just the denied calls. The default is
false. This option has no effect if TCP wrappers
are not enabled.

allow_indirect
Specifies whether rpcbind allows indirect calls at
all. By default, rpcbind allows most indirect
calls, except to a number of standard services
(keyserv, automount, mount, nfs, rquota, and
selected NIS and rpcbind procedures). Setting
allow_indirect to false causes all indirect calls
to be dropped. The default is true. NIS broadcast
clients rely on this functionality on NIS servers.

listen_backlog
Set connection queue length for rpcbind over a
connection-oriented transport. The default value is
64 entries. Modification of this property will take
effect only after the rpcbind restart.

max_threads
Maximum number of worker threads spawn by rpcbind.
The default value is 72. The indirect RPC calls
facility might cause a worker thread to block for
some time waiting for a response from the
indirectly called RPC service. To maintain basic
rpcbind functionality, up to eight worker threads
are always reserved, and will never be used for
indirect RPC calls. Setting max_threads to less
than 9 effectively disables the indirect calls.

OPTIONS

The following options are supported:

-d
Run in debug mode. In this mode, rpcbind does not fork when it
starts. It prints additional information during operation, and
aborts on certain errors. With this option, the name-to-address
translation consistency checks are shown in detail.

-w
Do a warm start. If rpcbind aborts or terminates on SIGINT or
SIGTERM, it writes the current list of registered services to
/var/run/daemon/portmap.file and /var/run/daemon/rpcbind.file.
Starting rpcbind with the -w option instructs it to look for these
files and start operation with the registrations found in them.
This allows rpcbind to resume operation without requiring all RPC
services to be restarted.

-l listen_backlog
This can be used to override config/listen_backlog SMF property.

EXAMPLES

Example 1: Allowing Remote Access

The following sequence of commands allows remote access to rpcbind.

# svccfg -s svc:/network/rpc/bind setprop config/local_only = false
# svcadm refresh svc:/network/rpc/bind

FILES

/var/run/daemon/portmap.file
Stores the information for RPC services
registered over IP based transports for warm
start purposes.

/var/run/daemon/rpcbind.file
Stores the information for all registered RPC
services for warm start purposes.

ATTRIBUTES

NOTES

Terminating rpcbind with SIGKILL prevents the warm-start files from being
written.

All RPC servers are restarted if the following occurs: rpcbind crashes
(or is killed with SIGKILL) and is unable to write the warm-start files;
rpcbind is started without the -w option after a graceful termination.
Otherwise, the warm start files are not found by rpcbind.

February 21, 2023 RPCBIND(8)