RPCBIND(8) Maintenance Commands and Procedures RPCBIND(8)
NAME
rpcbind - universal addresses to RPC program number mapper
SYNOPSIS
rpcbind [
-d] [
-w] [
-l listen_backlog]
DESCRIPTION
rpcbind is a server that converts
RPC program numbers into universal
addresses. It must be running on the host to be able to make
RPC calls on
a server on that machine.
When an
RPC service is started, it tells
rpcbind the address at which it
is listening, and the
RPC program numbers it is prepared to serve. When a
client wishes to make an
RPC call to a given program number, it first
contacts
rpcbind on the server machine to determine the address where
RPC requests should be sent.
rpcbind should be started before any other
RPC service. Normally,
standard
RPC servers are started by port monitors, so
rpcbind must be
started before port monitors are invoked.
When
rpcbind is started, it checks that certain name-to-address
translation-calls function correctly. If they fail, the network
configuration databases can be corrupt. Since
RPC services cannot
function correctly in this situation,
rpcbind reports the condition and
terminates.
rpcbind maintains an open transport end for each transport that it uses
for indirect calls. This is the
UDP port on most systems.
The
rpcbind service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/rpc/bind
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using
svcadm(8).
rpcbind can only be
started by the superuser or someone in the Primary Administrator role.
The configuration properties of this service can be modified with
svccfg(8).
The following SMF property is used to allow or disallow access to
rpcbind by remote clients:
config/local_only = true
The default value,
true, shown above, disallows remote access; a value of
false allows remove access. See EXAMPLES.
The FMRI
svc:network/rpc/bind property group
config contains the
following property settings:
enable_tcpwrappers Specifies that the TCP wrappers facility is used to
control access to TCP services. The value
true enables checking. The default value for
enable_tcpwrappers is
false. If the
enable_tcpwrappers parameter is enabled, then all
calls to
rpcbind originating from non-local
addresses are automatically wrapped by the TCP
wrappers facility. The
syslog facility code daemon
is used to log allowed connections (using the
info severity level) and denied traffic (using the
warning severity level). See
syslog.conf(5) for a
description of
syslog codes and severity levels.
The stability level of the TCP wrappers facility
and its configuration files is External. As the TCP
wrappers facility is not controlled by Sun,
intrarelease incompatibilities are not uncommon.
See
attributes(7).
verbose_logging Specifies whether the TCP wrappers facility logs
all calls or just the denied calls. The default is
false. This option has no effect if TCP wrappers
are not enabled.
allow_indirect Specifies whether
rpcbind allows indirect calls at
all. By default,
rpcbind allows most indirect
calls, except to a number of standard services
(
keyserv,
automount,
mount,
nfs,
rquota, and
selected NIS and
rpcbind procedures). Setting
allow_indirect to
false causes all indirect calls
to be dropped. The default is
true. NIS broadcast
clients rely on this functionality on NIS servers.
listen_backlog Set connection queue length for
rpcbind over a
connection-oriented transport. The default value is
64 entries. Modification of this property will take
effect only after the
rpcbind restart.
max_threads Maximum number of worker threads spawn by
rpcbind.
The default value is 72. The indirect
RPC calls
facility might cause a worker thread to block for
some time waiting for a response from the
indirectly called
RPC service. To maintain basic
rpcbind functionality, up to eight worker threads
are always reserved, and will never be used for
indirect
RPC calls. Setting
max_threads to less
than 9 effectively disables the indirect calls.
OPTIONS
The following options are supported:
-d Run in debug mode. In this mode,
rpcbind does not fork when it
starts. It prints additional information during operation, and
aborts on certain errors. With this option, the name-to-address
translation consistency checks are shown in detail.
-w Do a warm start. If
rpcbind aborts or terminates on
SIGINT or
SIGTERM, it writes the current list of registered services to
/var/run/daemon/portmap.file and
/var/run/daemon/rpcbind.file.
Starting
rpcbind with the
-w option instructs it to look for these
files and start operation with the registrations found in them.
This allows
rpcbind to resume operation without requiring all
RPC services to be restarted.
-l listen_backlog This can be used to override
config/listen_backlog SMF property.
EXAMPLES
Example 1: Allowing Remote Access
The following sequence of commands allows remote access to
rpcbind.
#
svccfg -s svc:/network/rpc/bind setprop config/local_only = false #
svcadm refresh svc:/network/rpc/bindFILES
/var/run/daemon/portmap.file Stores the information for
RPC services
registered over IP based transports for warm
start purposes.
/var/run/daemon/rpcbind.file Stores the information for all registered
RPC services for warm start purposes.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | See below. |
+--------------------+-----------------+
TCP wrappers is External.
SEE ALSO
rpcbind(3NSL),
hosts_access(5),
syslog.conf(5),
attributes(7),
smf(7),
rpcinfo(8),
svcadm(8),
svccfg(8)NOTES
Terminating
rpcbind with
SIGKILL prevents the warm-start files from being
written.
All
RPC servers are restarted if the following occurs:
rpcbind crashes
(or is killed with
SIGKILL) and is unable to write the warm-start files;
rpcbind is started without the
-w option after a graceful termination.
Otherwise, the warm start files are not found by
rpcbind.
February 21, 2023
RPCBIND(8)