cr_canseejailproc(): New privilege, no direct check for UID 0

[FreeBSD/FreeBSD.git] / usr.sbin / inetd / inetd.conf

#
# Internet server configuration database
#
# Define *both* IPv4 and IPv6 entries for dual-stack support.
# To disable a service, comment it out by prefixing the line with '#'.
# To enable a service, remove the '#' at the beginning of the line.
#
#ftp    stream  tcp     nowait  root    /usr/libexec/ftpd       ftpd -l
#ftp    stream  tcp6    nowait  root    /usr/libexec/ftpd       ftpd -l
#ssh    stream  tcp     nowait  root    /usr/sbin/sshd          sshd -i -4
#ssh    stream  tcp6    nowait  root    /usr/sbin/sshd          sshd -i -6
#telnet stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
#telnet stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd
#shell  stream  tcp     nowait  root    /usr/local/sbin/rshd    rshd
#shell  stream  tcp6    nowait  root    /usr/local/sbin/rshd    rshd
#login  stream  tcp     nowait  root    /usr/local/sbin/rlogind rlogind
#login  stream  tcp6    nowait  root    /usr/local/sbin/rlogind rlogind
#finger stream  tcp     nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#finger stream  tcp6    nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
#
# run comsat as root to be able to print partial mailbox contents w/ biff,
# or use the safer tty:tty to just print that new mail has been received.
#comsat dgram   udp     wait    tty:tty /usr/libexec/comsat     comsat
#
# ntalk is required for the 'talk' utility to work correctly
#ntalk  dgram   udp     wait    tty:tty /usr/libexec/ntalkd     ntalkd
#tftp   dgram   udp     wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot
#tftp   dgram   udp6    wait    root    /usr/libexec/tftpd      tftpd -l -s /tftpboot
#bootps dgram   udp     wait    root    /usr/libexec/bootpd     bootpd
#
# "Small servers" -- used to be standard on, but we're more conservative
# about things due to Internet security concerns.  Only turn on what you
# need.
#
#daytime stream tcp     nowait  root    internal
#daytime stream tcp6    nowait  root    internal
#daytime dgram  udp     wait    root    internal
#daytime dgram  udp6    wait    root    internal
#time   stream  tcp     nowait  root    internal
#time   stream  tcp6    nowait  root    internal
#time    dgram  udp     wait    root    internal
#time    dgram  udp6    wait    root    internal
#echo   stream  tcp     nowait  root    internal
#echo   stream  tcp6    nowait  root    internal
#echo   dgram   udp     wait    root    internal
#echo   dgram   udp6    wait    root    internal
#discard stream tcp     nowait  root    internal
#discard stream tcp6    nowait  root    internal
#discard dgram  udp     wait    root    internal
#discard dgram  udp6    wait    root    internal
#chargen stream tcp     nowait  root    internal
#chargen stream tcp6    nowait  root    internal
#chargen dgram  udp     wait    root    internal
#chargen dgram  udp6    wait    root    internal
#
# CVS servers - for master CVS repositories only!  You must set the
# --allow-root path correctly or you open a trivial to exploit but
# deadly security hole.
#
#cvspserver     stream  tcp     nowait  root    /usr/local/bin/cvs      cvs --allow-root=/your/cvsroot/here pserver
#cvspserver     stream  tcp     nowait  root    /usr/local/bin/cvs      cvs --allow-root=/your/cvsroot/here kserver
#
# RPC based services (you MUST have rpcbind running to use these)
#
#rstatd/1-3     dgram rpc/udp wait root /usr/libexec/rpc.rstatd  rpc.rstatd
#rusersd/1-2    dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
#walld/1        dgram rpc/udp wait root /usr/libexec/rpc.rwalld  rpc.rwalld
#pcnfsd/1-2     dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd    rpc.pcnfsd
#rquotad/1      dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
#rquotad/1      dgram rpc/udp6 wait root        /usr/libexec/rpc.rquotad rpc.rquotad
#sprayd/1       dgram rpc/udp wait root /usr/libexec/rpc.sprayd  rpc.sprayd
#
# example entry for the optional pop3 server
#
#pop3   stream  tcp     nowait  root    /usr/local/libexec/popper       popper
#
# example entry for the optional imap4 server
#
#imap4  stream  tcp     nowait  root    /usr/local/libexec/imapd        imapd
#
# example entry for the optional nntp server
#
#nntp   stream  tcp     nowait  news    /usr/local/libexec/nntpd        nntpd
#
# example entry for the optional uucpd server
#
#uucpd  stream  tcp     nowait  root    /usr/local/libexec/uucpd        uucpd
#
# Return error for all "ident" requests
#
#auth   stream  tcp     nowait  root    internal
#auth   stream  tcp6    nowait  root    internal
#
# Provide internally a real "ident" service which provides ~/.fakeid support,
# provides ~/.noident support, reports UNKNOWN as the operating system type
# and times out after 30 seconds.
#
#auth   stream  tcp     nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
#auth   stream  tcp6    nowait  root    internal        auth -r -f -n -o UNKNOWN -t 30
#
# Example entry for an external ident server
#
#auth   stream  tcp     wait    root    /usr/local/sbin/identd  identd -w -t120
#
# Example entry for the optional qmail MTA
#  NOTE: This is no longer the correct way to handle incoming SMTP
#        connections for qmail.  Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
#        instead.
#
#smtp   stream  tcp     nowait  qmaild  /var/qmail/bin/tcp-env  tcp-env /var/qmail/bin/qmail-smtpd
#
# Enable the following two entries to enable samba startup from inetd
# (from the Samba documentation).  Enable the third entry to enable the swat
# samba configuration tool.
#
#netbios-ssn stream tcp nowait          root    /usr/local/sbin/smbd    smbd
#netbios-ns dgram udp   wait            root    /usr/local/sbin/nmbd    nmbd
#swat   stream  tcp     nowait/400      root    /usr/local/sbin/swat    swat
#
# Example entry for the Prometheus sysctl metrics exporter
#
#prom-sysctl    stream  tcp     nowait  nobody  /usr/sbin/prometheus_sysctl_exporter    prometheus_sysctl_exporter -dgh
#
# Example entry for the CTL exporter
#prom-ctl       stream  tcp     nowait  root /usr/bin/ctlstat ctlstat -P