RPCBIND(8) Maintenance Commands and Procedures RPCBIND(8)
NAME
rpcbind - universal addresses to RPC program number mapper
SYNOPSIS
rpcbind [
-d] [
-w] [
-l listen_backlog]
DESCRIPTION
rpcbind is a server that converts
RPC program numbers into universal
addresses. It must be running on the host to be able to make
RPC calls on a server on that machine.
When an
RPC service is started, it tells
rpcbind the address at which
it is listening, and the
RPC program numbers it is prepared to serve.
When a client wishes to make an
RPC call to a given program number,
it first contacts
rpcbind on the server machine to determine the
address where
RPC requests should be sent.
rpcbind should be started before any other
RPC service. Normally,
standard
RPC servers are started by port monitors, so
rpcbind must be
started before port monitors are invoked.
When
rpcbind is started, it checks that certain name-to-address
translation-calls function correctly. If they fail, the network
configuration databases can be corrupt. Since
RPC services cannot
function correctly in this situation,
rpcbind reports the condition
and terminates.
rpcbind maintains an open transport end for each transport that it
uses for indirect calls. This is the
UDP port on most systems.
The
rpcbind service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/rpc/bind
Administrative actions on this service, such as enabling, disabling,
or requesting restart, can be performed using
svcadm(8).
rpcbind can
only be started by the superuser or someone in the Primary
Administrator role.
The configuration properties of this service can be modified with
svccfg(8).
The following SMF property is used to allow or disallow access to
rpcbind by remote clients:
config/local_only = true
The default value,
true, shown above, disallows remote access; a
value of
false allows remove access. See EXAMPLES.
The FMRI
svc:network/rpc/bind property group
config contains the
following property settings:
enable_tcpwrappers Specifies that the TCP wrappers facility is
used to control access to TCP services. The
value
true enables checking. The default value
for
enable_tcpwrappers is
false. If the
enable_tcpwrappers parameter is enabled, then
all calls to
rpcbind originating from non-local
addresses are automatically wrapped by the TCP
wrappers facility. The
syslog facility code
daemon is used to log allowed connections
(using the
info severity level) and denied
traffic (using the
warning severity level). See
syslog.conf(5) for a description of
syslog codes and severity levels. The stability level
of the TCP wrappers facility and its
configuration files is External. As the TCP
wrappers facility is not controlled by Sun,
intrarelease incompatibilities are not
uncommon. See
attributes(7).
verbose_logging Specifies whether the TCP wrappers facility
logs all calls or just the denied calls. The
default is
false. This option has no effect if
TCP wrappers are not enabled.
allow_indirect Specifies whether
rpcbind allows indirect calls
at all. By default,
rpcbind allows most
indirect calls, except to a number of standard
services (
keyserv,
automount,
mount,
nfs,
rquota, and selected NIS and
rpcbind procedures). Setting
allow_indirect to
false causes all indirect calls to be dropped. The
default is
true. NIS broadcast clients rely on
this functionality on NIS servers.
listen_backlog Set connection queue length for
rpcbind over a
connection-oriented transport. The default
value is 64 entries. Modification of this
property will take effect only after the
rpcbind restart.
max_threads Maximum number of worker threads spawn by
rpcbind. The default value is 72. The indirect
RPC calls facility might cause a worker thread
to block for some time waiting for a response
from the indirectly called
RPC service. To
maintain basic
rpcbind functionality, up to
eight worker threads are always reserved, and
will never be used for indirect
RPC calls.
Setting
max_threads to less than 9 effectively
disables the indirect calls.
OPTIONS
The following options are supported:
-d Run in debug mode. In this mode,
rpcbind does not fork when it
starts. It prints additional information during operation, and
aborts on certain errors. With this option, the name-to-
address translation consistency checks are shown in detail.
-w Do a warm start. If
rpcbind aborts or terminates on
SIGINT or
SIGTERM, it writes the current list of registered services to
/var/run/daemon/portmap.file and
/var/run/daemon/rpcbind.file.
Starting
rpcbind with the
-w option instructs it to look for
these files and start operation with the registrations found in
them. This allows
rpcbind to resume operation without requiring
all
RPC services to be restarted.
-l listen_backlog This can be used to override
config/listen_backlog SMF
property.
EXAMPLES
Example 1: Allowing Remote Access
The following sequence of commands allows remote access to
rpcbind.
#
svccfg -s svc:/network/rpc/bind setprop config/local_only = false #
svcadm refresh svc:/network/rpc/bindFILES
/var/run/daemon/portmap.file Stores the information for
RPC services
registered over IP based transports for warm
start purposes.
/var/run/daemon/rpcbind.file Stores the information for all registered
RPC services for warm start purposes.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | See below. |
+--------------------+-----------------+
TCP wrappers is External.
SEE ALSO
rpcbind(3NSL),
hosts_access(5),
syslog.conf(5),
attributes(7),
smf(7),
rpcinfo(8),
svcadm(8),
svccfg(8)NOTES
Terminating
rpcbind with
SIGKILL prevents the warm-start files from
being written.
All
RPC servers are restarted if the following occurs:
rpcbind crashes (or is killed with
SIGKILL) and is unable to write the warm-
start files;
rpcbind is started without the
-w option after a
graceful termination. Otherwise, the warm start files are not found
by
rpcbind.
February 21, 2023 RPCBIND(8)
