Section: Maintenance Commands (8)Index
Return to Main Contents
Copyright (c) 1987 Sun Microsystems
Copyright (c) 1990, 1991 The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
All advertising materials mentioning features or use of this software
must display the following acknowledgement:
This product includes software developed by the University of
California, Berkeley and its contributors.
Neither the name of the University nor the names of its contributors
may be used to endorse or promote products derived from this software
without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
program number mapper
is a server that converts
program numbers into
protocol port numbers.
It must be running in order to make
server is started, it will tell
what port number it is listening to, and what
program numbers it is prepared to serve.
When a client wishes to make an
call to a given program number,
it will first contact
on the server machine to determine
the port number where
packets should be sent.
must be started before any
servers are invoked.
forks and dissociates itself from the terminal
like any other daemon.
then logs errors using
from running as a daemon,
and causes errors and debugging information
to be printed to the standard error output.
to give more logging information to
By default, host access control is enabled. However, the host that runs
the portmapper is always considered authorized. The host access control
tables are never consulted with requests from the local system itself;
they are always consulted with requests from other hosts.
In order to avoid deadlocks, the portmap program does not attempt to
look up the remote host name or user name, nor will it try to match NIS
netgroups. The upshot of all this is that only network number patterns
will work for portmap access control.
Sample entries for the host access-control files are:
portmap: 255.255.255.255 0.0.0.0
The syntax of the access-control files is described in the
manual page that comes with the tcp wrapper (log_tcp)
sources. The safe_finger command comes with later wrapper releases.
The first line in the hosts.allow file permits access from all systems
within your own subnet. Some rpc services rely on broadcasts and will
contact your portmapper anyway; and once an intruder has access to your
local network segment you're already in deep trouble.
The second line in the hosts.allow file may be needed if there are
any PC-NFS systems on your network segment.
For security reasons, the portmap process drops root privilegs after
initialization. The access control files should therefore be readable
for group or world.
crashes, all servers must be restarted.
command appeared in
- Access control
- SEE ALSO