The kernel configuration brings the basic transport and IP datagram services of TCP/IP into UNIX. But there is much more to the TCP/IP suite than just the basic services. How are these other protocols included in the UNIX configuration?
Some protocols are explicitly started by including them in the boot files. This technique is used, for example, to start the Routing Information Protocol (RIP) and the Domain Name Service (DNS). The daemons that service these protocols, routed and named respectively, are run from a startup file such as /etc/rc.d/rc.inet2 on a Linux system or /etc/init.d/inetsvc and /etc/init.d/inetinit on a Solaris system. 
Many other network daemons are not started individually. These daemons are started by a server that listens for network service requests and starts the appropriate daemon to process the request. This server is called the internet daemon.
The internet daemon - inetd (pronounced "i net d") - is started at boot time from an initialization file such as /etc/rc.d/rc.inet2 . When it is started, inetd reads its configuration from the /etc/inetd.conf file. This file contains the names of the services that inetd listens for and starts. You can add or delete services by making changes to the inetd.conf file.
An example of a file entry is:
ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd
The fields in the inetd.conf entry are, from left to right:
There are a few situations in which you need to modify the
file. For example, you may wish to disable a
service. The default configuration provides a full array of servers.
Not all of them are required on every system, and for security reasons you
may want to disable non-essential services on some computers. To disable
a service, place a
You may also need to add new services. We'll see some examples of that in later chapters. Let's look in detail at an example of restoring a service that has been previously disabled. We'll begin by looking at the contents of an /etc/inetd.conf file:
# @(#)inetd.conf 1.17 88/02/07 SMI ftp stream tcp nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp nowait root /usr/sbin/in.telnetd in.telnetd shell stream tcp nowait root /usr/sbin/in.rshd in.rshd login stream tcp nowait root /usr/sbin/in.rlogind in.rlogind exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd finger stream tcp nowait root /usr/sbin/in.fingerd in.fingerd #tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot comsat dgram udp wait root /usr/sbin/in.comsat in.comsat talk dgram udp wait root /usr/sbin/in.talkd in.talkd name dgram udp wait root /usr/sbin/in.tnamed in.tnamed daytime stream tcp nowait root internal time stream tcp nowait root internal echo dgram udp wait root internal discard dgram udp wait root internal time dgram udp wait root internal
This part of the file shows several standard TCP/IP services. One of these, tftp , is commented out. The TFTP protocol is a special version of FTP that allows file transfers without username/password verification. Because of this, it is a possible security hole and is often disabled in the inetd.conf file.
As an example of modifying the inetd.conf file, we'll reconfigure the system to provide tftp service, which is sometimes necessary for supporting diskless devices. First, use your favorite editor to remove the comment (#) from the tftp entry in inetd.conf . (The example uses sed, everyone's favorite editor!) Then find out the process ID for inetd and pass it the SIGHUP signal. The following steps show how this is done on peanut :
In some situations, you may also need to modify the pathname of a server or the arguments passed to a particular server when it is invoked. For example, look again at the tftp entry. This line contains command-line arguments that are passed to the tftp server when it is started. The -s /tftpboot option addresses the most obvious tftp security hole. It prevents tftp users from retrieving files that are not located in the directory specified after the -s option. If you want to use another directory for tftp , you must change the inetd.conf file. The only command-line arguments passed to servers started by inetd are those defined in the inetd.conf file.
Security is one of the most important reasons for modifying the inetd.conf file. inetd.conf is used to implement access control through the wrapper program tcpd . The wrapper program replaces the server program in the server field of the inetd.conf entry. Then when inetd hears a connection request on the port, it starts tcpd instead of the application server. tcpd can then enforce extra security before it starts the application server. How to use the wrapper program for access control is covered in Chapter 12 .