svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
rpcbind(8)
System Administration Commands rpcbind(8)
NAME
rpcbind - universal addresses to RPC program number mapper
SYNOPSIS
rpcbind [-d] [-w]
DESCRIPTION
rpcbind is a server that converts RPC program numbers into universal
addresses. It must be running on the host to be able to make RPC calls
on a server on that machine.
When an RPC service is started, it tells rpcbind the address at which
it is listening, and the RPC program numbers it is prepared to serve.
When a client wishes to make an RPC call to a given program number, it
first contacts rpcbind on the server machine to determine the address
where RPC requests should be sent.
rpcbind should be started before any other RPC service. Normally, stan‐
dard RPC servers are started by port monitors, so rpcbind must be
started before port monitors are invoked.
When rpcbind is started, it checks that certain name-to-address trans‐
lation-calls function correctly. If they fail, the network configura‐
tion databases can be corrupt. Since RPC services cannot function cor‐
rectly in this situation, rpcbind reports the condition and terminates.
rpcbind maintains an open transport end for each transport that it uses
for indirect calls. This is the UDP port on most systems.
The rpcbind daemon requires several non-basic privileges to run,
including {PRIV_NET_PRIVADDR}, {PRIV_SYS_NFS}, and (if Trusted Exten‐
sions is in use) {PRIV_NET_BINDMLP}.
The rpcbind service is managed by the service management facility,
smf(7), under the service identifier:
svc:/network/rpc/bind
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(8).
The configuration properties of this service can be modified with svc‐
cfg(8).
The following SMF property is used to allow or disallow access to
rpcbind by remote clients:
config/local_only = true
The default value, true, shown above, disallows remote access; a value
of false allows remote access. See EXAMPLES.
The FMRI svc:network/rpc/bind property group config contains the fol‐
lowing property settings:
enable_tcpwrappers Specifies that the TCP wrappers facility
is used to control access to TCP ser‐
vices. The value true enables checking.
The default value for enable_tcpwrappers
is false. If the enable_tcpwrappers
parameter is enabled, then all calls to
rpcbind originating from non-local
addresses are automatically wrapped by
the TCP wrappers facility. The syslog
facility code daemon is used to log
allowed connections (using the info
severity level) and denied traffic (using
the warning severity level). See sys‐
log.conf(5) for a description of syslog
codes and severity levels. The Interface
Stability of the TCP wrappers facility
and its configuration files is Volatile.
As the TCP wrappers facility is not con‐
trolled by Sun, intrarelease incompati‐
bilities are not uncommon. See
attributes(7).
As rpcbind might be used during host
address to name translation, rpcbind
calls tcp_wrappers with untranslated host
names. The rpcbind entry in
hosts_access(4) should use the numerical
address.
verbose_logging Specifies whether the TCP wrappers facil‐
ity logs all calls or just the denied
calls. The default is false. This option
has no effect if TCP wrappers are not
enabled.
allow_indirect Specifies whether rpcbind allows indirect
calls at all. By default, rpcbind allows
most indirect calls, except to a number
of standard services(keyserv, automount,
mount, nfs, rquota, and selected NIS and
rpcbind procedures). Setting allow_indi‐
rect to false causes all indirect calls
to be dropped. The default is true. NIS
broadcast clients rely on this function‐
ality on NIS servers.
max_udp_dump_rqsts_per_sec Specifies how many PMAPPROC_DUMP and
RPCBPROC_DUMP requests sent over UDP or
UDP6 rpcbind answers each second. rpcbind
counts the number of requests within
fixed 1-second intervals. Once the maxi‐
mum number of requests for that interval
has been reached, additional requests are
silently ignored until the start of the
next interval.
OPTIONS
The following options are supported:
-d Run in debug mode. In this mode, rpcbind does not fork when it
starts. It prints additional information during operation, and
aborts on certain errors. With this option, the name-to-address
translation consistency checks are shown in detail.
-w Do a warm start. If rpcbind aborts or terminates on SIGINT or
SIGTERM, it writes the current list of registered services to
/var/run/portmap.file and /var/run/rpcbind.file. Starting rpcbind
with the -w option instructs it to look for these files and start
operation with the registrations found in them. This allows
rpcbind to resume operation without requiring all RPC services to
be restarted.
EXAMPLES
Example 1 Allowing Remote Access
The following sequence of commands allows remote access to rpcbind.
# svccfg -s svc:/network/rpc/bind setprop config/local_only = false
# svcadm refresh svc:/network/rpc/bind
FILES
/var/run/portmap.file Stores the information for RPC services regis‐
tered over IP based transports for warm start
purposes.
/var/run/rpcbind.file Stores the information for all registered RPC
services for warm start purposes.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/core-os _ Interface StabilitySee
below.
TCP wrappers is Volatile.
SEE ALSO
rpcbind(3C), syslog.conf(5), attributes(7), privileges(7), smf(7),
rpcinfo(8), svcadm(8), svccfg(8)
For information on the TCP wrappers facility, see the hosts_access(5)
man page available in the security/tcp-wrapper package.
NOTES
Terminating rpcbind with SIGKILL prevents the warm-start files from
being written.
All RPC servers are restarted if the following occurs: rpcbind crashes
(or is killed with SIGKILL) and is unable to write the warm-start
files; rpcbind is started without the -w option after a graceful termi‐
nation. Otherwise, the warm start files are not found by rpcbind.
Oracle Solaris 11.4 3 Nov 2021 rpcbind(8)