rpcbind(1M) System Administration Commands rpcbind(1M)NAMErpcbind - universal addresses to RPC program number mapper
SYNOPSISrpcbind [-d] [-w]
DESCRIPTIONrpcbind is a server that converts RPC program numbers into universal
addresses. It must be running on the host to be able to make RPC calls
on a server on that machine.
When an RPC service is started, it tells rpcbind the address at which
it is listening, and the RPC program numbers it is prepared to serve.
When a client wishes to make an RPC call to a given program number, it
first contacts rpcbind on the server machine to determine the address
where RPC requests should be sent.
rpcbind should be started before any other RPC service. Normally, stan‐
dard RPC servers are started by port monitors, so rpcbind must be
started before port monitors are invoked.
When rpcbind is started, it checks that certain name-to-address trans‐
lation-calls function correctly. If they fail, the network configura‐
tion databases can be corrupt. Since RPC services cannot function cor‐
rectly in this situation, rpcbind reports the condition and terminates.
rpcbind maintains an open transport end for each transport that it uses
for indirect calls. This is the UDP port on most systems.
The rpcbind service is managed by the service management facility,
smf(5), under the service identifier:
svc:/network/rpc/bind
Administrative actions on this service, such as enabling, disabling, or
requesting restart, can be performed using svcadm(1M). rpcbind can only
be started by the superuser or someone in the Primary Administrator
role.
The configuration properties of this service can be modified with svc‐
cfg(1M).
The following SMF property is used to allow or disallow access to
rpcbind by remote clients:
config/local_only = true
The default value, true, shown above, disallows remote access; a value
of false allows remove access. See EXAMPLES.
The FMRI svc:network/rpc/bind property group config contains the fol‐
lowing property settings:
enable_tcpwrappers Specifies that the TCP wrappers facility is used
to control access to TCP services. The value true
enables checking. The default value for
enable_tcpwrappers is false. If the enable_tcp‐
wrappers parameter is enabled, then all calls to
rpcbind originating from non-local addresses are
automatically wrapped by the TCP wrappers facil‐
ity. The syslog facility code daemon is used to
log allowed connections (using the info severity
level) and denied traffic (using the warning
severity level). See syslog.conf(4) for a
description of syslog codes and severity levels.
The Interface Stability of the TCP wrappers
facility and its configuration files is Volatile.
As the TCP wrappers facility is not controlled by
Sun, intrarelease incompatibilities are not
uncommon. See attributes(5).
verbose_logging Specifies whether the TCP wrappers facility logs
all calls orjust the denied calls. The default is
false. This option has no effect if TCP wrappers
are not enabled.
allow_indirect Specifies whether rpcbind allows indirect calls
at all. By default, rpcbind allows most indirect
calls, except to a number of standard ser‐
vices(keyserv, automount, mount, nfs, rquota, and
selected NIS and rpcbind procedures). Setting
allow_indirect to false causes all indirect calls
to be dropped. The default is true. NIS broadcast
clients rely on this functionality on NIS
servers.
OPTIONS
The following options are supported:
-d Run in debug mode. In this mode, rpcbind does not fork when it
starts. It prints additional information during operation, and
aborts on certain errors. With this option, the name-to-address
translation consistency checks are shown in detail.
-w Do a warm start. If rpcbind aborts or terminates on SIGINT or
SIGTERM, it writes the current list of registered services to
/var/run/portmap.file and /var/run/rpcbind.file. Starting rpcbind
with the -w option instructs it to look for these files and start
operation with the registrations found in them. This allows
rpcbind to resume operation without requiring all RPC services to
be restarted.
EXAMPLES
Example 1 Allowing Remote Access
The following sequence of commands allows remote access to rpcbind.
# svccfg -s svc:/network/rpc/bind setprop config/local_only = false
# svcadm refresh svc:/network/rpc/bind
FILES
/var/run/portmap.file Stores the information for RPC services regis‐
tered over IP based transports for warm start
purposes.
/var/run/rpcbind.file Stores the information for all registered RPC
services for warm start purposes.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Availability │SUNWcs │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │See below. │
└─────────────────────────────┴─────────────────────────────┘
TCP wrappers is Volatile.
SEE ALSOsmf(5), rpcinfo(1M), svcadm(1M), svccfg(1M), rpcbind(3NSL), sys‐
log.conf(4), attributes(5), smf(5)
For information on the TCP wrappers facility, see the hosts_access(4)
man page, delivered as part of the Solaris operating environment in
/usr/sfw/man and available in the SUNWtcpd package.
NOTES
Terminating rpcbind with SIGKILL prevents the warm-start files from
being written.
All RPC servers are restarted if the following occurs: rpcbind crashes
(or is killed with SIGKILL) and is unable to to write the warm-start
files; rpcbind is started without the -w option after a graceful termi‐
nation. Otherwise, the warm start files are not found by rpcbind.
SunOS 5.11 1 Aug 2006 rpcbind(1M)