RPCBIND(8) Maintenance Commands and Procedures RPCBIND(8)

rpcbind - universal addresses to RPC program number mapper

rpcbind [-d] [-w] [-l listen_backlog]

rpcbind is a server that converts RPC program numbers into universal addresses. It must be running on the host to be able to make RPC calls on a server on that machine.

When an RPC service is started, it tells rpcbind the address at which it is listening, and the RPC program numbers it is prepared to serve. When a client wishes to make an RPC call to a given program number, it first contacts rpcbind on the server machine to determine the address where RPC requests should be sent.

rpcbind should be started before any other RPC service. Normally, standard RPC servers are started by port monitors, so rpcbind must be started before port monitors are invoked.

When rpcbind is started, it checks that certain name-to-address translation-calls function correctly. If they fail, the network configuration databases can be corrupt. Since RPC services cannot function correctly in this situation, rpcbind reports the condition and terminates.

rpcbind maintains an open transport end for each transport that it uses for indirect calls. This is the UDP port on most systems.

The rpcbind service is managed by the service management facility, smf(7), under the service identifier:


svc:/network/rpc/bind

Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(8). rpcbind can only be started by the superuser or someone in the Primary Administrator role.

The configuration properties of this service can be modified with svccfg(8).

The following SMF property is used to allow or disallow access to rpcbind by remote clients:


config/local_only = true

The default value, true, shown above, disallows remote access; a value of false allows remove access. See EXAMPLES.

The FMRI svc:network/rpc/bind property group config contains the following property settings:

enable_tcpwrappers

Specifies that the TCP wrappers facility is used to control access to TCP services. The value true enables checking. The default value for enable_tcpwrappers is false. If the enable_tcpwrappers parameter is enabled, then all calls to rpcbind originating from non-local addresses are automatically wrapped by the TCP wrappers facility. The syslog facility code daemon is used to log allowed connections (using the info severity level) and denied traffic (using the warning severity level). See syslog.conf(5) for a description of syslog codes and severity levels. The stability level of the TCP wrappers facility and its configuration files is External. As the TCP wrappers facility is not controlled by Sun, intrarelease incompatibilities are not uncommon. See attributes(7).

verbose_logging

Specifies whether the TCP wrappers facility logs all calls or just the denied calls. The default is false. This option has no effect if TCP wrappers are not enabled.

allow_indirect

Specifies whether rpcbind allows indirect calls at all. By default, rpcbind allows most indirect calls, except to a number of standard services (keyserv, automount, mount, nfs, rquota, and selected NIS and rpcbind procedures). Setting allow_indirect to false causes all indirect calls to be dropped. The default is true. NIS broadcast clients rely on this functionality on NIS servers.

listen_backlog

Set connection queue length for rpcbind over a connection-oriented transport. The default value is 64 entries. Modification of this property will take effect only after the rpcbind restart.

max_threads

Maximum number of worker threads spawn by rpcbind. The default value is 72. The indirect RPC calls facility might cause a worker thread to block for some time waiting for a response from the indirectly called RPC service. To maintain basic rpcbind functionality, up to eight worker threads are always reserved, and will never be used for indirect RPC calls. Setting max_threads to less than 9 effectively disables the indirect calls.

The following options are supported:

-d

Run in debug mode. In this mode, rpcbind does not fork when it starts. It prints additional information during operation, and aborts on certain errors. With this option, the name-to-address translation consistency checks are shown in detail.

-w

Do a warm start. If rpcbind aborts or terminates on SIGINT or SIGTERM, it writes the current list of registered services to /var/run/daemon/portmap.file and /var/run/daemon/rpcbind.file. Starting rpcbind with the -w option instructs it to look for these files and start operation with the registrations found in them. This allows rpcbind to resume operation without requiring all RPC services to be restarted.

-l listen_backlog

This can be used to override config/listen_backlog SMF property.

Example 1 Allowing Remote Access

The following sequence of commands allows remote access to rpcbind.


# svccfg -s svc:/network/rpc/bind setprop config/local_only = false
# svcadm refresh svc:/network/rpc/bind

/var/run/daemon/portmap.file

Stores the information for RPC services registered over IP based transports for warm start purposes.

/var/run/daemon/rpcbind.file

Stores the information for all registered RPC services for warm start purposes.

See attributes(7) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability See below.

TCP wrappers is External.

rpcbind(3NSL), hosts_access(5), syslog.conf(5), attributes(7), smf(7), rpcinfo(8), svcadm(8), svccfg(8)

Terminating rpcbind with SIGKILL prevents the warm-start files from being written.

All RPC servers are restarted if the following occurs: rpcbind crashes (or is killed with SIGKILL) and is unable to write the warm-start files; rpcbind is started without the -w option after a graceful termination. Otherwise, the warm start files are not found by rpcbind.

February 21, 2023 OmniOS