Standalone or inetd?

On Thu, Nov 30, 2000 at 08:01:42PM -0000, Tanuj Shah, - mailings wrote: > Is ProFTPd (1.2.0) better to run as standalone or via (x)inetd? Both runs fine. Only on one Solaris box I was forced to run in standalone mode cause it said all the time that there is another program listening on Port 21 when I tried inetd. > What are the differences etc. etc. etc. ? One difference is that the process control (childs etc) is mananaged bei the inetd. Another thing is that you can start proftpd with the tcpd when you're using the inetd. In the standanlone mode you can use Virtual Hosts. Personal preference, inetd for lightly used systems where resources are an issue. Standalone for production machines which are likely to get pounded into the dirt and I need the additional configuration features not available under inetd. Well, after reading here about Redhat 7 having xinetd, and needing to = put the server in standalone I noticed something fairly big.... I used to be able to edit the proftpd.conf file and the changes would = take place immediately, now I have to kill the process and restart the = server....anyone have any solutions? If I'm not mistaken, that's normal. A big advantage of inetd (or xinetd) is that it listens on ports for you. Only when it gets a connection on a port does it launch the respective program. So basically proftpd gets re-launched with every connection, thus you can edit the config and it will be in effect for the next user. Standalone mode though is always running with the config it saw when it first started up, so you do have to kill it and restart it to see the new config. Well, after reading here about Redhat 7 having xinetd, and needing to put the server in standalone I noticed something fairly big.... I used to be able to edit the proftpd.conf file and the changes would take place immediately, now I have to kill the process and restart the server....anyone have any solutions? If you send the main proftpd process the HUP signal, it will re-read it's configuration file without stopping... I'm a Linux (RH6.0) newbie and I'm trying to get ProFtpD running on my box... I'm having some little problems tough :( My first question... should I run it in standalone or inetd mode? My ftp won't have much traffic... the box is a 486 dx 33 w/ 8 megs of ram... nothing fancy... Second question... I tried to run it from commandline in inetd mode... it said that in order to run it from commandline it needs to be in standalone mode... and for inetd mode, proftpd has to be started by the inetd super-server. What is this super-server and how do I get this thing to start proftpd? Right now when I do ftp localhost, i get a 'connection refused' error message... maybe proftpd isn't even running (that's my guess)... how do I make sure it is running? On Sun, 13 Aug 2000, Carl Mercier wrote: > > My first question... should I run it in standalone or inetd mode? My ftp > won't have much traffic... the box is a 486 dx 33 w/ 8 megs of ram... > nothing fancy... if you won't be taking on that much traffic, inetd is the preferred method. If it's going to be a busy or "production" FTP server, standalone is best. Frankly, it doesn't matter that much in your case. > > Second question... I tried to run it from commandline in inetd mode... it > said that in order to run it from commandline it needs to be in standalone > mode... and for inetd mode, proftpd has to be started by the inetd > super-server. What is this super-server and how do I get this thing to > start proftpd? type "man inetd". Reading the manual page will tell you everything you need to know. > > Right now when I do ftp localhost, i get a 'connection refused' error > message... maybe proftpd isn't even running (that's my guess)... how do I > make sure it is running? in standalone mode, you will see "proftpd" in the output of 'ps -ef'. In inetd mode, it will be running provided you have inetd up and configured to accept connections for proftpd. One thing to add... if you run proftpd in standalone mode and not through the "inetd" server, then you must edit your /etc/inetd.conf file and comment out the reference to ftp (the only line starting with ftp). If you are going to run it through inetd, instead of commenting out that one line, change it to run proftpd... Again see "man inetd." My 2 cents would be on your system to run it in inetd. That way you don't have a ftpd server taking up memory all the time. With inetd, the server will only take up memory when you want to use it. Not to mention processor time, even idle processes have to be polled by the kernel. Later, Hello, I have a limited use server 10+ logins a week, 20mb a week transfers (usually upload). I have the server setup as inetd (changing to xinetd). Can anyone give a guideline table of when you want to use standalone vs inetd server model? Well, off the top of my head: INETD PROS Can use TCP wrappers Not using system resources when not in use Does not have to run as root (better security) CONS Can't use MaxClients Overhead from launching process for each session (although in my experience this is negligible) DAEMON PROS Better performance, since the daemon is always ready to take calls Can use MaxClients to allot resources or avoid a DOS attack CONS Daemon must run as root to bind to port 21, although I believe ProFTPD has some internal mechanisms to reduce risks Is always using system resources even when idle There are certainly other reasons that I am sure other users can add. I have always felt that the primary reason for choosing one over the other is volume. Low volume tends to indicates inetd, while high volume almost always indicates daemon. But its a balance of security and performance either way. A few less important pro/cons: INETD no User lockouts after too many false logins no reset needed after changing configuration DAEMON may suffer from memory leaks (system libs, modules,..) Things that run on ports <1024 (as does everything in inetd.conf) have to be run as root initially, which opens the possibility of exploitation. I think (keyword=think) running as standalone uses more memory than inetd. Speed isn't an issue for me since I have logins capped at 3 simultaneous. As for security I have a firewall router between the ftp box and well...all I can do is all I can do. Stand alone is faster in theory. I don't run anything from inetd. My ftp, www, ssh all run standalone. Given proftpd 1.2.0pre10, what are the relative merits of running it via inetd as opposed to standalone? I imagine that there's greater security with inetd given its use of host.deny. True? Are there any other security issues related to these 2 mode of running proftpd? If you insist not running it in standalone mode, something like tcpserver would be much better. Inetd does nasty things to busy systems because of the rate limiting it has. I run proftpd in standalone, and used to run it from inetd ;) Are there any performance differences between the two implementations or is the gap down entirely to the inetd overhead? if so another superserver (tcpserver?) could be used instead and one could have the superior rules access with a minimal overhead and performance degredation.