<!-- $Id: ServerType.html,v 1.6 2009/10/06 15:44:11 castaglia Exp $ -->
<!-- $Source: /cvsroot/proftp/proftpd/doc/howto/ServerType.html,v $ -->
<html>
<head>
<title>ProFTPD mini-HOWTO - ServerType</title>
</head>
<body bgcolor=white>
<hr>
<center><h2><b><i>ServerType</i></b></h2></center>
<hr>
<p>
The <a href="http://www.proftpd.org/docs/directives/linked/config_ref_ServerType.html"><code>ServerType</code></a> configuration directive for ProFTPD can cause
confusion for those just starting with this server. What is the purpose
for this directive? What are these "inetd" and "standalone"
types, and why does one need to choose one or the other?
<p>
The purpose of this directive is to choose between the two operating modes for
almost all Unix network servers: does the server listen on its port for
client requests itself, or does the server let some other process do the
listening, and call the server when needed? Traditionally, that
"other process" has been <code>inetd</code>, a
"super server" that listens on all interfaces, all ports on a
Unix machine, and calls the appropriate server based on the port contacted.
A more modern replacement for <code>inetd</code> is found in the
<code>xinetd</code> server; this server functions much the same way. The
other mode of operation is to have the server listen on the port(s) itself,
and handle client requests accordingly. The latter mode is the
<em>standalone</em> <code>ServerType</code>, the former is the <em>inetd</em>
mode (which covers both the <code>inetd</code> and <code>xinetd</code>
processes).
<p>
This directive is mandatory, and must be set to one mode or the other. The
two modes are incompatible (two processes cannot be bound to the same
interface/port combination simultaneously), and thus the <code>proftpd</code>
must be told in which mode it is to operate.
<p><a name="Inetd"></a>
<b>Inetd Mode</b><br>
In <em>inetd</em> mode, the <code>proftpd</code> server expects to be started
by the <code>inetd</code> (or <code>xinetd</code>) servers. It is these
servers, <code>inetd/xinetd</code>, that listen on the FTP port (usually 21)
for connection requests, then start <code>proftpd</code> and pass the
connection off. This mode is usually best suited for low traffic sites,
for sites that do not handle many FTP sessions.
<p>
Example <code>/etc/inetd.conf</code> entry:
<pre>
ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/proftpd
</pre>
The <code>inetd.conf</code> man pages discuss these fields in greater detail.
<p>
An example <code>xinetd</code> configuration is:
<pre>
service ftp
{
disable = no
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/proftpd
server_args = -c /etc/proftpd.conf
}
</pre>
The xinetd configuration is usually found in <code>/etc/xinetd.conf</code>
or in the <code>/etc/xinetd.d/</code> directory.
<p><a name="InetdIPv6"></a>
<b>Note</b>: Solaris users may find that their <code>/etc/inetd.conf</code>
file ships with an <code>ftp</code> entry that looks similar to the above,
except that it has "tcp6" rather than "tcp". For
<code>proftpd</code> to function properly in such cases, that "tcp6"
will need to be changed to "tcp". Solaris uses the <code>tcp6</code>
keyword to have its <code>inetd</code> pass IPv6 sockets to the called program;
<code>proftpd</code> must have been configured with the
<code>--enable-ipv6</code> option to handle such sockets.
<p><a name="InetdPorts"></a>
<b>Inetd Mode and Non-standard Ports</b><br>
A note about using non-standard ports in your configuration via the
<code>Port</code> configuration directive: making these work while in
<code>inetd</code> mode and using <code>inetd</code> (as oppposed to
<code>xinetd</code>) is problematic. The first column of an
<code>/etc/inetd.conf</code> entry lists a protocol name. The port
for that protocol is listed in the <code>/etc/services</code> file. For
services that run on non-standard ports, however,
<code>/etc/services</code> has no entry, and <code>inetd</code> is programmed
so as to always reference that file. This means that if use of non-standard
ports and use of <code>inetd</code> are required, the
<code>/etc/services</code> file will need to be edited. Avoid this situation
if possible.
<p>
Compared to <code>inetd</code>, <code>xinetd</code>'s configuration format
is more flexible: it can be configured to use non-standard ports using the
<code>port</code> attribute:
<pre>
port determines the service port. If this
attribute is specified for a service
listed in /etc/services, it must be equal
to the port number listed in that file.
</pre>
as described in the <code>xinetd.conf(5)</code> man page.
<p>
If your <code>proftpd</code> server is running in this mode, you do not need
to worry about restarting any servers whenever changes are made to the
<code>proftpd.conf</code> configuration file. Since <code>proftpd</code>
is started for each new FTP session by <code>inetd/xinetd</code>, and
part of that startup process includes reading the configuration file, any
changes will be seen by any new FTP sessions once the changes are made.
<p>
If you attempt to start a <code>proftpd</code> server configured with a
<code>ServerType</code> of <em>standalone</em>, and already have
<code>inetd/xinetd</code> also configured to handle FTP connections, this kind
of error message will appear in your <code>proftpd</code> logs:
<pre>
golem.castaglia.org - Failed binding to 127.0.0.1, port 21: Address already in use
golem.castaglia.org - Check the ServerType directive to ensure you are configured correctly.
</pre>
More information might be found by <a href="Debugging.html">debugging</a> your
configuration.
<p><a name="Standalone"></a>
<b>Standalone Mode</b><br>
In this mode, the <code>proftpd</code> listens for incoming FTP session
requests itself, and forks off child processes to handle those requests.
This mode is best suited for high traffic, popular sites; the overhead
of having to parse the configuration file each time, as is done for
<code>inetd</code>-handled sessions, is avoided in this mode. Also,
there is no need to change any other configuration files other than the
<code>proftpd.conf</code>, for ports, virtual servers, or anything else.
<p>
When running in this mode, the server will need to be restarted whenever
changes are made to the configuration file. There is a
<a href="Stopping.html">page</a> that describes how this can be done.
<p>
Many administrators are accustomed to using <code>tcpwrappers</code> to
secure their network servers; indeed, this is a good practice to get into.
However, the most common way this is done is through <code>inetd</code>.
When running a <code>proftpd</code> server in <em>standalone</em> mode,
then, it is not quite as straightforward; however, it is not hard, either.
The <a href="http://www.castaglia.org/proftpd/modules/mod_wrap.html"><code>mod_wrap</code></a> module can be compiled into your <code>proftpd</code>. This
module allows a standalone <code>proftpd</code> server to use the normal
<code>/etc/hosts.allow</code>, <code>/etc/hosts.deny</code> files, in addition
to other files (something that normal <code>tcpwrappers</code> configurations
cannot do).
<p>
If you try to start a <code>proftpd</code> server configured with a
<code>ServerType</code> of <em>inetd</em> from the command line (or from
some shell wrapper script), this kind of error message will appear in your
<code>proftpd</code> logs:
<pre>
golem.castaglia.org - Fatal: Socket operation on non-socket
golem.castaglia.org - (Running from command line? Use `ServerType standalone' in config file!)
</pre>
More information might be found by <a href="Debugging.html">debugging</a> your
configuration.
<p><a name="Switching">
<b>Switching Modes</b><br>
Changing from one <code>ServerType</code> mode to the other is a simple
process, as long as the few steps involved are followed.
<p>
To change from <em>inetd</em> to <em>standalone</em>, make sure to remove any
FTP configurations from <code>/etc/inetd.conf</code>,
<code>/etc/xinetd.conf</code>, <code>/etc/xinetd.d/</code>, or wherever
your superserver's configuration file(s) reside. Once this is done,
make sure those changes are seen by restarting <code>inetd/xinetd</code>.
Then, make sure
<pre>
ServerType standalone
</pre>
is in your <code>proftpd.conf</code>. Start the <code>proftpd</code>
server from the command line, to make sure all is working. You can then
easily start server from an <code>init.d</code> script such as the one
mentioned <a href="Stopping.html">here</a>.
<p>
To change from <em>standalone</em> to <em>inetd</em>, make sure your
<code>proftpd</code> is stopped completely. Add a configuration entry
for FTP into your <code>inetd/xinetd</code> configuration (mentioned
above), then restart <code>inetd/xinetd</code> to have those configuration
changes seen. Check your <code>proftpd.conf</code> to see that
<pre>
ServerType inetd
</pre>
is there.
<p><a name="FAQ">
<b>Frequently Asked Questions</b><br>
<font color=red>Question</font>: I have configured:
<pre>
IdentLookups off
ServerIdent off
</pre>
in my <code>proftpd.conf</code>, but my logins are still slow. Why?<br>
<font color=blue>Answer</font>: Another source of slow logins can be
<code>xinetd</code>, or <code>tcpwrappers</code> compiled for reverse DNS
lookups (<i>i.e.</i> with the <code>-DPARANOID</code> option).
<p>
If you are using <code>ServerType inetd</code>, <i>and</i> you are using
<code>xinetd</code> to run <code>proftpd</code>, then you should check your
<code>/etc/xinetd.conf</code> (or <code>/etc/xinetd.d/proftpd</code> or
similar) file for the <code>USERID</code> parameter, <i>e.g.</i>:
<pre>
log_on_success += DURATION USERID
log_on_failure += USERID
</pre>
As per the <code>xinetd.conf</code> documentation, the use of
<code>USERID</code> in your configuration causes <code>xinetd</code> to do
an IDENTD lookup:
<pre>
USERID logs the user id of the remote user using
the RFC 1413 identification protocol.
This option is available only for multi-
threaded stream services.
</pre>
Removing <code>USERID</code> from your <code>xinetd</code> configuration
for proftpd often suffices to fix the slow logins.
<p>
Another solution is simply to <a href="#Switching">switch</a> your
<code>ServerType</code> to "standalone".
<p>
<hr>
Last Updated: <i>$Date: 2009/10/06 15:44:11 $</i><br>
<hr>
</body>
</html>
