[leafnode-list] Re: xinetd on centos 7 install

Matěj Cepl mcepl at cepl.eu
Fri Jul 17 23:33:53 CEST 2015


On 2015-07-17, 18:07 GMT, Matěj Cepl wrote:
> That’s a great question. I have no idea about the answer though.

I have asked on #systemd on FreeNode and this is what I got:

    mcepl: Hi, I have switched my leafnode2 installation from 
        xinetd to systemd for port-activated service) and now 
        I wonder about how to make systemd recognize and follow 
        /etc/hosts.{deny,allow}. That doesn't work right? Are 
        there any other ACLs for systemd-run services?
    grawity: there's iptables/nftables
    zdzichu: tcpwrappes support was removed some time ago
    dreisner: ...thankfully
    grawity: alternatively, use "ExecStart=@/usr/bin/tcpd 
        /usr/bin/leafnode2", like in the early days of 
        tcpwrappers
    zdzichu: grawity: '@'?
    grawity: argv[0]
    grawity: like in traditional inetd.conf you'd specify the 
        executable and argv[0] separately
    grawity: so IIRC tcpd made use of that
    mcepl: grawity: thanks ... that seems like a bit missing 
        part of systemd to me, but thanks for the workaround.
    grawity: it's intentionally missing, yes
    ***mcepl will rather shut up

I have later emphasized that I don’t necessarily fight for 
tcpwrappers themselves (somebody noticed that even OpenSSH 
doesn’t support it anymore), but I’ve got no reply on that.

I think there is a point in the notice about iptables/nftables.  
I don’t think I will put the above line into Fedora/RHEL 
leafnode packages.

Best,

Matěj

-- 
http://www.ceplovi.cz/matej/, Jabber: mcepl at ceplovi.cz
GPG Finger: 89EF 4BC6 288A BF43 1BAB  25C3 E09F EF25 D964 84AC
 
Roses are red;
    Violets are blue.
I'm schizophrenic,
    And so am I.




More information about the leafnode-list mailing list