*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->HP-UX 11i man pages -> rexecd (1m)              
Title
Content
Arch
Section
 

Contents


 rexecd(1M)                                                       rexecd(1M)




 NAME    [Toc]    [Back]
      rexecd - remote execution server

 SYNOPSIS    [Toc]    [Back]
      /usr/lbin/rexecd [-n] [-m] [-s] [-S]

 DESCRIPTION    [Toc]    [Back]
      rexecd is the server for the rexec() routine, and the rexec_af()
      routine in case of IPv6 systems; it expects to be started by the
      internet daemon (see inetd(1M)).  rexecd provides remote execution
      facilities with authentication based on user account names and
      unencrypted passwords.

      inetd(1M) calls rexecd when a service request is received at the port
      indicated for the ``exec'' service specification in /etc/services; see
      services(4).  To run rexecd, the following line should be present in
      /etc/inetd.conf:

           exec  stream  tcp  nowait  root  /usr/lbin/rexecd  rexecd

      The above configuration line will start rexecd in IPv4 mode.  To run
      rexecd in IPv6 mode, the following line must be present in the
      /etc/inetd.conf file:

           exec  stream  tcp6 nowait  root  /usr/lbin/rexecd  rexecd

      Note: For IPv6 applications, the protocol tcp has to be changed to
      tcp6.  See inetd.conf(4) for more information.

    Options    [Toc]    [Back]
      rexecd recognizes the following options.

           -m   With this option enabled, rexecd returns immediately after
                its child process gets killed; it does not wait for all its
                sub child processes to die.  This in turn makes rexec not to
                wait even when the sub child processes are running remotely.
                As a result, rexec will not appear hung. It is recommended
                that users do not use -m option, if they want rexecd to wait
                until the completion of all the sub child processes.
                Otherwise, the user may not get an expected result. This
                option is applicable only to rexec with a secondary socket
                connection.

           -n   Disable transport-level keep-alive messages. By default, the
                messages are enabled.  The keep-alive messages allow
                sessions to time out if the client crashes or becomes
                unreachable.

           -s   This option is used in multi-homed NIS systems. It disables
                rexecd from doing a reverse lookup of the client's IP
                address; see gethostbyname(3N) for more information. It can



 Hewlett-Packard Company            - 1 -      HP-UX 11i Version 2: Sep 2004






 rexecd(1M)                                                       rexecd(1M)




                be used to circumvent an NIS limitation with multi-homed
                hosts.

           -S   With this option, rexec disallows logging in as a superuser.

      When a service request is received, the following protocol is
      initiated:

           1.  The server reads characters from the socket up to a null (\0)
               byte.  The resultant string is interpreted as an ASCII
               number, base 10.

           2.  If the number received in step 1 is non-zero, it is
               interpreted as the port number of a secondary stream to be
               used for the stderr.  A second connection is then created to
               the specified port on the client's host.  If the first
               character sent is a null (\0), no secondary connection is
               made and the stderr of the command is sent to the primary
               stream.  If the secondary connection has been made, rexecd
               interprets bytes it receives on that socket as signal numbers
               and passes them to the command as signals (see signal(2)).

           3.  A null-terminated user name of not more than 16 characters is
               retrieved on the initial socket.

           4.  A null-terminated, unencrypted, password of not more than 16
               characters is retrieved on the initial socket.

           5.  A null-terminated command to be passed to a shell is
               retrieved on the initial socket.  The length of the command
               is limited by the upper bound on the size of the system's
               argument list.

           6.  rexecd then validates the user, as is done by login using PAM
               modules for authentication.  Refer to the login(1) manpage
               for more information. If the authentication succeeds, rexecd
               changes to the user's home directory and establishes the user
               and group protections of the user.  If any of these steps
               fail, rexecd returns a diagnostic message through the
               connection, then closes the connection.

               NOTE: The use_psd option cannot be specified in the
               /etc/pam.conf file for rexecd.

           7.  A null byte is returned on the connection associated with
               stderr and the command line is passed to the normal login
               shell of the user with that shell's -c option.  The shell
               inherits the network connections established by rexecd.

      rexecd uses the following path when executing the specified command:




 Hewlett-Packard Company            - 2 -      HP-UX 11i Version 2: Sep 2004






 rexecd(1M)                                                       rexecd(1M)




           /usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin

      Transport-level keepalive messages are enabled unless the -n option is
      present.  The use of keepalive messages allows sessions to be timed
      out if the client crashes or becomes unreachable.

 SECURITY FEATURES    [Toc]    [Back]
      For a detailed information on all the configuration parameters that
      affect rexecd, refer to the security(4) man page.  rexecd supports the
      following configuration parameters in the /etc/default/security file:

           +    NOLOGIN
           +    UMASK

 DIAGNOSTICS    [Toc]    [Back]
      All diagnostic messages are returned on the connection associated with
      the stderr, after which any network connections are closed.  An error
      is indicated by a leading byte with a value of 1 (0 is returned in
      step 7 above upon successful completion of all the steps prior to the
      command execution).

           Username too long    [Toc]    [Back]
                The user name is longer than 16 characters.

           Password too long    [Toc]    [Back]
                The password is longer than 16 characters.

           Command too long    [Toc]    [Back]
                The command line passed exceeds the size of the argument
                list (as configured into the system).

           Login incorrect    [Toc]    [Back]
                No password file entry for the user name existed or the
                wrong password was supplied.

           No remote directory    [Toc]    [Back]
                The chdir command to the home directory failed.

           No more processes    [Toc]    [Back]
                The server was unable to fork a process to handle the
                incoming connection.

                Next step: Wait a period of time and try again.  If the
                message persists, then the server's host may have a runaway
                process that is using all the entries in the process table.

           shellname: ...
                The user's login shell could not be started via exec(2) for
                the given reason.





 Hewlett-Packard Company            - 3 -      HP-UX 11i Version 2: Sep 2004






 rexecd(1M)                                                       rexecd(1M)




 WARNINGS    [Toc]    [Back]
      The password is sent unencrypted through the socket connection.

 AUTHOR    [Toc]    [Back]
      rexecd was developed by the University of California, Berkeley.

 SEE ALSO    [Toc]    [Back]
      remsh(1), inetd(1M), rexec(3N), rexec_af(3N), inetd.conf(4),
      inetd.sec(4), security(4), services(4).


 Hewlett-Packard Company            - 4 -      HP-UX 11i Version 2: Sep 2004
[ Back ]
      
      
 Similar pages
Name OS Title
rexecd Tru64 The remote execution server
rexd IRIX RPC-based remote execution server
rexd HP-UX RPC-based remote execution server
rcmd Tru64 Allow execution of commands on a remote host
rexec Tru64 Allow command execution on a remote host
rcmd_r Tru64 Allow execution of commands on a remote host
rexec_r Tru64 Allow command execution on a remote host
aremex IRIX array serivces remote execution monitor
ssh Tru64 Secure Shell client remote login and command execution application
ssh2 Tru64 Secure Shell client remote login and command execution application
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service