NAME [Toc] [Back]
rexecd - remote execution server
SYNOPSIS [Toc] [Back]
/usr/lbin/rexecd [-n] [-m] [-s] [-S]
DESCRIPTION [Toc] [Back]
rexecd is the server for the rexec() routine, and the rexec_af()
routine in case of IPv6 systems; it expects to be started by the
internet daemon (see inetd(1M)). rexecd provides remote execution
facilities with authentication based on user account names and
inetd(1M) calls rexecd when a service request is received at the port
indicated for the ``exec'' service specification in /etc/services; see
services(4). To run rexecd, the following line should be present in
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start rexecd in IPv4 mode. To run
rexecd in IPv6 mode, the following line must be present in the
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
Note: For IPv6 applications, the protocol tcp has to be changed to
tcp6. See inetd.conf(4) for more information.
Options [Toc] [Back]
rexecd recognizes the following options.
-m With this option enabled, rexecd returns immediately after
its child process gets killed; it does not wait for all its
sub child processes to die. This in turn makes rexec not to
wait even when the sub child processes are running remotely.
As a result, rexec will not appear hung. It is recommended
that users do not use -m option, if they want rexecd to wait
until the completion of all the sub child processes.
Otherwise, the user may not get an expected result. This
option is applicable only to rexec with a secondary socket
-n Disable transport-level keep-alive messages. By default, the
messages are enabled. The keep-alive messages allow
sessions to time out if the client crashes or becomes
-s This option is used in multi-homed NIS systems. It disables
rexecd from doing a reverse lookup of the client's IP
address; see gethostbyname(3N) for more information. It can
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: Sep 2004
be used to circumvent an NIS limitation with multi-homed
-S With this option, rexec disallows logging in as a superuser.
When a service request is received, the following protocol is
1. The server reads characters from the socket up to a null (\0)
byte. The resultant string is interpreted as an ASCII
number, base 10.
2. If the number received in step 1 is non-zero, it is
interpreted as the port number of a secondary stream to be
used for the stderr. A second connection is then created to
the specified port on the client's host. If the first
character sent is a null (\0), no secondary connection is
made and the stderr of the command is sent to the primary
stream. If the secondary connection has been made, rexecd
interprets bytes it receives on that socket as signal numbers
and passes them to the command as signals (see signal(2)).
3. A null-terminated user name of not more than 16 characters is
retrieved on the initial socket.
4. A null-terminated, unencrypted, password of not more than 16
characters is retrieved on the initial socket.
5. A null-terminated command to be passed to a shell is
retrieved on the initial socket. The length of the command
is limited by the upper bound on the size of the system's
6. rexecd then validates the user, as is done by login using PAM
modules for authentication. Refer to the login(1) manpage
for more information. If the authentication succeeds, rexecd
changes to the user's home directory and establishes the user
and group protections of the user. If any of these steps
fail, rexecd returns a diagnostic message through the
connection, then closes the connection.
NOTE: The use_psd option cannot be specified in the
/etc/pam.conf file for rexecd.
7. A null byte is returned on the connection associated with
stderr and the command line is passed to the normal login
shell of the user with that shell's -c option. The shell
inherits the network connections established by rexecd.
rexecd uses the following path when executing the specified command:
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: Sep 2004
Transport-level keepalive messages are enabled unless the -n option is
present. The use of keepalive messages allows sessions to be timed
out if the client crashes or becomes unreachable.
SECURITY FEATURES [Toc] [Back]
For a detailed information on all the configuration parameters that
affect rexecd, refer to the security(4) man page. rexecd supports the
following configuration parameters in the /etc/default/security file:
DIAGNOSTICS [Toc] [Back]
All diagnostic messages are returned on the connection associated with
the stderr, after which any network connections are closed. An error
is indicated by a leading byte with a value of 1 (0 is returned in
step 7 above upon successful completion of all the steps prior to the
Username too long [Toc] [Back]
The user name is longer than 16 characters.
Password too long [Toc] [Back]
The password is longer than 16 characters.
Command too long [Toc] [Back]
The command line passed exceeds the size of the argument
list (as configured into the system).
Login incorrect [Toc] [Back]
No password file entry for the user name existed or the
wrong password was supplied.
No remote directory [Toc] [Back]
The chdir command to the home directory failed.
No more processes [Toc] [Back]
The server was unable to fork a process to handle the
Next step: Wait a period of time and try again. If the
message persists, then the server's host may have a runaway
process that is using all the entries in the process table.
The user's login shell could not be started via exec(2) for
the given reason.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: Sep 2004
WARNINGS [Toc] [Back]
The password is sent unencrypted through the socket connection.
AUTHOR [Toc] [Back]
rexecd was developed by the University of California, Berkeley.
SEE ALSO [Toc] [Back]
remsh(1), inetd(1M), rexec(3N), rexec_af(3N), inetd.conf(4),
inetd.sec(4), security(4), services(4).
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: Sep 2004 [ Back ]