Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 HP-UX Reference > R

rexd(1M)

HP-UX 11i Version 3: February 2007
» 

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

NAME

rexd — RPC-based remote execution server

SYNOPSIS

/usr/sbin/rpc.rexd [-l log_file] [-m mountdir] [-r]

DESCRIPTION

rexd is the RPC server for remote command execution. A rexd is started by inetd when a remote execution request is received (see inetd(1M)). rexd exits when command execution has completed.

If the user ID (uid) in the remote execution request is assigned to a user on the server, rexd executes the command as that user. If no user on the server is assigned to the uid, rexd does not execute the command. The -r option and inetd.sec security file allow for better access control (see inetd.sec(4)).

For noninteractive commands, standard output and error file descriptors are connected to sockets. Interactive commands use pseudo terminals for standard input, output, and error (see pty(7)).

If the file system specified in the remote execution request is not already mounted on the server, rexd uses NFS to mount the file system for the duration of the command execution (see nfs(7)). rexd mounts file systems with the nosuid and soft options. For more details on mount options see mount(1M). If the server cannot mount the file system, an error message is returned to the client. By default, any mount points required by rexd are created below /var/spool/rexd. To change the default location, use the -m option.

Options

rexd recognizes the following options and command-line arguments:

-l log_file

Log any diagnostic, warning, and error messages to log_file. If log_file exists, rexd appends messages to the file. If log_file does not exist, rexd creates it. Messages are not logged if the -l option is not specified.

Information logged to the file includes date and time of the error, host name, process ID and name of the function generating the error, and the error message. Note that different RPC services can share a single log file because enough information is included to uniquely identify each error.

-m mountdir

Create temporary mount points below directory mountdir. By default, rexd creates temporary mount points below /var/spool/rexd. The directory mountdir should have read and execute permission for all users (mode 555). Otherwise, rexd denies execution for users that do not have read and execute permission.

-r

Use increased security checking. When started with the -r option, rexd denies execution access to a client unless one of the following conditions is met:

  • The name of the client host is in /etc/hosts.equiv file on the server.

  • The user on the server that is associated with the uid sent by the client has an entry in $HOME/.rhosts specifying the client name on a line or the client name followed by at least one blank and the user's name.

    For example, assume a user whose login name is mjk is assigned to uid 7 on NODE1 and executes the following on command:

    on NODE2 pwd

    User mjk on NODE2 must have one of the following entries in $HOME/.rhosts:

    NODE1 NODE1 mjk

DIAGNOSTICS

The following is a subset of the messages that could appear in the log file if the -l option is used. Some of these messages are also returned to the client.

rexd: could not umount: dir

rexd was unable to umount() the user's current working file system. See WARNINGS for more details.

rexd: mountdir (mountdir) is not a directory

The path name mountdir, under which temporary mount points are created, is not a directory or does not exist.

rexd: command: Command not found

rexd could not find command.

rexd: command: Permission denied

rexd was denied permission to execute command.

rexd: command: Text file busy

The executable file is currently open for writing.

rexd: command: Can't execute

rexd was unable to execute command.

rexd: root execution not allowed

rexd does not allow execution as user root.

rexd: User id uid not valid

The uid uid is not assigned to a user on the server.

rexd: User id uid denied access

rexd was started with the -r option and the remote execution request did not meet either of the conditions required by the -r option.

rexd: host is not running a mount daemon

The host host on which the user's current working directory is located is not running mountd. Therefore, rexd is unable to mount the required file system (see mountd(1M)).

rexd: not in export list for file_system

The host on which the client's current working directory is located does not have the server on the export list for file system file_system containing the client's current working directory. Therefore, rexd is unable to mount the required file system.

WARNINGS

The client's environment is simulated by rexd, but not completely recreated. The simulation of the client's environment consists of mounting the file system containing the client's current working directory (if it is not already mounted) and setting the user's environment variables on the server to be the same as the user's environment variables on the client. Therefore a command run by rexd does not always have the same effect as a command run locally on the client.

The rex protocol only identifies the client user by sending the uid of the client process and the host name of the client. Therefore, it is very difficult for rexd to perform user authentication. If a user on the server is assigned to the uid sent by the client, rexd executes the requested command as that user. If no user on the client is assigned to the uid sent by the client, rexd returns an error.

The -r option has been added to provide increased user authentication. However, the authentication provided is not foolproof, and is limited by the information passed by the rex protocol.

In order to simulate the client's environment, rexd mounts the file system containing the client's current working directory (if it is not already mounted). This mount is intended to be temporary for the duration of the command.

If rexd mounts a file system, it attempts to umount() the file system after the command has completed executing. However, if rexd receives a SIGKILL signal (see signal(2)), the file system is not unmounted. The file system remains mounted until the superuser executes the appropriate umount command or the server is rebooted.

rexd's attempt to umount the file system can also fail if the file system is busy. The file system is busy if it contains an open file or a user's current working directory. The file system remains mounted until the superuser executes the appropriate umount command or the server is rebooted.

For more information on rexd security issues, see Using and Administering NFS Services. Security issues and their consequences should be considered before configuring rexd to run on a system.

FILES

/dev/pty[pqr]*

master pseudo terminals

/dev/tty[pqr]*

slave pseudo terminals

/dev/ptym/pty[pqr]*

master pseudo terminals

/dev/pty/tty[pqr]*

slave pseudo terminals

/etc/inetd.conf

configuration file for inetd(1M)

/etc/hosts.equiv

list of equivalent hosts

$HOME/.rhosts

user's private equivalence list

/var/spool/rexd/rexdxxxxx

temporary mount points for remote file systems where xxxxx is a string of alpha numeric characters.

AUTHOR

rexd was developed by Sun Microsystems, Inc.

SEE ALSO

on(1), inetd(1M), mount(1M), dfstab(4), inetd.conf(4), inetd.sec(4).

Using and Administering NFS Services



restore
  		 


rexecd  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.