NAME
rexecd — remote execution server
SYNOPSIS
/usr/lbin/rexecd
[-n]
[-m]
[-s]
[-S]
DESCRIPTION
rexecd
is the server for the
rexec()
routine, and the
rexec_af()
routine in case of IPv6 systems; it expects to be started by the
internet daemon (see
inetd(1M)).
rexecd
provides remote execution facilities with authentication
based on user account names and unencrypted passwords.
inetd
calls
rexecd
when a service request is received at the port indicated
for the ``exec'' service specification in
/etc/services;
see
services(4).
To run
rexecd,
the following line should be present in
/etc/inetd.conf:
exec stream tcp nowait root /usr/lbin/rexecd rexecd
The above configuration line will start
rexecd
in
IPv4
mode.
To run
rexecd
in
IPv6
mode, the following line must be present in the
/etc/inetd.conf
file:
exec stream tcp6 nowait root /usr/lbin/rexecd rexecd
That is, for IPv6 applications, the protocol
tcp
has to be changed to
tcp6.
See
inetd.conf(4)
for more information.
Options
rexecd
recognizes the following options.
- -m
With this option enabled,
rexecd
returns immediately after its child process gets killed;
it does not wait for all its sub child processes to die.
This in turn makes
rexec
not wait even when the sub child processes are
running remotely. As a result,
rexec
will not appear hung. It is recommended that users do
not use the
-m
option if they want
rexecd
to wait until the completion of all the sub child processes.
Otherwise, the user may get an unexpected result.
This option
is applicable only to
rexec
with a secondary socket connection.
Note that even with the
-m
option enabled
rexecd
will exit
if
command standard error
is closed.
- -n
Disable transport-level keep-alive messages. By
default, the messages are enabled.
The keep-alive messages allow sessions to time out
if the client crashes or becomes unreachable.
- -s
This option is used in multi-homed NIS systems. It disables
rexecd
from doing a reverse lookup
of the client's IP address; see
gethostbyname(3N)
for more information. It can be used to circumvent an NIS limitation with
multi-homed hosts.
- -S
Disallow logging in as a superuser.
When a service request is received, the following protocol
is initiated:
- 1.
The server reads characters from the socket up to a null
(\0)
byte.
The resultant string is interpreted as an
ASCII
number, base 10.
- 2.
If the number received in step 1 is non-zero,
it is interpreted as the port number of a secondary stream
to be used for the
stderr.
A second connection is then created to the specified port
on the client's host.
If the first character sent is a null
(\0),
no secondary connection is made and the
stderr
of the command is sent to the primary stream.
If the secondary connection has been made,
rexecd
interprets bytes it receives on that socket as signal numbers
and passes them to the command as signals (see
signal(2)).
- 3.
A null-terminated user name of not more than 256 characters
is retrieved on the initial socket.
- 4.
A null-terminated, unencrypted password of not more than 16 characters
is retrieved on the initial socket.
- 5.
A null-terminated command to be passed to a shell
is retrieved on the initial socket.
The length of the command is limited by the upper bound on the size of
the system's argument list.
- 6.
rexecd
then validates the user, as is done by
login
using PAM modules for authentication.
See
login(1)
for more information. If the authentication succeeds,
rexecd
changes to the user's home directory
and establishes the user and group protections of the user.
If any of these steps fail,
rexecd
returns a diagnostic message through the connection,
then closes the connection.
NOTE:
The
use_psd
option cannot be specified in the
/etc/pam.conf
file for
rexecd.
- 7.
A null byte is returned on the connection associated with
stderr
and the command line is passed to the normal login shell
of the user with that shell's
-c
option.
The shell inherits the network connections established by
rexecd.
rexecd
uses the following path when executing the specified command:
/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/contrib/bin:/usr/local/bin
Transport-level keepalive messages are enabled unless the
-n
option is present.
The use of keepalive messages allows sessions to be timed out
if the client crashes or becomes unreachable.
SECURITY FEATURES
For detailed information on all the configuration parameters that
affect
rexecd,
see
security(4).
rexecd
supports the
following configuration parameters in the
/etc/default/security
file:
DIAGNOSTICS
All diagnostic messages are returned on the connection
associated with the
stderr,
after which any network connections are closed.
An error is indicated by a leading byte with a value of
1 (0 is returned in step 7 above upon successful completion
of all the steps prior to the command execution).
- Username too long
The user name is longer than 256 characters.
- Password too long
The password is longer than 16 characters.
- Command too long
The command line passed exceeds the size of the argument list
(as configured into the system).
- Login incorrect
No password file entry for the user name existed
or the wrong password was supplied.
- No remote directory
The
chdir
command to the home directory failed.
- No more processes
The server was unable to fork a process to handle the incoming connection.
Next step:
Wait a period of time and try again. If the message persists, then
the server's host may have a runaway process that is using all the
entries in the process table.
- shellname: ...
The user's login shell could not be started via
exec()
for the given reason.
WARNINGS
The password is sent unencrypted through the socket connection.
AUTHOR
rexecd
was developed by the University of California, Berkeley.
SEE ALSO
login(1),
remsh(1),
inetd(1M),
signal(2),
gethostbyname(3N),
rexec(3N),
rexec_af(3N),
inetd.conf(4),
inetd.sec(4),
security(4),
services(4).
Printable version
