Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
HP-UX Reference > R


HP-UX 11i Version 3: February 2007

Technical documentation

» Feedback
Content starts here

 » Table of Contents

 » Index


rexecd — remote execution server


/usr/lbin/rexecd [-n] [-m] [-s] [-S]


rexecd is the server for the rexec() routine, and the rexec_af() routine in case of IPv6 systems; it expects to be started by the internet daemon (see inetd(1M)). rexecd provides remote execution facilities with authentication based on user account names and unencrypted passwords.

inetd calls rexecd when a service request is received at the port indicated for the ``exec'' service specification in /etc/services; see services(4). To run rexecd, the following line should be present in /etc/inetd.conf:

exec stream tcp nowait root /usr/lbin/rexecd rexecd

The above configuration line will start rexecd in IPv4 mode. To run rexecd in IPv6 mode, the following line must be present in the /etc/inetd.conf file:

exec stream tcp6 nowait root /usr/lbin/rexecd rexecd

That is, for IPv6 applications, the protocol tcp has to be changed to tcp6. See inetd.conf(4) for more information.


rexecd recognizes the following options.


With this option enabled, rexecd returns immediately after its child process gets killed; it does not wait for all its sub child processes to die. This in turn makes rexec not wait even when the sub child processes are running remotely. As a result, rexec will not appear hung. It is recommended that users do not use the -m option if they want rexecd to wait until the completion of all the sub child processes. Otherwise, the user may get an unexpected result.

This option is applicable only to rexec with a secondary socket connection.

Note that even with the -m option enabled rexecd will exit if command standard error is closed.


Disable transport-level keep-alive messages. By default, the messages are enabled. The keep-alive messages allow sessions to time out if the client crashes or becomes unreachable.


This option is used in multi-homed NIS systems. It disables rexecd from doing a reverse lookup of the client's IP address; see gethostbyname(3N) for more information. It can be used to circumvent an NIS limitation with multi-homed hosts.


Disallow logging in as a superuser.

When a service request is received, the following protocol is initiated:


The server reads characters from the socket up to a null (\0) byte. The resultant string is interpreted as an ASCII number, base 10.


If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary stream to be used for the stderr. A second connection is then created to the specified port on the client's host. If the first character sent is a null (\0), no secondary connection is made and the stderr of the command is sent to the primary stream. If the secondary connection has been made, rexecd interprets bytes it receives on that socket as signal numbers and passes them to the command as signals (see signal(2)).


A null-terminated user name of not more than 256 characters is retrieved on the initial socket.


A null-terminated, unencrypted password of not more than 16 characters is retrieved on the initial socket.


A null-terminated command to be passed to a shell is retrieved on the initial socket. The length of the command is limited by the upper bound on the size of the system's argument list.


rexecd then validates the user, as is done by login using PAM modules for authentication. See login(1) for more information. If the authentication succeeds, rexecd changes to the user's home directory and establishes the user and group protections of the user. If any of these steps fail, rexecd returns a diagnostic message through the connection, then closes the connection.

NOTE: The use_psd option cannot be specified in the /etc/pam.conf file for rexecd.


A null byte is returned on the connection associated with stderr and the command line is passed to the normal login shell of the user with that shell's -c option. The shell inherits the network connections established by rexecd.

rexecd uses the following path when executing the specified command:


Transport-level keepalive messages are enabled unless the -n option is present. The use of keepalive messages allows sessions to be timed out if the client crashes or becomes unreachable.


For detailed information on all the configuration parameters that affect rexecd, see security(4). rexecd supports the following configuration parameters in the /etc/default/security file:




All diagnostic messages are returned on the connection associated with the stderr, after which any network connections are closed. An error is indicated by a leading byte with a value of 1 (0 is returned in step 7 above upon successful completion of all the steps prior to the command execution).

Username too long

The user name is longer than 256 characters.

Password too long

The password is longer than 16 characters.

Command too long

The command line passed exceeds the size of the argument list (as configured into the system).

Login incorrect

No password file entry for the user name existed or the wrong password was supplied.

No remote directory

The chdir command to the home directory failed.

No more processes

The server was unable to fork a process to handle the incoming connection.

Next step: Wait a period of time and try again. If the message persists, then the server's host may have a runaway process that is using all the entries in the process table.

shellname: ...

The user's login shell could not be started via exec() for the given reason.


The password is sent unencrypted through the socket connection.


rexecd was developed by the University of California, Berkeley.

Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 1983-2007 Hewlett-Packard Development Company, L.P.