unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (HP-UX-11.11)
Page:
Section:
Apropos / Subsearch:
optional field



 rexd(1M)							    rexd(1M)




 NAME
      rexd - RPC-based remote execution server

 SYNOPSIS
      /usr/sbin/rpc.rexd [-l log_file] [-m mountdir] [-r]

 DESCRIPTION
      rexd is the RPC server for remote command execution.  A rexd is
      started by inetd when a remote execution request is received (see
      inetd(1M)).  rexd exits when command execution has completed.

      If the user ID (uid) in the remote execution request is assigned to a
      user on the server, rexd executes the command as that user.  If no
      user on the server is assigned to the uid, rexd does not execute the
      command.	The -r option and inetd.sec security file allow for better
      access control (see inetd.sec(4)).

      For noninteractive commands, standard output and error file
      descriptors are connected to sockets.  Interactive commands use pseudo
      terminals for standard input, output, and error (see pty(7)).

      If the file system specified in the remote execution request is not
      already mounted on the server, rexd uses NFS to mount the file system
      for the duration of the command execution (see nfs(7)).  rexd mounts
      file systems with the nosuid and soft options.  For more details on
      mount options see mount(1M).  If the server cannot mount the file
      system, an error message is returned to the client.  By default, any
      mount points required by rexd are created below /var/spool/rexd.	To
      change the default location, use the -m option.

    Options
      rexd recognizes the following options and command-line arguments:

	   -l log_file	       Log any diagnostic, warning, and error
			       messages to log_file.  If log_file exists,
			       rexd appends messages to the file.  If
			       log_file does not exist, rexd creates it.
			       Messages are not logged if the -l option is
			       not specified.

			       Information logged to the file includes date
			       and time of the error, host name, process ID
			       and name of the function generating the
			       error, and the error message.  Note that
			       different RPC services can share a single log
			       file because enough information is included
			       to uniquely identify each error.

	   -m mountdir	       Create temporary mount points below directory
			       mountdir.  By default, rexd creates temporary
			       mount points below /var/spool/rexd.  The



 Hewlett-Packard Company	    - 1 -   HP-UX Release 11i: November 2000






 rexd(1M)							    rexd(1M)




			       directory mountdir should have read and
			       execute permission for all users (mode 555).
			       Otherwise, rexd denies execution for users
			       that do not have read and execute permission.

	   -r		       Use increased security checking.	 When
			       started with the -r option, rexd denies
			       execution access to a client unless one of
			       the following conditions is met:

				    +  The name of the client host is in
				       /etc/hosts.equiv file on the server.

				    +  The user on the server that is
				       associated with the uid sent by the
				       client has an entry in $HOME/.rhosts
				       specifying the client name on a line
				       or the client name followed by at
				       least one blank and the user's name.

				       For example, assume a user whose
				       login name is mjk is assigned to uid
				       7 on NODE1 and executes the following
				       on command:

					    on NODE2 pwd

				       User mjk on NODE2 must have one of
				       the following entries in
				       $HOME/.rhosts:

					    NODE1
					    NODE1 mjk

 DIAGNOSTICS
      The following is a subset of the messages that could appear in the log
      file if the -l option is used.  Some of these messages are also
      returned to the client.

	   rexd: could not umount: dir
		       rexd was unable to umount() the user's current
		       working file system.  See WARNINGS for more details.

	   rexd: mountdir (mountdir) is not a directory
		       The path name mountdir, under which temporary mount
		       points are created, is not a directory or does not
		       exist.

	   rexd: command: Command not found
		       rexd could not find command.




 Hewlett-Packard Company	    - 2 -   HP-UX Release 11i: November 2000






 rexd(1M)							    rexd(1M)




	   rexd: command: Permission denied
		       rexd was denied permission to execute command.

	   rexd: command: Text file busy
		       The executable file is currently open for writing.

	   rexd: command: Can't execute
		       rexd was unable to execute command.

	   rexd: root execution not allowed
		       rexd does not allow execution as user root.

	   rexd: User id uid not valid
		       The uid uid is not assigned to a user on the server.

	   rexd: User id uid denied access
		       rexd was started with the -r option and the remote
		       execution request did not meet either of the
		       conditions required by the -r option.

	   rexd: host is not running a mount daemon
		       The host host on which the user's current working
		       directory is located is not running mountd.
		       Therefore, rexd is unable to mount the required file
		       system (see mountd(1M)).

	   rexd: not in export list for file_system
		       The host on which the client's current working
		       directory is located does not have the server on the
		       export list for file system file_system containing
		       the client's current working directory.	Therefore,
		       rexd is unable to mount the required file system.

 WARNINGS
      The client's environment is simulated by rexd, but not completely
      recreated.  The simulation of the client's environment consists of
      mounting the file system containing the client's current working
      directory (if it is not already mounted) and setting the user's
      environment variables on the server to be the same as the user's
      environment variables on the client.  Therefore a command run by rexd
      does not always have the same effect as a command run locally on the
      client.

      The rex protocol only identifies the client user by sending the uid of
      the client process and the host name of the client.  Therefore, it is
      very difficult for rexd to perform user authentication.  If a user on
      the server is assigned to the uid sent by the client, rexd executes
      the requested command as that user.  If no user on the client is
      assigned to the uid sent by the client, rexd returns an error.





 Hewlett-Packard Company	    - 3 -   HP-UX Release 11i: November 2000






 rexd(1M)							    rexd(1M)




      The -r option has been added to provide increased user authentication.
      However, the authentication provided is not foolproof, and is limited
      by the information passed by the rex protocol.

      In order to simulate the client's environment, rexd mounts the file
      system containing the client's current working directory (if it is not
      already mounted).	 This mount is intended to be temporary for the
      duration of the command.

      If rexd mounts a file system, it attempts to umount() the file system
      after the command has completed executing.  However, if rexd receives
      a SIGKILL signal (see signal(2)), the file system is not unmounted.
      The file system remains mounted until the superuser executes the
      appropriate umount command or the server is rebooted.

      rexd's attempt to umount the file system can also fail if the file
      system is busy.  The file system is busy if it contains an open file
      or a user's current working directory.  The file system remains
      mounted until the superuser executes the appropriate umount command or
      the server is rebooted.

      For more information on rexd security issues, see Using and
      Administering NFS Services.  Security issues and their consequences
      should be considered before configuring rexd to run on a system.

 FILES
      /dev/pty[pqr]*			      Master pseudo terminals.
      /dev/tty[pqr]*			      Slave pseudo terminals.
      /dev/ptym/pty[pqr]*		      Master pseudo terminals.
      /dev/pty/tty[pqr]*		      Slave pseudo terminals.
      /etc/inetd.conf			      Configuration file for
					      inetd(1M).
      /etc/hosts.equiv			      List of equivalent hosts.
      $HOME/.rhosts			      User's private equivalence
					      list.
      /var/spool/rexd/rexdxxxxx		      Temporary mount points for
					      remote file systems where
					      xxxxx is a string of alpha
					      numeric characters.

 AUTHOR
      rexd was developed by Sun Microsystems, Inc.

 SEE ALSO
      on(1), inetd(1M), mount(1M), exports(4), inetd.conf(4), inetd.sec(4).

      Using and Administering NFS Services







 Hewlett-Packard Company	    - 4 -   HP-UX Release 11i: November 2000