Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
REXECD(8)		  BSD System Manager's Manual		     REXECD(8)

     rexecd -- remote execution	server

     rexecd [-i]

     Rexecd is the server for the rexec(3) routine.  The server	provides re-
     mote execution facilities with authentication based on user names and

     Rexecd listens for	service	requests at the	port indicated in the ``exec''
     service specification; see	services(5).  When a service request is	re-
     ceived the	following protocol is initiated:

     1.	  The server reads characters from the socket up to a NUL (`\0') byte.
	  The resultant	string is interpreted as an ASCII number, base 10.

     2.	  If the number	received in step 1 is non-zero,	it is interpreted as
	  the port number of a secondary stream	to be used for the stderr.  A
	  second connection is then created to the specified port on the
	  client's machine.

     3.	  A NUL	terminated user	name of	at most	16 characters is retrieved on
	  the initial socket.

     4.	  A NUL	terminated, unencrypted	password of at most 16 characters is
	  retrieved on the initial socket.

     5.	  A NUL	terminated command to be passed	to a shell is retrieved	on the
	  initial socket.  The length of the command is	limited	by the upper
	  bound	on the size of the system's argument list.

     6.	  Rexecd then validates	the user as is done at login time and, if the
	  authentication was successful, changes to the	user's home directory,
	  and establishes the user and group protections of the	user.  If any
	  of these steps fail the connection is	aborted	with a diagnostic mes-
	  sage returned.

     7.	  A NUL	byte is	returned on the	initial	socket and the command line is
	  passed to the	normal login shell of the user.	 The shell inherits
	  the network connections established by rexecd.

     Rexecd will not allow root	logins unless the -i option is given on	the
     command line (typically in	/etc/inetd.conf).  It will also	disallow ac-
     cess for users listed in /etc/ftpusers, or	users with no passwords, which
     were all serious security holes.  The entire concept of rexec/rexecd is a
     major security hole and an	example	of how not to do things.  Rexecd is
     disabled by default in /etc/inetd.conf.

     Except for	the last one listed below, all diagnostic messages are re-
     turned on the initial socket, after which any network connections are
     closed.  An error is indicated by a leading byte with a value of 1	(0 is
     returned in step 7	above upon successful completion of all	the steps
     prior to the command execution).

     username too long
	     The name is longer	than 16	characters.

     password too long
	     The password is longer than 16 characters.

     command too long
	     The command line passed exceeds the size of the argument list (as
	     configured	into the system).

     Login incorrect.
	     No	password file entry for	the user name existed.

     Password incorrect.
	     The wrong password	was supplied.

     No	remote directory.
	     The chdir command to the home directory failed.

     Try again.
	     A fork(2) by the server failed.

     <shellname>: ...
	     The user's	login shell could not be started.  This	message	is re-
	     turned on the connection associated with the stderr, and is not
	     preceded by a flag	byte.


     A facility	to allow all data and password exchanges to be encrypted
     should be present.

     The rexecd	command	appeared in 4.2BSD.

BSD			      September	23, 1994			   BSD


Want to link to this manual page? Use this URL:

home | help