Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

on(1)

inetd(1M)

mount(1M)

exports(4)

inetd.conf(4)

inetd.sec(4)

rexd(1M)

Requires Optional NFS Services Software

NAME

rexd − RPC-based remote execution server

SYNOPSIS

/usr/etc/rpc.rexd [−l log_file] [−m mountdir] [−r]

DESCRIPTION

rexd is the RPC server for remote command execution.  A rexd is started by inetd(4) when a remote execution request is received. The rexd exits when command execution has completed. 

If the user id (uid) in the remote execution request is assigned to a user on the server, rexd executes the command as that user.  If no user on the server is assigned to the uid, rexd does not execute the command.  The −r option and inetd.sec(4) allow for better access control.

For noninteractive commands, standard output and error file descriptors are connected to sockets.  Interactive commands use pseudo terminals (see pty(7)) for standard input, output and error.

If the file system specified in the remote execution request is not already mounted on the server, rexd uses nfs(7) to mount the file system for the duration of the command execution. rexd mounts file systems with the nosuid and soft options.  For more details on mount options see mount(1M). If the server cannot mount the file system, an error message is returned to the client. By default, any mount points required by rexd are created below /usr/spool/rexd.  To change the default location, use the −m option. 

To configure rexd, the following entry must be present in inetd.conf(4):

rpc stream tcp nowait root /usr/etc/rpc.rexd 100017 1 rpc.rexd options

Options

−l log_file Log any diagnostic, warning and error messages to the named log file, log_file. If log_file exists, rexd appends messages to the file.  If log_file does not exist, rexd creates it.  Messages are not logged if the −l option is not specified. 

Information logged to the file includes date and time of the error, host name, process id and name of the function generating the error, and the error message.  Note that different RPC services can share a single log file because enough information is included to uniquely identify each error. 

−m mountdir Create temporary mount points below directory mountdir. By default, rexd creates temporary mount points below /usr/spool/rexd.  The directory mountdir should have read and execute permission for all users (mode 555). Otherwise, rexd will deny execution for users that do not have read and execute permission. 

−r Use increased security checking.  When started with the −r option, rexd denies execution access to a client unless one of the following conditions is met:

• The name of the client host is in /etc/hosts.equiv file on the server. 

• The user on the server, associated with the uid sent by the client, has an entry in $HOME/.rhosts specifing the client name on a line or the client name followed by at least one blank and the user’s name. 

For example, if a user whose login name is mjk is assigned to uid 7 on NODE1 and executes the following on(1) command:

on NODE2 pwd

then user mjk on NODE2 must have one of the following entries in $HOME/.rhosts:

NODE1
NODE1 mjk

DIAGNOSTICS

The following is a subset of the messages that may appear in the log file if the −l option in used.  Some of these messages are also returned to the client. 

rexd: could not umount: <dir>
rexd was unable to umount(2) the user’s current working file system. See WARNINGS for more details. 

rexd: mountdir (<mountdir>) is not a directory
The path name <mountdir>, under which temporary mount points are created, is not a directory or does not exist.

rexd: <command>: Command not found
rexd could not find <command>. 

rexd: <command>: Permission denied
Rexd was denied permission to execute <command>.

rexd: <command>: Text file busy
The executable file is currently open for writing.

rexd: <command>: Can’t execute
rexd was unable to execute <command>.

rexd: root execution not allowed
Root execution is not allowed by rexd.

rexd: User id <uid> not valid
The uid <uid> is not assigned to a user on the server.

rexd: User id <uid> denied access
rexd was started with the −r option and the remote execution request did not meet either of the conditions required by the −r option. 

rexd: <host> is not running a mount daemon
The host <host> on which the user’s current working directory is located is not running mountd(1M). Therefore, rexd is unable to mount the required file system. 

rexd: not in export list for <filesystem>
The host on which the client’s current working directory is located does not have the server on the export list for the file system <file_system> containing the client’s current working directory. Therefore, rexd is unable to mount the required file system. 

WARNINGS

The client’s environment is simulated by rexd, it is not completely recreated. The simulation of the client’s environment consists of mounting the file system containing the client’s current working directory (if it is not already mounted) and setting the user’s environment variables on the server to be the same as the user’s environment variables on the client. Therefore a command run by rexd will not always have the same effect as a command run locally on the client. 

The rex protocol only identifies the client user by sending the uid of the client process and the host name of the client.  Therefore, it is very difficult for rexd to perform user authentication.  If a user on the server is assigned to the uid sent by the client, rexd executes the requested command as that user.  If no user on the client is assigned to the uid sent by the client, rexd returns an error. 

The −r option has been added to provide increased user authentication.  However, the authentication provided is not foolproof, and is limited by the information passed by the rex protocol. 

In order to simulate the client’s environment, rexd mounts the file system containing the client’s current working directory (if it is not already mounted).  This mount is intended to be temporary for the duration of the command. 

If rexd mounts a file system, it attempts to umount(2) the file system after the command has completed executing. However, if rexd receives a SIGKILL signal (see signal(2)), the file system will not be unmounted. The file system will remain mounted until the super-user executes the appropriate umount(1M) command or the server is rebooted.

rexd’s attempt to umount the file system can also fail if the file system is busy. The file system is busy if it contains an open file or some user’s current working directory. The file system remains mounted until the super-user executes the appropriate umount(1M) command or the server is rebooted.

For more information on rex security issues, see Using and Administering NFS Services. Security issues and their consequences should be considered before configuring rexd to run on a system. 

FILES

/dev/pty[pqr]* master pseudo terminals

/dev/tty[pqr]* slave pseudo terminals

/dev/ptym/pty[pqr]* master pseudo terminals

/dev/pty/tty[pqr]* slave pseudo terminals

/etc/inetd.conf configuration file for inetd(1M)

/etc/hosts.equiv list of equivalent hosts. 

$HOME/.rhosts user’s private equivalence list. 

/usr/spool/rexd/rexdXXXXX temporary mount points for remote file systems, where XXXXX is a string of alpha numeric characters. 

AUTHOR

rexd was developed by Sun Microsystems, Inc. 

SEE ALSO

on(1), inetd(1M), mount(1M), exports(4), inetd.conf(4), inetd.sec(4)

Installing and Administering NFS Services

INTERNATIONAL SUPPORT

8-bit data, 16-bit data, messages

Hewlett-Packard Company  —  HP-UX Release 8.05: June 1991

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026