Sweep-fix man page section order to match mdoc(7), part 1/5.
[dragonfly.git] / libexec / rexecd / rexecd.8
CommitLineData
984263bc
MD
1.\" Copyright (c) 1983, 1991, 1993
2.\" The Regents of the University of California. All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\" notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\" notice, this list of conditions and the following disclaimer in the
11.\" documentation and/or other materials provided with the distribution.
12.\" 3. All advertising materials mentioning features or use of this software
13.\" must display the following acknowledgement:
14.\" This product includes software developed by the University of
15.\" California, Berkeley and its contributors.
16.\" 4. Neither the name of the University nor the names of its contributors
17.\" may be used to endorse or promote products derived from this software
18.\" without specific prior written permission.
19.\"
20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30.\" SUCH DAMAGE.
31.\"
32.\" @(#)rexecd.8 8.2 (Berkeley) 12/11/93
33.\" $FreeBSD: src/libexec/rexecd/rexecd.8,v 1.9.2.4 2001/08/16 10:44:16 ru Exp $
d600454b 34.\" $DragonFly: src/libexec/rexecd/rexecd.8,v 1.3 2006/02/17 19:33:31 swildner Exp $
984263bc
MD
35.\"
36.Dd September 23, 1994
37.Dt REXECD 8
38.Os
39.Sh NAME
40.Nm rexecd
41.Nd remote execution server
42.Sh SYNOPSIS
43.Nm
44.Op Fl i
45.Sh DESCRIPTION
46.Nm Rexecd
47is the server for the
48.Xr rexec 3
49routine. The server provides remote execution facilities
50with authentication based on user names and
51passwords.
52.Pp
53.Nm Rexecd
54listens for service requests at the port indicated in
55the ``exec'' service specification; see
56.Xr services 5 .
57When a service request is received the following protocol
58is initiated:
59.Bl -enum
60.It
61The server reads characters from the socket up
62to a NUL
63.Pq Ql \e0
64byte. The resultant string is
65interpreted as an
66.Tn ASCII
67number, base 10.
68.It
69If the number received in step 1 is non-zero,
70it is interpreted as the port number of a secondary
71stream to be used for the
72.Em stderr .
73A second connection is then created to the specified
74port on the client's machine.
75.It
76A NUL terminated user name of at most 16 characters
77is retrieved on the initial socket.
78.It
79A NUL terminated, unencrypted password of at most
8016 characters is retrieved on the initial socket.
81.It
82A NUL terminated command to be passed to a
83shell is retrieved on the initial socket. The length of
84the command is limited by the upper bound on the size of
85the system's argument list.
86.It
87.Nm Rexecd
88then validates the user as is done at login time
89and, if the authentication was successful, changes
90to the user's home directory, and establishes the user
91and group protections of the user.
92If any of these steps fail the connection is
93aborted with a diagnostic message returned.
94.It
95A NUL byte is returned on the initial socket
96and the command line is passed to the normal login
97shell of the user. The
98shell inherits the network connections established
99by
100.Nm .
101.El
102.Sh CAVEATS
103.Nm Rexecd
104will not allow root logins unless the
105.Fl i
106option is given on the command line (typically in
107.Pa /etc/inetd.conf ) .
108It will also disallow access for users listed in
109.Pa /etc/ftpusers ,
110or users with no passwords, which were all serious security holes.
111The entire concept of rexec/rexecd is a major security hole and an example
112of how not to do things.
113.Nm Rexecd
114is disabled by default in
115.Pa /etc/inetd.conf .
116.Sh DIAGNOSTICS
117Except for the last one listed below,
118all diagnostic messages are returned on the initial socket,
119after which any network connections are closed.
120An error is indicated by a leading byte with a value of
1211 (0 is returned in step 7 above upon successful completion
122of all the steps prior to the command execution).
123.Pp
124.Bl -tag -width Ds
125.It Sy username too long
126The name is
127longer than 16 characters.
128.It Sy password too long
129The password is longer than 16 characters.
130.It Sy command too long
131The command line passed exceeds the size of the argument
132list (as configured into the system).
133.It Sy Login incorrect.
134No password file entry for the user name existed.
135.It Sy Password incorrect.
136The wrong password was supplied.
137.It Sy \&No remote directory.
138The
139.Xr chdir
140command to the home directory failed.
141.It Sy Try again.
142A
143.Xr fork 2
144by the server failed.
145.It Sy <shellname>: ...
146The user's login shell could not be started.
147This message is returned
148on the connection associated with the
149.Em stderr ,
150and is not preceded by a flag byte.
151.El
152.Sh SEE ALSO
153.Xr rexec 3
984263bc
MD
154.Sh HISTORY
155The
156.Nm
157command appeared in
158.Bx 4.2 .
d600454b
SW
159.Sh BUGS
160A facility to allow all data and password exchanges to be encrypted should be
161present.