SYNOPSIS
rexecd
[
DESCRIPTION
rexecd provides remote execution facilities with authentication based on user names and passwords. Like any other 8.1/2012R2/10/2016/2019/11/2022 service, you can use the service utility to start and stop rexecd.
rexecd listens for service requests at port 512. When a service request is received, the following protocol is initiated:
-
The service reads characters from the socket up to a NUL byte. The resultant string is interpreted as an ASCII number, base 10.
-
If the number received in step 1 is non-zero, it is interpreted as the port number of a secondary stream to be used for stderr. A second connection is then created to the specified port on the client's machine.
-
A NUL terminated user name of at most 256 characters is retrieved on the initial socket.
-
A NUL terminated, unencrypted password of at most 256 characters is retrieved on the initial socket.
-
A NUL terminated command to be passed to a shell is retrieved on the initial socket. The length of the command is limited to 8192 bytes.
-
rexecd then validates the user as is done at login time. If this fails, the connection is aborted and a diagnostic message is returned.
-
A NUL byte is returned on the initial socket.
-
rexecd loads the user's profile and runs the command specified in the user's home directory. rexecd first checks to see if the SHELL environment variable is set and if so, that shell is used to run the command. If SHELL is not set, rexecd checks the shell, COMSPEC, and ComSpec environment variables (in that order) to find the shell to be used. If none of these environment variables are defined, the command is run using the cmd.exe command interpreter located in the system directory.
rexecd defaults to allowing multiple concurrent connections. To limit rexecd to allowing only one connection at a time, use rconfig or the rexecd tab of the MKS Toolkit control panel applet.
- Note:
-
This setting is overridden by the MKS Toolkit license. The normal MKS Toolkit license limits you to a single concurrent connection. However, a license for an unlimited number of connections is available for purchase from MKS.
By default, rexecd writes only errors to the event log. To have rexecd also write event log entries stating remote host, local user, and command, use rconfig or the rexecd tab of the MKS Toolkit control panel applet.
Also, by default, rexecd fails when the local user does not exist. You can use rconfig or the rshd tab of the MKS Toolkit control panel applet to have rexecd attempt to connect as a domain user when the local user does not exist.
Options
-install -
installs and starts the rexecd service. To start the service without installing it, use the service command:
service start rexecd
-remove -
stops and removes the rexecd service. To stop the service without removing it, use the service command:
service stop rexecd
-debug -
runs rexecd as a normal program in the current console for debugging purposes.
To use this option, you require the following privileges:
Replace a process level token (SeAssignPrimaryTokenPrivilege) Increase quotas (SeIncreaseQuotaPrivilege) Act as part of the operating system (SeTcbPrivilege)
If you are lacking any of these privileges, rexecd reports which are missing. You can use priv to add these privileges and then log out and back in. For example, the following assigns all three privileges required for using this option:
priv -a SeAssignPrimaryTokenPrivilege priv -a SeIncreaseQuotaPrivilege priv -a SeTcbPrivilege
ENVIRONMENT VARIABLES
- TK_RETRY_ON_WSAENOTSOCK
-
When this environment varible is set, the rsh, rcp, rexec, and rlogin utilities retry up to five times if they get the WSAENOTSOCK error. The WSAENOTSOCK error is reported as:
An operation was attempted on something that is not a socket
FILES
DIAGNOSTICS
Possible exit status values are:
NOTE
There is a very brief period of time when rexecd is establishing a connection with a client that it is unavailable to establish a new connection with another client. Up to a limited number of connection attempts from other clients are buffered until rexecd is free to service one of them. Additional connection attempts beyond that limit fail. An error results from the client indicating that it was unable to find the rexecd service. In real world usage, this limitation is unlikely to be encountered. This limit is operating system dependent.
The rexecd service runs programs in the home directory of the user that the client connects as. The home directory is the value of the HOME environment variable for that user. By default, this variable is set to %HOMEDRIVE%%HOMEPATH%. However, the HOMEDRIVE and HOMEPATH environment variables are only available to interactive applications and, thus, not available to services. If the value of HOME for the user that the client is connecting as is set to the default or is defined using the HOMEDRIVE or HOMEPATH environment variables, rexecd cannot use HOME to identify the user's home directory. In such a case, rexecd uses a reasonable default as the home directory. For this reason, it is recommended that the HOME environment variable be explicitly set (without using HOMEDRIVE or HOMEPATH) for each user that rexecd can be run as. For instructions on setting and viewing environment variables, see your Operating System's online help.
ACKNOWLEDGEMENT
This product includes software developed by the University of California, Berkeley and its contributors.
PORTABILITY
All UNIX systems. Windows 8.1. Windows Server 2012 R2. Windows 10. Windows Server 2016. Windows Server 2019. Windows 11. Windows Server 2022.
AVAILABILITY
PTC MKS Toolkit for System Administrators
PTC MKS Toolkit for Developers
PTC MKS Toolkit for Interoperability
PTC MKS Toolkit for Professional Developers
PTC MKS Toolkit for Professional Developers 64-Bit Edition
PTC MKS Toolkit for Enterprise Developers
PTC MKS Toolkit for Enterprise Developers 64-Bit Edition
SEE ALSO
MKS Toolkit Connectivity Solutions Guide
PTC MKS Toolkit 10.4 Documentation Build 39.