HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |LIBRARY |SYNOPSIS |DESCRIPTION |RETURN VALUE |ATTRIBUTES |STANDARDS |HISTORY |BUGS |SEE ALSO |COLOPHON | |
rcmd(3) Library Functions Manualrcmd(3)rcmd, rresvport, iruserok, ruserok, rcmd_af, rresvport_af, iruserok_af, ruserok_af - routines for returning a stream to a remote command
Standard C library (libc,-lc)
#include <netdb.h>/* Or <unistd.h> on some systems */int rcmd(char **restrictahost, unsigned shortinport,const char *restrictlocuser,const char *restrictremuser,const char *restrictcmd, int *restrictfd2p);int rresvport(int *port);int iruserok(uint32_traddr, intsuperuser,const char *ruser, const char *luser);int ruserok(const char *rhost, intsuperuser,const char *ruser, const char *luser);int rcmd_af(char **restrictahost, unsigned shortinport,const char *restrictlocuser,const char *restrictremuser,const char *restrictcmd, int *restrictfd2p,sa_family_taf);int rresvport_af(int *port, sa_family_taf);int iruserok_af(const void *restrictraddr, intsuperuser,const char *restrictruser, const char *restrictluser,sa_family_taf);int ruserok_af(const char *rhost, intsuperuser,const char *ruser, const char *luser,sa_family_taf); Feature Test Macro Requirements for glibc (seefeature_test_macros(7)):rcmd(),rcmd_af(),rresvport(),rresvport_af(),iruserok(),iruserok_af(),ruserok(),ruserok_af(): Since glibc 2.19: _DEFAULT_SOURCE glibc 2.19 and earlier: _BSD_SOURCE
Thercmd() function is used by the superuser to execute a command on a remote machine using an authentication scheme based on privileged port numbers. Therresvport() function returns a file descriptor to a socket with an address in the privileged port space. Theiruserok() andruserok() functions are used by servers to authenticate clients requesting service withrcmd(). All four functions are used by thershd(8) server (among others).rcmd() Thercmd() function looks up the host*ahost usinggethostbyname(3), returning -1 if the host does not exist. Otherwise,*ahost is set to the standard name of the host and a connection is established to a server residing at the well-known Internet portinport. If the connection succeeds, a socket in the Internet domain of typeSOCK_STREAMis returned to the caller, and given to the remote command asstdin andstdout. Iffd2p is nonzero, then an auxiliary channel to a control process will be set up, and a file descriptor for it will be placed in*fd2p. The control process will return diagnostic output from the command (unit 2) on this channel, and will also accept bytes on this channel as being UNIX signal numbers, to be forwarded to the process group of the command. Iffd2p is 0, then thestderr (unit 2 of the remote command) will be made the same as thestdout and no provision is made for sending arbitrary signals to the remote process, although you may be able to get its attention by using out-of-band data. The protocol is described in detail inrshd(8).rresvport() Therresvport() function is used to obtain a socket with a privileged port bound to it. This socket is suitable for use byrcmd() and several other functions. Privileged ports are those in the range 0 to 1023. Only a privileged process (on Linux, a process that has theCAP_NET_BIND_SERVICEcapability in the user namespace governing its network namespace) is allowed to bind to a privileged port. In the glibc implementation, this function restricts its search to the ports from 512 to 1023. Theport argument is value-result: the value it supplies to the call is used as the starting point for a circular search of the port range; on (successful) return, it contains the port number that was bound to.iruserok() and ruserok() Theiruserok() andruserok() functions take a remote host's IP address or name, respectively, two usernames and a flag indicating whether the local user's name is that of the superuser. Then, if the user isnot the superuser, it checks the/etc/hosts.equiv file. If that lookup is not done, or is unsuccessful, the.rhosts in the local user's home directory is checked to see if the request for service is allowed. If this file does not exist, is not a regular file, is owned by anyone other than the user or the superuser, is writable by anyone other than the owner, or is hardlinked anywhere, the check automatically fails. Zero is returned if the machine name is listed in thehosts.equiv file, or the host and remote username are found in the.rhosts file; otherwiseiruserok() andruserok() return -1. If the local domain (as obtained fromgethostname(2)) is the same as the remote domain, only the machine name need be specified. If the IP address of the remote host is known,iruserok() should be used in preference toruserok(), as it does not require trusting the DNS server for the remote host's domain.*_af() variants All of the functions described above work with IPv4 (AF_INET) sockets. The "_af" variants take an extra argument that allows the socket address family to be specified. For these functions, theaf argument can be specified asAF_INETorAF_INET6. In addition,rcmd_af() supports the use ofAF_UNSPEC.
Thercmd() function returns a valid socket descriptor on success. It returns -1 on error and prints a diagnostic message on the standard error. Therresvport() function returns a valid, bound socket descriptor on success. On failure, it returns -1 and setserrno to indicate the error. The error codeEAGAINis overloaded to mean: "All network ports in use". For information on the return fromruserok() andiruserok(), see above.
For an explanation of the terms used in this section, seeattributes(7). ┌───────────────────────────────┬───────────────┬────────────────┐ │Interface│Attribute│Value│ ├───────────────────────────────┼───────────────┼────────────────┤ │rcmd(),rcmd_af() │ Thread safety │ MT-Unsafe │ ├───────────────────────────────┼───────────────┼────────────────┤ │rresvport(),rresvport_af() │ Thread safety │ MT-Safe │ ├───────────────────────────────┼───────────────┼────────────────┤ │iruserok(),ruserok(), │ Thread safety │ MT-Safe locale │ │iruserok_af(),ruserok_af() │ │ │ └───────────────────────────────┴───────────────┴────────────────┘
BSD.
iruserok_af()rcmd_af()rresvport_af()ruserok_af() glibc 2.2. Solaris, 4.2BSD. The "_af" variants are more recent additions, and are not present on as wide a range of systems.
iruserok() andiruserok_af() are declared in glibc headers only since glibc 2.12.
rlogin(1),rsh(1),rexec(3),rexecd(8),rlogind(8),rshd(8)
This page is part of theman-pages (Linux kernel and C library user-space interface documentation) project. Information about the project can be found at ⟨https://www.kernel.org/doc/man-pages/⟩. If you have a bug report for this manual page, see ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩. This page was obtained from the tarball man-pages-6.15.tar.gz fetched from ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up- to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgLinux man-pages 6.15 2025-05-17rcmd(3)Pages that refer to this page:rexec(3)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |