Udostępnij za pośrednictwem


Unable to execute windows commands in a single line through RSH

Recently we got a issue where customer wanted to start/stop windows service using RSH. The operating system is Windows 2008 R2. Interix rsh was configured on the customer's box.

 

From the Unix client when we execute the command “rsh –l <username> hostname sc start <service name>”, it returns with an error message as no device found or invalid path. Running any other windows command ( system32) like dir gives the same error.

It seems that using the rsh command, we are not able to run any windows based command (for example: dir, net start). But when we run a Unix command (for example: ls, date) we get the desired output.

We also tried using the runwin32 command which is under the SUA\bin directory but did not help.

On troubleshooting we found that RSH provides very restrictive environment to execute commands on remote machine and hence it's not run any command other than those are in /bin directory on remote machine. This is because by default the remote shell in which the (RSH)commands get executed include only ‘/bin’ in its path. This can be confirmed by running the command:

"rsh –l <username> hostname set"

So we tried running the command with the full path. While it works for SUA binaries. Running any Win32 executable results in the following error -

sh: /dev/fs/C/Windows/System32/some.exe: No such device

In other words, it just doesn't execute any Win32 binary. We observed the same behaviour on W2K3 R2 as well.

The workaround is to execute the command in two steps:First execute the command:

"rsh –l <username> hostname

This will give you a interactive shell using rsh. Then you can execute windows command.

The behavior (unable to execute windows command through RSH on a single line) is by design. This is due to the limitation with the interaction between Windows and SUA Subsystem I/O manager. The problem is that rshd associates the standard input and output file streams (file descriptors 0 and 1) with the socket connections back to the rsh client and the Interix subsystem doesn't allow these types of file descriptors to be inherited by a Windows application when it is executed by rshd.

To work around this problem the command specified on the rsh command line must explicitly redirect these file descriptors to either a regular file, a pipe or the special file "/dev/null".

The simple workaround is to execute the following command:

  •  rsh –l administrator <windows IP> “ /dev/fs/C/Windows/System32/sc.exe start tlntsvr </dev/null |cat"

For example:

bash-2.03# rsh -l administrator <Windows IP> " /dev/fs/C/WINDOWS/system32/sc.exe start tlntsvr </dev/null |cat"

SERVICE_NAME: tlntsvr

        TYPE : 10 WIN32_OWN_PROCESS

        STATE : 2 START_PENDING

                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN))

        WIN32_EXIT_CODE : 0 (0x0)

        SERVICE_EXIT_CODE : 0 (0x0)

        CHECKPOINT : 0x0

        WAIT_HINT : 0x7d0

        PID : 1292

        FLAGS :

bash-2.03# rsh -l administrator <Windows IP> " /dev/fs/C/WINDOWS/system32/sc.exe query tlntsvr </dev/null |cat"

SERVICE_NAME: tlntsvr

        TYPE : 10 WIN32_OWN_PROCESS

        STATE : 4 RUNNING

                                (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)

        WIN32_EXIT_CODE : 0 (0x0)

        SERVICE_EXIT_CODE : 0 (0x0)

        CHECKPOINT : 0x0

        WAIT_HINT : 0x0

bash-2.03#