rstartd

rstartd [options]
(Typically launched by inetd or xinetd, without direct command-line invocation from users.)

-a
    Use xauth for authentication. This option instructs rstartd to add a new X authorization entry for the remote display and remove it upon process exit. This is generally the preferred and more secure method for handling X authorization.

-s
    Use xauth for authentication, but only add an authorization entry if one doesn't already exist for the given display. This can be less robust for cleanup than -a.

-v
    Enable verbose output. This option causes rstartd to print detailed debugging information to standard error, which is useful for troubleshooting connection or execution issues.

-p path
    Specify the full path to the xauth program. This is useful if xauth is not found in rstartd's default PATH or if a specific version needs to be used.

rstartd is a daemon program designed to facilitate the remote launching of X Window System applications and other programs. It typically runs on a server and listens for incoming connections, usually on TCP port 514 (the shell service port). When a remote client (such as rstart) connects, rstartd performs authentication, often relying on the traditional .rhosts or /etc/hosts.equiv files for trusted host/user validation. Upon successful authentication, it receives a command to execute along with necessary environment variables and X display information. rstartd then forks a child process to run the requested command, ensuring proper X authorization setup (e.g., using xauth) and standard I/O redirection. It's particularly useful in environments where users need to run applications on a powerful remote machine while displaying them on their local X workstation. After the launched application exits, rstartd handles the cleanup of temporary X authorization entries.

Security Risks: rstartd relies on the inherently insecure .rhosts and /etc/hosts.equiv authentication mechanisms, making it vulnerable to IP spoofing and DNS attacks. It also lacks encryption for data in transit. For these reasons, it is largely superseded by SSH with X forwarding.
Configuration Complexity: Requires careful configuration within inetd or xinetd, and correct X authorization setup (xauth) is critical.
Limited Modern Support: Many modern Linux distributions have deprecated or removed the rstart package due to its security limitations and the availability of superior alternatives.

rstartd is almost always launched by a super-server like inetd or xinetd when a connection is received on its designated port. A typical entry in /etc/inetd.conf might look like:
shell stream tcp nowait root /usr/sbin/rstartd rstartd
Or in /etc/xinetd.d/rstartd (for xinetd):
service shell
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/sbin/rstartd
log_on_success += USERID
log_on_failure += USERID
}

The recommended and secure alternative for remote X application forwarding is SSH. Using ssh -X user@hostname (or ssh -Y for trusted forwarding) provides encrypted communication, stronger authentication methods, and significantly greater security than rstartd.

rstartd is a component of the rstart package, which emerged in the early days of the X Window System (late 1980s/early 1990s). It was developed to address the need for remotely launching graphical applications in a network environment, leveraging existing remote shell (rsh) authentication paradigms. Its design made it convenient for users familiar with the .rhosts system. However, with the advent and widespread adoption of SSH in the late 1990s, which provides secure, encrypted remote access and robust X forwarding capabilities (ssh -X), the use of rstartd has sharply declined. It is now considered an outdated and insecure technology, with most modern systems favoring SSH for remote X application management.

rstart(1), xauth(1), inetd(8), xinetd(8), ssh(1)