Can someone explain exactly what threat is posed by using r commands across a network by the root user?

I have read and been told that using r commands across a network is dangerous. I understand that it gives users access to specific commands on specific hosts without being prompted for a password. I understand that if a hacker gets root access on one of my machines(within the confines of my network), he/she can then trash about everything I have via these commands.

What I don't understand is that here at work, we use r commands. I have poured over a lot of our backup scripts that have root creating compressed backups and then a user named "backup" pushing these files(via rcp) to a server designated to store backups.

Why would one do this? Why am I to be worried about having root execute an r command as opposed to a regular user?

Thanks in advance...

Why would one do this?
Because they need root privileges to backup all files, but not for stashing the backups remotely?

Why am I to be worried about having root execute an r command as opposed to a regular user?
For rcommands in general, because of the (lack of) authentication. It's trust model is based on usernames and FQDN's only, unless Kerberos auth is used or tunnelled tru Ssh (using substitutes like scp or slogin). Like telnet it's traffic is sniffable w/o the need for descrambling.
Then there's the unlimited power.

yup... this is the case...

thanks for the explanation!

I dislike the r-commands because they are clear text protocols and the authentication mechanism is very weak. In your case, you are basically providing unauthenticated access for a user named "backup". Given this information, it would be relatively easy for someone on your network to gain access to your backup system.