I assume that when you say 'through the web', you mean 'when this code is invoked from within a CGI'. My first suggestion, is to make sure that the user under which your CGI is running, if this is the case, can invoke the command in the way you shown.

Warning: If this user can perform commands such as those on other machines, this is a *very* serious security issue. If a cracker can get access to said user, he/she can learn a lot about your network and servers and pottentially, do a lot of harm.

The least you can do, is to use ssh in place of rsh. Although this does not fix the problem I outlined before, it at least allows you to use strong(er) authentication than what stock rsh offers.

Regards.