2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
|
ldd.1, capget.2, clone.2, create_module.2, fallocate.2, futex.2, get_kernel_syms.2, get_thread_area.2, getcpu.2, getitimer.2, getpid.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl_list.2, mkdir.2, mknod.2, pciconfig_read.2, pivot_root.2, posix_fadvise.2, query_module.2, sendfile.2, set_thread_area.2, setns.2, unshare.2, __setfpucw.3, a64l.3, addseverity.3, argz_add.3, bindresvport.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, ccos.3, ccosh.3, cerf.3, cexp.3, cexp2.3, cimag.3, clog.3, clog10.3, clog2.3, cmsg.3, conj.3, cpow.3, cproj.3, creal.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, des_crypt.3, envz_add.3, fdim.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmtmsg.3, fpclassify.3, gamma.3, getpt.3, getrpcent.3, getrpcport.3, getttyent.3, isgreater.3, key_setsecret.3, lgamma.3, malloc_hook.3, mempcpy.3, nan.3, netlink.3, nextafter.3, putgrent.3, remove.3, remquo.3, rpc.3, rtime.3, rtnetlink.3, setaliasent.3, setnetgrent.3, signbit.3, significand.3, sincos.3, stdin.3, tgamma.3, xcrypt.3, xdr.3, cciss.4, hpsa.4, mouse.4, pts.4, sk98lin.4, tty_ioctl.4, wavelan.4, hosts.equiv.5, rpc.5, tzfile.5, boot.7, complex.7, ddp.7, fifo.7, futex.7, icmp.7, ip.7, ipv6.7, netdevice.7, netlink.7, packet.7, raw.7, rtnetlink.7, socket.7, tcp.7, udp.7, unix.7, x25.7, sync.8: Global fix: Put copyright info at top of page, followed by blank line and LICENSE
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:29:51 +00:00
|
|
|
.\"
|
ldd.1, clone.2, create_module.2, get_kernel_syms.2, get_thread_area.2, io_cancel.2, io_setup.2, io_submit.2, mkdir.2, mknod.2, query_module.2, set_thread_area.2, __setfpucw.3, hosts.equiv.5, sync.8: Added LICENSE_START(GPL_NOVERSION_ONELINE)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:28:51 +00:00
|
|
|
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
2004-11-03 13:51:07 +00:00
|
|
|
.\" This file may be distributed under the GNU General Public License.
|
ldd.1, clone.2, create_module.2, get_kernel_syms.2, get_thread_area.2, io_cancel.2, io_setup.2, io_submit.2, mkdir.2, mknod.2, query_module.2, set_thread_area.2, __setfpucw.3, hosts.equiv.5, sync.8: Added LICENSE_START(GPL_NOVERSION_ONELINE)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-10 09:28:51 +00:00
|
|
|
.\" %%%LICENSE_END
|
iconv.1, locale.1, memusage.1, memusagestat.1, pldd.1, sprof.1, _syscall.2, add_key.2, adjtimex.2, bind.2, bpf.2, chown.2, clone.2, close.2, copy_file_range.2, eventfd.2, fanotify_init.2, fanotify_mark.2, fork.2, fsync.2, futex.2, getdents.2, getrlimit.2, getxattr.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, ioctl_fat.2, ioctl_getfsmap.2, ioctl_ns.2, ioctl_tty.2, ioctl_userfaultfd.2, kcmp.2, keyctl.2, listen.2, listxattr.2, mbind.2, membarrier.2, memfd_create.2, mkdir.2, move_pages.2, mremap.2, msync.2, nfsservctl.2, open.2, perf_event_open.2, pidfd_send_signal.2, pipe.2, pivot_root.2, pkey_alloc.2, process_vm_readv.2, ptrace.2, readlink.2, readv.2, recv.2, recvmmsg.2, rename.2, request_key.2, s390_runtime_instr.2, sched_setaffinity.2, seccomp.2, send.2, sendmmsg.2, sigaltstack.2, signalfd.2, socket.2, socketpair.2, splice.2, spu_create.2, spu_run.2, statfs.2, syscall.2, sysctl.2, sysfs.2, tee.2, timer_getoverrun.2, timer_settime.2, umount.2, userfaultfd.2, utimensat.2, wait4.2, INFINITY.3, __ppc_get_timebase.3, __setfpucw.3, abort.3, aio_cancel.3, aio_error.3, aio_read.3, aio_return.3, atexit.3, backtrace.3, basename.3, bsearch.3, bswap.3, cacos.3, cacosh.3, catan.3, catanh.3, cexp2.3, clock_getcpuclockid.3, clog2.3, cmsg.3, confstr.3, div.3, dl_iterate_phdr.3, dlerror.3, dlinfo.3, dlopen.3, dlsym.3, duplocale.3, encrypt.3, end.3, endian.3, envz_add.3, err.3, expm1.3, fdim.3, flockfile.3, fmtmsg.3, frexp.3, ftw.3, get_nprocs_conf.3, get_phys_pages.3, getaddrinfo_a.3, getauxval.3, getdate.3, getdtablesize.3, getgrent_r.3, getgrouplist.3, gethostbyname.3, getline.3, getnameinfo.3, getopt.3, getprotoent_r.3, getpwent_r.3, getpwnam.3, getservent_r.3, getsubopt.3, getutent.3, glob.3, gnu_get_libc_version.3, hsearch.3, if_nameindex.3, inet.3, inet_net_pton.3, inet_ntop.3, inet_pton.3, insque.3, killpg.3, makecontext.3, mallinfo.3, malloc.3, malloc_hook.3, malloc_info.3, mallopt.3, matherr.3, mbsnrtowcs.3, mbstowcs.3, mcheck.3, mempcpy.3, mq_getattr.3, mq_notify.3, mtrace.3, newlocale.3, nextafter.3, ntp_gettime.3, offsetof.3, open_memstream.3, pow.3, printf.3, pthread_attr_init.3, pthread_attr_setdetachstate.3, pthread_attr_setguardsize.3, pthread_attr_setinheritsched.3, pthread_attr_setschedparam.3, pthread_attr_setschedpolicy.3, pthread_attr_setstack.3, pthread_attr_setstacksize.3, pthread_cancel.3, pthread_cleanup_push.3, pthread_create.3, pthread_detach.3, pthread_getattr_default_np.3, pthread_getattr_np.3, pthread_getcpuclockid.3, pthread_join.3, pthread_mutex_consistent.3, pthread_mutexattr_setrobust.3, pthread_setaffinity_np.3, pthread_setcancelstate.3, pthread_setname_np.3, pthread_setschedparam.3, pthread_sigmask.3, pthread_spin_init.3, pthread_testcancel.3, pthread_tryjoin_np.3, ptsname.3, qsort.3, rand.3, random.3, remainder.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, sem_getvalue.3, sem_wait.3, setaliasent.3, setlogmask.3, sigwait.3, sincos.3, sockatmark.3, stdarg.3, stpcpy.3, strcat.3, strfmon.3, strptime.3, strtod.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, tsearch.3, uselocale.3, wcstok.3, wcstombs.3, wordexp.3, y0.3, loop.4, vcs.4, veth.4, charmap.5, core.5, filesystems.5, gai.conf.5, hosts.5, hosts.equiv.5, locale.5, nss.5, repertoiremap.5, securetty.5, shells.5, ttytype.5, ascii.7, complex.7, cpuset.7, credentials.7, fanotify.7, hier.7, inotify.7, ip.7, mount_namespaces.7, mq_overview.7, netlink.7, network_namespaces.7, pid_namespaces.7, pkeys.7, rtld-audit.7, rtnetlink.7, sem_overview.7, signal-safety.7, sock_diag.7, spufs.7, standards.7, symlink.7, tcp.7, time_namespaces.7, unix.7, user_namespaces.7, xattr.7, ldconfig.8: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-06-09 12:43:54 +00:00
|
|
|
.TH HOSTS.EQUIV 5 2020-06-09 "Linux" "Linux Programmer's Manual"
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH NAME
|
2015-12-30 15:09:15 +00:00
|
|
|
hosts.equiv \- list of hosts and users that are granted "trusted"
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
.B r
|
|
|
|
|
command access to your system
|
2004-11-03 13:51:07 +00:00
|
|
|
.SH DESCRIPTION
|
2015-12-30 15:09:58 +00:00
|
|
|
The file
|
|
|
|
|
.I /etc/hosts.equiv
|
|
|
|
|
allows or denies hosts and users to use
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
the \fBr\fP-commands (e.g.,
|
|
|
|
|
.BR rlogin ,
|
2014-02-05 14:55:41 +00:00
|
|
|
.BR rsh ,
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
or
|
|
|
|
|
.BR rcp )
|
|
|
|
|
without
|
2004-11-03 13:51:07 +00:00
|
|
|
supplying a password.
|
|
|
|
|
.PP
|
|
|
|
|
The file uses the following format:
|
|
|
|
|
.TP
|
2015-05-24 04:58:25 +00:00
|
|
|
\fI+|[\-]hostname|+@netgroup|\-@netgroup\fP \fI[+|[\-]username|+@netgroup|\-@netgroup]\fP
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
The
|
|
|
|
|
.I hostname
|
|
|
|
|
is the name of a host which is logically equivalent
|
2007-04-12 22:42:49 +00:00
|
|
|
to the local host.
|
|
|
|
|
Users logged into that host are allowed to access
|
2004-11-03 13:51:07 +00:00
|
|
|
like-named user accounts on the local host without supplying a password.
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
The
|
|
|
|
|
.I hostname
|
|
|
|
|
may be (optionally) preceded by a plus (+) sign.
|
2014-03-26 04:57:26 +00:00
|
|
|
If the plus sign is used alone, it allows any host to access your system.
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
You can explicitly deny access to a host by preceding the
|
|
|
|
|
.I hostname
|
2007-04-12 22:42:49 +00:00
|
|
|
by a minus (\-) sign.
|
2015-05-24 04:58:25 +00:00
|
|
|
Users from that host must always supply additional credentials,
|
localedef.1, access.2, ioctl_console.2, ioctl_fslabel.2, openat2.2, write.2, dlsym.3, getopt.3, nl_langinfo.3, termios.3, xcrypt.3, hosts.equiv.5, nsswitch.conf.5, cgroups.7, man-pages.7, netlink.7, system_data_types.7: srcfix: semantic newlines
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2021-08-08 22:26:25 +00:00
|
|
|
including possibly a password.
|
|
|
|
|
For security reasons you should always
|
2015-05-24 04:58:25 +00:00
|
|
|
use the FQDN of the hostname and not the short hostname.
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
The
|
|
|
|
|
.I username
|
|
|
|
|
entry grants a specific user access to all user
|
2007-04-12 22:42:49 +00:00
|
|
|
accounts (except root) without supplying a password.
|
|
|
|
|
That means the
|
|
|
|
|
user is NOT restricted to like-named accounts.
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
The
|
|
|
|
|
.I username
|
|
|
|
|
may
|
2007-04-12 22:42:49 +00:00
|
|
|
be (optionally) preceded by a plus (+) sign.
|
|
|
|
|
You can also explicitly
|
time.1, _syscall.2, acct.2, getsockname.2, nanosleep.2, pciconfig_read.2, sched_get_priority_max.2, umask.2, uname.2, ustat.2, INFINITY.3, argz_add.3, atexit.3, bsearch.3, byteorder.3, carg.3, closedir.3, dlopen.3, drand48.3, envz_add.3, errno.3, ether_aton.3, exp10.3, finite.3, flockfile.3, fseeko.3, getcontext.3, getmntent.3, getnetent.3, getprotoent.3, getrpcent.3, getservent.3, iconv_close.3, iconv_open.3, initgroups.3, login.3, longjmp.3, mbsinit.3, memccpy.3, memmem.3, mempcpy.3, offsetof.3, on_exit.3, pow10.3, pthread_cancel.3, pthread_cleanup_push.3, rpc.3, rpmatch.3, setenv.3, setjmp.3, setlogmask.3, sockatmark.3, strfmon.3, strptime.3, strverscmp.3, swab.3, tcgetpgrp.3, tmpfile.3, toascii.3, y0.3, null.4, tty.4, tty_ioctl.4, hosts.equiv.5, environ.7, path_resolution.7, tzselect.8: Convert inline formatting (\fX...\fP) to dot-directive formatting
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-06-07 15:25:32 +00:00
|
|
|
deny access to a specific user by preceding the
|
|
|
|
|
.I username
|
|
|
|
|
with
|
2007-04-12 22:42:49 +00:00
|
|
|
a minus (\-) sign.
|
|
|
|
|
This says that the user is not trusted no matter
|
2004-11-03 13:51:07 +00:00
|
|
|
what other entries for that host exist.
|
|
|
|
|
.PP
|
|
|
|
|
Netgroups can be specified by preceding the netgroup by an @ sign.
|
|
|
|
|
.PP
|
2007-04-12 22:42:49 +00:00
|
|
|
Be extremely careful when using the plus (+) sign.
|
|
|
|
|
A simple typographical
|
|
|
|
|
error could result in a standalone plus sign.
|
|
|
|
|
A standalone plus sign is
|
2004-11-03 13:51:07 +00:00
|
|
|
a wildcard character that means "any host"!
|
|
|
|
|
.SH FILES
|
|
|
|
|
.I /etc/hosts.equiv
|
|
|
|
|
.SH NOTES
|
intro.1, _syscall.2, access.2, arch_prctl.2, cacheflush.2, chown.2, clock_getres.2, clone.2, create_module.2, fcntl.2, flock.2, get_kernel_syms.2, get_robust_list.2, get_thread_area.2, getcpu.2, getpriority.2, getrlimit.2, getrusage.2, ioprio_set.2, kexec_load.2, madvise.2, mbind.2, migrate_pages.2, mknod.2, mmap.2, mount.2, move_pages.2, mprotect.2, open.2, pause.2, pciconfig_read.2, perf_event_open.2, prctl.2, ptrace.2, query_module.2, read.2, reboot.2, recv.2, s390_runtime_instr.2, sched_setscheduler.2, select_tut.2, send.2, set_mempolicy.2, setfsgid.2, setfsuid.2, sigaction.2, spu_create.2, spu_run.2, stime.2, swapon.2, syslog.2, timer_create.2, timer_getoverrun.2, times.2, tkill.2, umount.2, unimplemented.2, ustat.2, vm86.2, wait.2, abs.3, aio_read.3, aio_write.3, bsd_signal.3, catgets.3, clearenv.3, cmsg.3, dbopen.3, dirfd.3, dlopen.3, exec.3, fenv.3, ferror.3, fmemopen.3, fnmatch.3, fopen.3, futimes.3, getaddrinfo.3, getifaddrs.3, getipnodebyname.3, hsearch.3, if_nameindex.3, inet_pton.3, mblen.3, mbrlen.3, mbsrtowcs.3, mbtowc.3, mcheck.3, memfrob.3, mq_notify.3, netlink.3, posix_memalign.3, printf.3, pthread_attr_setscope.3, pthread_cleanup_push.3, pthread_kill_other_threads_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, raise.3, resolver.3, rpc.3, rtime.3, rtnetlink.3, scanf.3, setbuf.3, setnetgrent.3, shm_open.3, sigpause.3, sigset.3, sigwait.3, sockatmark.3, strcasecmp.3, strcmp.3, strdup.3, strftime.3, strptime.3, strsignal.3, strverscmp.3, sysv_signal.3, termios.3, wcrtomb.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wctomb.3, wprintf.3, console_codes.4, cpuid.4, msr.4, rtc.4, sk98lin.4, st.4, tty.4, charmap.5, core.5, elf.5, hosts.equiv.5, proc.5, resolv.conf.5, services.5, slabinfo.5, arp.7, bootparam.7, capabilities.7, charsets.7, cpuset.7, ddp.7, epoll.7, feature_test_macros.7, futex.7, hier.7, icmp.7, inotify.7, ip.7, ipv6.7, man-pages.7, mdoc.7, mdoc.samples.7, netdevice.7, netlink.7, numa.7, packet.7, path_resolution.7, posixoptions.7, pthreads.7, raw.7, rtld-audit.7, rtnetlink.7, sem_overview.7, sigevent.7, socket.7, spufs.7, tcp.7, udp.7, unicode.7, uri.7, utf-8.7, intro.8, ldconfig.8, sync.8: Global fix: fix placement of word "only"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-31 08:53:00 +00:00
|
|
|
Some systems will honor the contents of this file only when it has owner
|
2007-04-12 22:42:49 +00:00
|
|
|
root and no write permission for anybody else.
|
|
|
|
|
Some exceptionally
|
2004-11-03 13:51:07 +00:00
|
|
|
paranoid systems even require that there be no other hard links to the file.
|
|
|
|
|
.PP
|
|
|
|
|
Modern systems use the Pluggable Authentication Modules library (PAM).
|
intro.1, _syscall.2, access.2, arch_prctl.2, cacheflush.2, chown.2, clock_getres.2, clone.2, create_module.2, fcntl.2, flock.2, get_kernel_syms.2, get_robust_list.2, get_thread_area.2, getcpu.2, getpriority.2, getrlimit.2, getrusage.2, ioprio_set.2, kexec_load.2, madvise.2, mbind.2, migrate_pages.2, mknod.2, mmap.2, mount.2, move_pages.2, mprotect.2, open.2, pause.2, pciconfig_read.2, perf_event_open.2, prctl.2, ptrace.2, query_module.2, read.2, reboot.2, recv.2, s390_runtime_instr.2, sched_setscheduler.2, select_tut.2, send.2, set_mempolicy.2, setfsgid.2, setfsuid.2, sigaction.2, spu_create.2, spu_run.2, stime.2, swapon.2, syslog.2, timer_create.2, timer_getoverrun.2, times.2, tkill.2, umount.2, unimplemented.2, ustat.2, vm86.2, wait.2, abs.3, aio_read.3, aio_write.3, bsd_signal.3, catgets.3, clearenv.3, cmsg.3, dbopen.3, dirfd.3, dlopen.3, exec.3, fenv.3, ferror.3, fmemopen.3, fnmatch.3, fopen.3, futimes.3, getaddrinfo.3, getifaddrs.3, getipnodebyname.3, hsearch.3, if_nameindex.3, inet_pton.3, mblen.3, mbrlen.3, mbsrtowcs.3, mbtowc.3, mcheck.3, memfrob.3, mq_notify.3, netlink.3, posix_memalign.3, printf.3, pthread_attr_setscope.3, pthread_cleanup_push.3, pthread_kill_other_threads_np.3, pthread_self.3, pthread_setcancelstate.3, pthread_setconcurrency.3, raise.3, resolver.3, rpc.3, rtime.3, rtnetlink.3, scanf.3, setbuf.3, setnetgrent.3, shm_open.3, sigpause.3, sigset.3, sigwait.3, sockatmark.3, strcasecmp.3, strcmp.3, strdup.3, strftime.3, strptime.3, strsignal.3, strverscmp.3, sysv_signal.3, termios.3, wcrtomb.3, wcsnlen.3, wcsnrtombs.3, wcsrtombs.3, wctomb.3, wprintf.3, console_codes.4, cpuid.4, msr.4, rtc.4, sk98lin.4, st.4, tty.4, charmap.5, core.5, elf.5, hosts.equiv.5, proc.5, resolv.conf.5, services.5, slabinfo.5, arp.7, bootparam.7, capabilities.7, charsets.7, cpuset.7, ddp.7, epoll.7, feature_test_macros.7, futex.7, hier.7, icmp.7, inotify.7, ip.7, ipv6.7, man-pages.7, mdoc.7, mdoc.samples.7, netdevice.7, netlink.7, numa.7, packet.7, path_resolution.7, posixoptions.7, pthreads.7, raw.7, rtld-audit.7, rtnetlink.7, sem_overview.7, sigevent.7, socket.7, spufs.7, tcp.7, udp.7, unicode.7, uri.7, utf-8.7, intro.8, ldconfig.8, sync.8: Global fix: fix placement of word "only"
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-03-31 08:53:00 +00:00
|
|
|
With PAM a standalone plus sign is considered a wildcard
|
|
|
|
|
character which means "any host" only when the word
|
2004-11-03 13:51:07 +00:00
|
|
|
.I promiscuous
|
|
|
|
|
is added to the auth component line in your PAM file for
|
|
|
|
|
the particular service
|
2007-06-08 11:56:22 +00:00
|
|
|
.RB "(e.g., " rlogin ).
|
2020-05-21 08:00:37 +00:00
|
|
|
.SH EXAMPLES
|
2015-06-17 08:46:06 +00:00
|
|
|
Below are some example
|
2015-05-24 04:58:25 +00:00
|
|
|
.I /etc/host.equiv
|
|
|
|
|
or
|
intro.1, clock_getres.2, clone.2, futex.2, ioctl_fat.2, mkdir.2, mknod.2, mmap.2, open.2, statx.2, umask.2, userfaultfd.2, glob.3, mkfifo.3, termios.3, wordexp.3, console_codes.4, sk98lin.4, vcs.4, dir_colors.5, hosts.equiv.5, proc.5, termcap.5, utmp.5, ascii.7, bpf-helpers.7, charsets.7, environ.7, glob.7, mailaddr.7, netlink.7, operator.7, suffixes.7, tcp.7, unicode.7, uri.7, zic.8: Use "\(ti" instead of "~"
A naked tilde ("~") renders poorly in PDF. Instead use "\(ti",
which renders better in a PDF, and produces the same glyph
when rendering on a terminal.
Reported-by: Geoff Clare <gwc@opengroup.org>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2020-08-06 19:43:46 +00:00
|
|
|
.I \(ti/.rhosts
|
2015-06-17 08:46:06 +00:00
|
|
|
files.
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-18 06:29:15 +00:00
|
|
|
Allow any user to log in from any host:
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
+
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow any user from
|
|
|
|
|
.I host
|
2015-06-18 06:29:15 +00:00
|
|
|
with a matching local account to log in:
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
host
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Note: the use of
|
|
|
|
|
.I +host
|
|
|
|
|
is never a valid syntax,
|
|
|
|
|
including attempting to specify that any user from the host is allowed.
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow any user from
|
|
|
|
|
.I host
|
2015-06-18 06:29:15 +00:00
|
|
|
to log in:
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
host +
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Note: this is distinct from the previous example
|
|
|
|
|
since it does not require a matching local account.
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow
|
|
|
|
|
.I user
|
|
|
|
|
from
|
|
|
|
|
.I host
|
2015-06-18 06:29:52 +00:00
|
|
|
to log in as any non-root user:
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
host user
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow all users with matching local accounts from
|
|
|
|
|
.I host
|
2015-06-18 06:29:15 +00:00
|
|
|
to log in except for
|
2015-06-17 08:46:06 +00:00
|
|
|
.IR baduser :
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
host \-baduser
|
|
|
|
|
host
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Deny all users from
|
|
|
|
|
.IR host :
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
\-host
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Note: the use of
|
|
|
|
|
.I "\-host\ \-user"
|
|
|
|
|
is never a valid syntax,
|
|
|
|
|
including attempting to specify that a particular user from the host
|
|
|
|
|
is not trusted.
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow all users with matching local accounts on all hosts in a
|
|
|
|
|
.IR netgroup :
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
+@netgroup
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Disallow all users on all hosts in a
|
|
|
|
|
.IR netgroup :
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
\-@netgroup
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow all users in a
|
|
|
|
|
.I netgroup
|
|
|
|
|
to log in from
|
2019-01-30 22:35:22 +00:00
|
|
|
.I host
|
2015-06-18 19:19:38 +00:00
|
|
|
as any non-root user:
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
host +@netgroup
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
Allow all users with matching local accounts on all hosts in a
|
|
|
|
|
.I netgroup
|
|
|
|
|
except
|
|
|
|
|
.IR baduser :
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-06-17 08:46:06 +00:00
|
|
|
+@netgroup \-baduser
|
|
|
|
|
+@netgroup
|
cpuid.4, fd.4, full.4, initrd.4, lirc.4, msr.4, null.4, vcs.4, charmap.5, core.5, dir_colors.5, filesystems.5, gai.conf.5, hosts.equiv.5, locale.5, motd.5, networks.5, nscd.conf.5, nss.5, proc.5, protocols.5, repertoiremap.5, services.5, tmpfs.5, ttytype.5, intro.8, nscd.8: ffix
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2017-08-17 22:59:55 +00:00
|
|
|
.PP
|
2015-07-21 14:02:33 +00:00
|
|
|
Note: the deny statements must always precede the allow statements because
|
|
|
|
|
the file is processed sequentially until the first matching rule is found.
|
getent.1, intro.1, time.1, _exit.2, _syscall.2, accept.2, access.2, acct.2, adjtimex.2, alarm.2, alloc_hugepages.2, arch_prctl.2, bdflush.2, bind.2, brk.2, cacheflush.2, capget.2, chdir.2, chmod.2, chown.2, chroot.2, clock_getres.2, clock_nanosleep.2, clone.2, close.2, connect.2, create_module.2, delete_module.2, dup.2, epoll_create.2, epoll_ctl.2, epoll_wait.2, eventfd.2, execve.2, exit_group.2, faccessat.2, fchmodat.2, fchownat.2, fcntl.2, flock.2, fork.2, fstatat.2, fsync.2, futex.2, futimesat.2, get_kernel_syms.2, get_robust_list.2, get_thread_area.2, getcpu.2, getdents.2, getdomainname.2, getgid.2, getgroups.2, gethostname.2, getitimer.2, getpagesize.2, getpeername.2, getpid.2, getpriority.2, getresuid.2, getrlimit.2, getrusage.2, getsid.2, getsockname.2, getsockopt.2, gettid.2, gettimeofday.2, getuid.2, getunwind.2, getxattr.2, idle.2, init_module.2, inotify_add_watch.2, inotify_init.2, inotify_rm_watch.2, intro.2, io_cancel.2, io_destroy.2, io_getevents.2, io_setup.2, io_submit.2, ioctl.2, ioctl_list.2, ioperm.2, iopl.2, ioprio_set.2, ipc.2, kcmp.2, kill.2, killpg.2, link.2, linkat.2, listen.2, listxattr.2, llseek.2, lookup_dcookie.2, lseek.2, madvise.2, migrate_pages.2, mincore.2, mkdir.2, mkdirat.2, mknod.2, mknodat.2, mlock.2, mmap.2, mmap2.2, modify_ldt.2, mount.2, move_pages.2, mprotect.2, mq_getsetattr.2, mremap.2, msgctl.2, msgget.2, msgop.2, msync.2, nanosleep.2, nfsservctl.2, nice.2, open.2, openat.2, outb.2, pause.2, pciconfig_read.2, perf_event_open.2, perfmonctl.2, personality.2, pipe.2, pivot_root.2, poll.2, posix_fadvise.2, prctl.2, pread.2, process_vm_readv.2, ptrace.2, query_module.2, quotactl.2, read.2, readahead.2, readdir.2, readlink.2, readlinkat.2, readv.2, reboot.2, recv.2, remap_file_pages.2, removexattr.2, rename.2, renameat.2, rmdir.2, rt_sigqueueinfo.2, sched_get_priority_max.2, sched_rr_get_interval.2, sched_setaffinity.2, sched_setparam.2, sched_setscheduler.2, sched_yield.2, select.2, semctl.2, semget.2, semop.2, send.2, sendfile.2, set_thread_area.2, set_tid_address.2, seteuid.2, setfsgid.2, setfsuid.2, setgid.2, setpgid.2, setresuid.2, setreuid.2, setsid.2, setuid.2, setup.2, setxattr.2, shmctl.2, shmget.2, shmop.2, shutdown.2, sigaction.2, sigaltstack.2, signal.2, signalfd.2, sigpending.2, sigprocmask.2, sigreturn.2, sigsuspend.2, sigwaitinfo.2, socket.2, socketcall.2, socketpair.2, splice.2, stat.2, statfs.2, stime.2, swapon.2, symlink.2, symlinkat.2, sync.2, sync_file_range.2, sysctl.2, sysfs.2, sysinfo.2, syslog.2, tee.2, time.2, timerfd_create.2, times.2, tkill.2, truncate.2, umask.2, umount.2, uname.2, unimplemented.2, unlink.2, unlinkat.2, uselib.2, ustat.2, utime.2, utimensat.2, vfork.2, vhangup.2, vm86.2, vmsplice.2, wait.2, wait4.2, write.2, CPU_SET.3, INFINITY.3, MB_CUR_MAX.3, MB_LEN_MAX.3, __setfpucw.3, a64l.3, abort.3, abs.3, acos.3, acosh.3, addseverity.3, adjtime.3, aio_cancel.3, aio_error.3, aio_fsync.3, aio_read.3, aio_return.3, aio_suspend.3, aio_write.3, alloca.3, argz_add.3, asin.3, asinh.3, asprintf.3, assert.3, assert_perror.3, atan.3, atan2.3, atanh.3, atexit.3, atof.3, atoi.3, backtrace.3, basename.3, bcmp.3, bcopy.3, bindresvport.3, bsd_signal.3, bsearch.3, bstring.3, btowc.3, btree.3, byteorder.3, bzero.3, cabs.3, cacos.3, cacosh.3, canonicalize_file_name.3, carg.3, casin.3, casinh.3, catan.3, catanh.3, catgets.3, catopen.3, cbrt.3, ccos.3, ccosh.3, ceil.3, cerf.3, cexp.3, cexp2.3, cfree.3, cimag.3, clearenv.3, clock.3, clock_getcpuclockid.3, clog.3, clog10.3, clog2.3, closedir.3, cmsg.3, confstr.3, conj.3, copysign.3, cos.3, cosh.3, cpow.3, cproj.3, creal.3, crypt.3, csin.3, csinh.3, csqrt.3, ctan.3, ctanh.3, ctermid.3, ctime.3, daemon.3, dbopen.3, des_crypt.3, difftime.3, dirfd.3, div.3, dl_iterate_phdr.3, dlopen.3, dprintf.3, drand48.3, drand48_r.3, dysize.3, ecvt.3, ecvt_r.3, encrypt.3, end.3, endian.3, envz_add.3, erf.3, erfc.3, err.3, errno.3, error.3, ether_aton.3, euidaccess.3, exec.3, exit.3, exp.3, exp10.3, exp2.3, expm1.3, fabs.3, fclose.3, fcloseall.3, fdim.3, fenv.3, ferror.3, fexecve.3, fflush.3, ffs.3, fgetgrent.3, fgetpwent.3, fgetwc.3, fgetws.3, finite.3, flockfile.3, floor.3, fma.3, fmax.3, fmemopen.3, fmin.3, fmod.3, fmtmsg.3, fnmatch.3, fopen.3, fpathconf.3, fpclassify.3, fpurge.3, fputwc.3, fputws.3, fread.3, frexp.3, fseek.3, fseeko.3, ftime.3, ftok.3, fts.3, ftw.3, futimes.3, fwide.3, gamma.3, gcvt.3, getaddrinfo.3, getaddrinfo_a.3, getauxval.3, getcontext.3, getcwd.3, getdate.3, getdirentries.3, getdtablesize.3, getenv.3, getfsent.3, getgrent.3, getgrent_r.3, getgrnam.3, getgrouplist.3, gethostbyname.3, gethostid.3, getipnodebyname.3, getline.3, getloadavg.3, getlogin.3, getmntent.3, getnameinfo.3, getnetent.3, getnetent_r.3, getopt.3, getpass.3, getprotoent.3, getprotoent_r.3, getpt.3, getpw.3, getpwent.3, getpwent_r.3, getpwnam.3, getrpcent.3, getrpcent_r.3, getrpcport.3, gets.3, getservent.3, getservent_r.3, getspnam.3, getttyent.3, getumask.3, getusershell.3, getutent.3, getw.3, getwchar.3, glob.3, grantpt.3, gsignal.3, hash.3, hsearch.3, hypot.3, iconv.3, iconv_close.3, iconv_open.3, ilogb.3, index.3, inet.3, inet_ntop.3, inet_pton.3, infnan.3, initgroups.3, insque.3, intro.3, isalpha.3, isatty.3, isgreater.3, iswalnum.3, iswalpha.3, iswblank.3, iswcntrl.3, iswctype.3, iswdigit.3, iswgraph.3, iswlower.3, iswprint.3, iswpunct.3, iswspace.3, iswupper.3, iswxdigit.3, j0.3, key_setsecret.3, ldexp.3, lgamma.3, lio_listio.3, localeconv.3, lockf.3, log.3, log10.3, log1p.3, log2.3, logb.3, login.3, longjmp.3, lrint.3, lround.3, lsearch.3, lseek64.3, makecontext.3, makedev.3, malloc.3, malloc_hook.3, mblen.3, mbrlen.3, mbrtowc.3, mbsinit.3, mbsnrtowcs.3, mbsrtowcs.3, mbstowcs.3, mbtowc.3, memccpy.3, memchr.3, memcmp.3, memcpy.3, memfrob.3, memmem.3, memmove.3, mempcpy.3, memset.3, mkdtemp.3, mkfifo.3, mkfifoat.3, mkstemp.3, mktemp.3, modf.3, mpool.3, mq_close.3, mq_getattr.3, mq_notify.3, mq_open.3, mq_receive.3, mq_send.3, mq_unlink.3, mtrace.3, nan.3, netlink.3, nextafter.3, nl_langinfo.3, offsetof.3, on_exit.3, opendir.3, openpty.3, perror.3, popen.3, posix_fallocate.3, posix_memalign.3, posix_openpt.3, pow.3, pow10.3, printf.3, profil.3, program_invocation_name.3, psignal.3, pthread_kill_other_threads_np.3, ptsname.3, putenv.3, putgrent.3, putpwent.3, puts.3, putwchar.3, qecvt.3, qsort.3, queue.3, raise.3, rand.3, random.3, random_r.3, rcmd.3, re_comp.3, readdir.3, realpath.3, recno.3, regex.3, remainder.3, remove.3, remquo.3, resolver.3, rewinddir.3, rexec.3, rint.3, round.3, rpc.3, rpmatch.3, rtime.3, rtnetlink.3, scalb.3, scalbln.3, scandir.3, scandirat.3, scanf.3, seekdir.3, sem_close.3, sem_destroy.3, sem_getvalue.3, sem_init.3, sem_open.3, sem_post.3, sem_unlink.3, sem_wait.3, setaliasent.3, setbuf.3, setenv.3, setjmp.3, setlocale.3, setlogmask.3, setnetgrent.3, shm_open.3, siginterrupt.3, signbit.3, significand.3, sigpause.3, sigqueue.3, sigset.3, sigsetops.3, sigvec.3, sin.3, sincos.3, sinh.3, sleep.3, sockatmark.3, sqrt.3, statvfs.3, stdarg.3, stdin.3, stdio.3, stdio_ext.3, stpcpy.3, stpncpy.3, strcasecmp.3, strcat.3, strchr.3, strcmp.3, strcoll.3, strcpy.3, strdup.3, strerror.3, strfmon.3, strfry.3, strftime.3, string.3, strlen.3, strnlen.3, strpbrk.3, strptime.3, strsep.3, strsignal.3, strspn.3, strstr.3, strtod.3, strtoimax.3, strtok.3, strtol.3, strtoul.3, strverscmp.3, strxfrm.3, swab.3, sysconf.3, syslog.3, system.3, sysv_signal.3, tan.3, tanh.3, tcgetpgrp.3, tcgetsid.3, telldir.3, tempnam.3, termios.3, tgamma.3, timegm.3, timeradd.3, tmpfile.3, tmpnam.3, toascii.3, toupper.3, towctrans.3, towlower.3, towupper.3, trunc.3, tsearch.3, ttyname.3, ttyslot.3, tzset.3, ualarm.3, ulimit.3, ungetwc.3, unlocked_stdio.3, unlockpt.3, updwtmp.3, usleep.3, wcpcpy.3, wcpncpy.3, wcrtomb.3, wcscasecmp.3, wcscat.3, wcschr.3, wcscmp.3, wcscpy.3, wcscspn.3, wcsdup.3, wcslen.3, wcsncasecmp.3, wcsncat.3, wcsncmp.3, wcsncpy.3, wcsnlen.3, wcsnrtombs.3, wcspbrk.3, wcsrchr.3, wcsrtombs.3, wcsspn.3, wcsstr.3, wcstoimax.3, wcstok.3, wcstombs.3, wcswidth.3, wctob.3, wctomb.3, wctrans.3, wctype.3, wcwidth.3, wmemchr.3, wmemcmp.3, wmemcpy.3, wmemmove.3, wmemset.3, wordexp.3, wprintf.3, xcrypt.3, xdr.3, y0.3, cciss.4, console.4, console_codes.4, console_ioctl.4, dsp56k.4, fd.4, full.4, hd.4, hpsa.4, initrd.4, intro.4, lp.4, mem.4, mouse.4, null.4, pts.4, ram.4, random.4, rtc.4, sk98lin.4, st.4, tty.4, ttyS.4, tty_ioctl.4, vcs.4, wavelan.4, acct.5, charmap.5, dir_colors.5, filesystems.5, ftpusers.5, group.5, host.conf.5, hosts.5, hosts.equiv.5, intro.5, issue.5, locale.5, motd.5, networks.5, nologin.5, nscd.conf.5, passwd.5, proc.5, protocols.5, resolv.conf.5, rpc.5, securetty.5, services.5, shells.5, termcap.5, ttytype.5, utmp.5, armscii-8.7, arp.7, ascii.7, bootparam.7, capabilities.7, charsets.7, complex.7, cp1251.7, credentials.7, ddp.7, environ.7, epoll.7, fifo.7, futex.7, glob.7, hier.7, icmp.7, inotify.7, intro.7, ip.7, ipv6.7, iso_8859-1.7, iso_8859-10.7, iso_8859-11.7, iso_8859-13.7, iso_8859-14.7, iso_8859-15.7, iso_8859-16.7, iso_8859-2.7, iso_8859-3.7, iso_8859-4.7, iso_8859-5.7, iso_8859-6.7, iso_8859-7.7, iso_8859-8.7, iso_8859-9.7, koi8-r.7, koi8-u.7, locale.7, mailaddr.7, man.7, mq_overview.7, netdevice.7, netlink.7, numa.7, packet.7, path_resolution.7, pipe.7, posixoptions.7, pthreads.7, pty.7, raw.7, regex.7, rtld-audit.7, rtnetlink.7, sem_overview.7, shm_overview.7, sigevent.7, signal.7, socket.7, standards.7, suffixes.7, svipc.7, tcp.7, termio.7, time.7, udp.7, udplite.7, unicode.7, unix.7, uri.7, utf-8.7, x25.7, nscd.8, sync.8, tzselect.8, zdump.8, zic.8: Global fix: remove unneeded double quotes in .SH headings
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2013-02-24 18:01:36 +00:00
|
|
|
.SH SEE ALSO
|
2004-11-03 13:51:07 +00:00
|
|
|
.BR rhosts (5),
|
|
|
|
|
.BR rlogind (8),
|
|
|
|
|
.BR rshd (8)
|