2004-11-03 13:51:07 +00:00
|
|
|
.\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
|
|
|
|
.\" This file may be distributed under the GNU General Public License.
|
|
|
|
.TH HOSTS.EQUIV 5 2003-08-24 "Linux" "Linux Programmer's Manual"
|
|
|
|
.SH NAME
|
|
|
|
/etc/hosts.equiv \- list of hosts and users that are granted "trusted"
|
|
|
|
\fBr\fP command access to your system
|
|
|
|
.SH DESCRIPTION
|
|
|
|
The \fBhosts.equiv\fP file allows or denies hosts and users to use
|
|
|
|
the \fBr\fP-commands (e.g. \fBrlogin\fP, \fBrsh\fP or \fBrcp\fP) without
|
|
|
|
supplying a password.
|
|
|
|
.PP
|
|
|
|
The file uses the following format:
|
|
|
|
.TP
|
2005-07-06 07:41:37 +00:00
|
|
|
\fI[ + | \- ]\fP \fI[hostname]\fP \fI[username]\fP
|
2004-11-03 13:51:07 +00:00
|
|
|
.PP
|
|
|
|
The \fIhostname\fP is the name of a host which is logically equivalent
|
|
|
|
to the local host. Users logged into that host are allowed to access
|
|
|
|
like-named user accounts on the local host without supplying a password.
|
|
|
|
The \fIhostname\fP may be (optionally) preceded by a plus (+) sign.
|
|
|
|
If the plus sign is used alone it allows any host to access your system.
|
2005-06-24 14:17:21 +00:00
|
|
|
You can explicitly deny access to a host by preceding the \fIhostname\fP
|
2005-07-06 07:41:37 +00:00
|
|
|
by a minus (\-) sign. Users from that host must always supply a password.
|
2004-11-03 13:51:07 +00:00
|
|
|
For security reasons you should always use the FQDN of the hostname and
|
|
|
|
not the short hostname.
|
|
|
|
.PP
|
|
|
|
The \fIusername\fP entry grants a specific user access to all user
|
|
|
|
accounts (except root) without supplying a password. That means the
|
|
|
|
user is NOT restricted to like-named accounts. The \fIusername\fP may
|
|
|
|
be (optionally) preceded by a plus (+) sign. You can also explicitly
|
|
|
|
deny access to a specific user by preceding the \fIusername\fP with
|
2005-07-06 07:41:37 +00:00
|
|
|
a minus (\-) sign. This says that the user is not trusted no matter
|
2004-11-03 13:51:07 +00:00
|
|
|
what other entries for that host exist.
|
|
|
|
.PP
|
|
|
|
Netgroups can be specified by preceding the netgroup by an @ sign.
|
|
|
|
.PP
|
|
|
|
Be extremely careful when using the plus (+) sign. A simple typographical
|
|
|
|
error could result in a standalone plus sign. A standalone plus sign is
|
|
|
|
a wildcard character that means "any host"!
|
|
|
|
.SH FILES
|
|
|
|
.I /etc/hosts.equiv
|
|
|
|
.SH NOTES
|
|
|
|
Some systems will only honor the contents of this file when it has owner
|
|
|
|
root and no write permission for anybody else. Some exceptionally
|
|
|
|
paranoid systems even require that there be no other hard links to the file.
|
|
|
|
.PP
|
|
|
|
Modern systems use the Pluggable Authentication Modules library (PAM).
|
|
|
|
With PAM a standalone plus sign is only considered a wildcard
|
|
|
|
character which means "any host" when the word
|
|
|
|
.I promiscuous
|
|
|
|
is added to the auth component line in your PAM file for
|
|
|
|
the particular service
|
|
|
|
.RB "(e.g. " rlogin ).
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR rhosts (5),
|
|
|
|
.BR rlogind (8),
|
|
|
|
.BR rshd (8)
|