mirror of https://github.com/mkerrisk/man-pages
hosts.equiv.5: Tweak's to Carlos's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
427cee53f0
commit
9e7cff750b
|
@ -82,111 +82,90 @@ is added to the auth component line in your PAM file for
|
|||
the particular service
|
||||
.RB "(e.g., " rlogin ).
|
||||
.SH EXAMPLE
|
||||
Here are some example
|
||||
Below are some example
|
||||
.I /etc/host.equiv
|
||||
or
|
||||
.I ~/.rhosts
|
||||
files:
|
||||
.TP
|
||||
files.
|
||||
|
||||
Allow any user to login from any host:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
+
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Allow any user from host with a matching local account to login:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
host
|
||||
.PD
|
||||
.RE
|
||||
.PP
|
||||
Note: The use of
|
||||
.B +host
|
||||
is never a valid syntax, including attempting to specify that any user from the host is allowed.
|
||||
.TP
|
||||
Allow any user from host to login:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
host +
|
||||
.PD
|
||||
.RE
|
||||
.PP
|
||||
Note: This is distinct from the previous example since it does not require a matching local account.
|
||||
.TP
|
||||
Allow user from host to login:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
host user
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Allow all users with matching local accounts from host to login except for baduser:
|
||||
.LP
|
||||
.RS 4
|
||||
.PD 0
|
||||
.TP
|
||||
host -baduser
|
||||
.TP
|
||||
host
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Deny all users from host:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
-host
|
||||
.PD
|
||||
.RE
|
||||
.PP
|
||||
Note: The use of
|
||||
.B -host -user
|
||||
is never a valid syntax, including attempting to specify that a particular user from the host is not trusted.
|
||||
.TP
|
||||
Allow all users with matching local accounts in all hosts in the netgroup:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
+@netgroup
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Disallow all users in all hosts in the netgroup:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
-@netgroup
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Allow all users in netgroup to login from host:
|
||||
.LP
|
||||
.RS 4
|
||||
.TP
|
||||
host +@netgroup
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Allow all users with matching local accounts in all hosts in the netgroup except baduser:
|
||||
.LP
|
||||
.RS 4
|
||||
.PD 0
|
||||
.TP
|
||||
+@netgroup -baduser
|
||||
.TP
|
||||
+@netgroup
|
||||
.PD
|
||||
.RE
|
||||
.TP
|
||||
Note: The deny statements must always preceed the allow statements because the file is processed one line at a time.
|
||||
|
||||
+
|
||||
|
||||
Allow any user from
|
||||
.I host
|
||||
with a matching local account to login:
|
||||
|
||||
host
|
||||
|
||||
Note: the use of
|
||||
.I +host
|
||||
is never a valid syntax,
|
||||
including attempting to specify that any user from the host is allowed.
|
||||
|
||||
Allow any user from
|
||||
.I host
|
||||
to login:
|
||||
|
||||
host +
|
||||
|
||||
Note: this is distinct from the previous example
|
||||
since it does not require a matching local account.
|
||||
|
||||
Allow
|
||||
.I user
|
||||
from
|
||||
.I host
|
||||
to login:
|
||||
|
||||
host user
|
||||
|
||||
Allow all users with matching local accounts from
|
||||
.I host
|
||||
to login except for
|
||||
.IR baduser :
|
||||
|
||||
host \-baduser
|
||||
host
|
||||
|
||||
Deny all users from
|
||||
.IR host :
|
||||
|
||||
\-host
|
||||
|
||||
Note: the use of
|
||||
.I "\-host\ \-user"
|
||||
is never a valid syntax,
|
||||
including attempting to specify that a particular user from the host
|
||||
is not trusted.
|
||||
|
||||
Allow all users with matching local accounts on all hosts in a
|
||||
.IR netgroup :
|
||||
|
||||
+@netgroup
|
||||
|
||||
Disallow all users on all hosts in a
|
||||
.IR netgroup :
|
||||
|
||||
\-@netgroup
|
||||
|
||||
Allow all users in a
|
||||
.I netgroup
|
||||
to log in from
|
||||
.IR host :
|
||||
|
||||
host +@netgroup
|
||||
|
||||
Allow all users with matching local accounts on all hosts in a
|
||||
.I netgroup
|
||||
except
|
||||
.IR baduser :
|
||||
|
||||
+@netgroup \-baduser
|
||||
+@netgroup
|
||||
|
||||
Note: the deny statements must always precede
|
||||
because the file is processed one line at a time.
|
||||
.SH SEE ALSO
|
||||
.BR rhosts (5),
|
||||
.BR rlogind (8),
|
||||
|
|
Loading…
Reference in New Issue