mirror of https://github.com/mkerrisk/man-pages
88 lines
2.5 KiB
Groff
88 lines
2.5 KiB
Groff
.\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
|
|
.\"
|
|
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
|
.\" This file may be distributed under the GNU General Public License.
|
|
.\" %%%LICENSE_END
|
|
.TH HOSTS.EQUIV 5 2003-08-24 "Linux" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
/etc/hosts.equiv \- list of hosts and users that are granted "trusted"
|
|
.B r
|
|
command access to your system
|
|
.SH DESCRIPTION
|
|
The
|
|
.B hosts.equiv
|
|
file allows or denies hosts and users to use
|
|
the \fBr\fP-commands (e.g.,
|
|
.BR rlogin ,
|
|
.B rsh
|
|
or
|
|
.BR rcp )
|
|
without
|
|
supplying a password.
|
|
.PP
|
|
The file uses the following format:
|
|
.TP
|
|
\fI[ + | \- ]\fP \fI[hostname]\fP \fI[username]\fP
|
|
.PP
|
|
The
|
|
.I hostname
|
|
is the name of a host which is logically equivalent
|
|
to the local host.
|
|
Users logged into that host are allowed to access
|
|
like-named user accounts on the local host without supplying a password.
|
|
The
|
|
.I hostname
|
|
may be (optionally) preceded by a plus (+) sign.
|
|
If the plus sign is used alone it allows any host to access your system.
|
|
You can explicitly deny access to a host by preceding the
|
|
.I hostname
|
|
by a minus (\-) sign.
|
|
Users from that host must always supply a password.
|
|
For security reasons you should always use the FQDN of the hostname and
|
|
not the short hostname.
|
|
.PP
|
|
The
|
|
.I username
|
|
entry grants a specific user access to all user
|
|
accounts (except root) without supplying a password.
|
|
That means the
|
|
user is NOT restricted to like-named accounts.
|
|
The
|
|
.I username
|
|
may
|
|
be (optionally) preceded by a plus (+) sign.
|
|
You can also explicitly
|
|
deny access to a specific user by preceding the
|
|
.I username
|
|
with
|
|
a minus (\-) sign.
|
|
This says that the user is not trusted no matter
|
|
what other entries for that host exist.
|
|
.PP
|
|
Netgroups can be specified by preceding the netgroup by an @ sign.
|
|
.PP
|
|
Be extremely careful when using the plus (+) sign.
|
|
A simple typographical
|
|
error could result in a standalone plus sign.
|
|
A standalone plus sign is
|
|
a wildcard character that means "any host"!
|
|
.SH FILES
|
|
.I /etc/hosts.equiv
|
|
.SH NOTES
|
|
Some systems will honor the contents of this file only when it has owner
|
|
root and no write permission for anybody else.
|
|
Some exceptionally
|
|
paranoid systems even require that there be no other hard links to the file.
|
|
.PP
|
|
Modern systems use the Pluggable Authentication Modules library (PAM).
|
|
With PAM a standalone plus sign is considered a wildcard
|
|
character which means "any host" only when the word
|
|
.I promiscuous
|
|
is added to the auth component line in your PAM file for
|
|
the particular service
|
|
.RB "(e.g., " rlogin ).
|
|
.SH SEE ALSO
|
|
.BR rhosts (5),
|
|
.BR rlogind (8),
|
|
.BR rshd (8)
|