285 lines
5.8 KiB
HTML
285 lines
5.8 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of HOSTS.EQUIV</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>HOSTS.EQUIV</H1>
|
|
Section: Linux Programmer's Manual (5)<BR>Updated: 2015-07-23<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
hosts.equiv - list of hosts and users that are granted "trusted"
|
|
<B>r</B>
|
|
|
|
command access to your system
|
|
<A NAME="lbAC"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
The file
|
|
<I>/etc/hosts.equiv</I>
|
|
|
|
allows or denies hosts and users to use
|
|
the <B>r</B>-commands (e.g.,
|
|
<B>rlogin</B>,
|
|
|
|
<B>rsh</B>,
|
|
|
|
or
|
|
<B>rcp</B>)
|
|
|
|
without
|
|
supplying a password.
|
|
<P>
|
|
|
|
The file uses the following format:
|
|
<DL COMPACT>
|
|
<DT id="1"><I>+|[-]hostname|+@netgroup|-@netgroup</I> <I>[+|[-]username|+@netgroup|-@netgroup]</I><DD>
|
|
</DL>
|
|
<P>
|
|
|
|
The
|
|
<I>hostname</I>
|
|
|
|
is the name of a host which is logically equivalent
|
|
to the local host.
|
|
Users logged into that host are allowed to access
|
|
like-named user accounts on the local host without supplying a password.
|
|
The
|
|
<I>hostname</I>
|
|
|
|
may be (optionally) preceded by a plus (+) sign.
|
|
If the plus sign is used alone, it allows any host to access your system.
|
|
You can explicitly deny access to a host by preceding the
|
|
<I>hostname</I>
|
|
|
|
by a minus (-) sign.
|
|
Users from that host must always supply additional credentials,
|
|
including possibly a password. For security reasons you should always
|
|
use the FQDN of the hostname and not the short hostname.
|
|
<P>
|
|
|
|
The
|
|
<I>username</I>
|
|
|
|
entry grants a specific user access to all user
|
|
accounts (except root) without supplying a password.
|
|
That means the
|
|
user is NOT restricted to like-named accounts.
|
|
The
|
|
<I>username</I>
|
|
|
|
may
|
|
be (optionally) preceded by a plus (+) sign.
|
|
You can also explicitly
|
|
deny access to a specific user by preceding the
|
|
<I>username</I>
|
|
|
|
with
|
|
a minus (-) sign.
|
|
This says that the user is not trusted no matter
|
|
what other entries for that host exist.
|
|
<P>
|
|
|
|
Netgroups can be specified by preceding the netgroup by an @ sign.
|
|
<P>
|
|
|
|
Be extremely careful when using the plus (+) sign.
|
|
A simple typographical
|
|
error could result in a standalone plus sign.
|
|
A standalone plus sign is
|
|
a wildcard character that means "any host"!
|
|
<A NAME="lbAD"> </A>
|
|
<H2>FILES</H2>
|
|
|
|
<I>/etc/hosts.equiv</I>
|
|
|
|
<A NAME="lbAE"> </A>
|
|
<H2>NOTES</H2>
|
|
|
|
Some systems will honor the contents of this file only when it has owner
|
|
root and no write permission for anybody else.
|
|
Some exceptionally
|
|
paranoid systems even require that there be no other hard links to the file.
|
|
<P>
|
|
|
|
Modern systems use the Pluggable Authentication Modules library (PAM).
|
|
With PAM a standalone plus sign is considered a wildcard
|
|
character which means "any host" only when the word
|
|
<I>promiscuous</I>
|
|
|
|
is added to the auth component line in your PAM file for
|
|
the particular service
|
|
(e.g., <B>rlogin</B>).
|
|
|
|
<A NAME="lbAF"> </A>
|
|
<H2>EXAMPLE</H2>
|
|
|
|
Below are some example
|
|
<I>/etc/host.equiv</I>
|
|
|
|
or
|
|
<I>~/.rhosts</I>
|
|
|
|
files.
|
|
<P>
|
|
|
|
Allow any user to log in from any host:
|
|
<P>
|
|
|
|
<BR> +
|
|
<P>
|
|
|
|
Allow any user from
|
|
<I>host</I>
|
|
|
|
with a matching local account to log in:
|
|
<P>
|
|
|
|
<BR> host
|
|
<P>
|
|
|
|
Note: the use of
|
|
<I>+host</I>
|
|
|
|
is never a valid syntax,
|
|
including attempting to specify that any user from the host is allowed.
|
|
<P>
|
|
|
|
Allow any user from
|
|
<I>host</I>
|
|
|
|
to log in:
|
|
<P>
|
|
|
|
<BR> host +
|
|
<P>
|
|
|
|
Note: this is distinct from the previous example
|
|
since it does not require a matching local account.
|
|
<P>
|
|
|
|
Allow
|
|
<I>user</I>
|
|
|
|
from
|
|
<I>host</I>
|
|
|
|
to log in as any non-root user:
|
|
<P>
|
|
|
|
<BR> host user
|
|
<P>
|
|
|
|
Allow all users with matching local accounts from
|
|
<I>host</I>
|
|
|
|
to log in except for
|
|
<I>baduser</I>:
|
|
|
|
<P>
|
|
|
|
<BR> host -baduser
|
|
<BR> host
|
|
<P>
|
|
|
|
Deny all users from
|
|
<I>host</I>:
|
|
|
|
<P>
|
|
|
|
<BR> -host
|
|
<P>
|
|
|
|
Note: the use of
|
|
<I>-host -user</I>
|
|
|
|
is never a valid syntax,
|
|
including attempting to specify that a particular user from the host
|
|
is not trusted.
|
|
<P>
|
|
|
|
Allow all users with matching local accounts on all hosts in a
|
|
<I>netgroup</I>:
|
|
|
|
<P>
|
|
|
|
<BR> +@netgroup
|
|
<P>
|
|
|
|
Disallow all users on all hosts in a
|
|
<I>netgroup</I>:
|
|
|
|
<P>
|
|
|
|
<BR> -@netgroup
|
|
<P>
|
|
|
|
Allow all users in a
|
|
<I>netgroup</I>
|
|
|
|
to log in from
|
|
<I>host</I>
|
|
|
|
as any non-root user:
|
|
<P>
|
|
|
|
<BR> host +@netgroup
|
|
<P>
|
|
|
|
Allow all users with matching local accounts on all hosts in a
|
|
<I>netgroup</I>
|
|
|
|
except
|
|
<I>baduser</I>:
|
|
|
|
<P>
|
|
|
|
<BR> +@netgroup -baduser
|
|
<BR> +@netgroup
|
|
<P>
|
|
|
|
Note: the deny statements must always precede the allow statements because
|
|
the file is processed sequentially until the first matching rule is found.
|
|
<A NAME="lbAG"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?5+rhosts">rhosts</A></B>(5),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+rlogind">rlogind</A></B>(8),
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+rshd">rshd</A></B>(8)
|
|
|
|
<A NAME="lbAH"> </A>
|
|
<H2>COLOPHON</H2>
|
|
|
|
This page is part of release 5.05 of the Linux
|
|
<I>man-pages</I>
|
|
|
|
project.
|
|
A description of the project,
|
|
information about reporting bugs,
|
|
and the latest version of this page,
|
|
can be found at
|
|
<A HREF="https://www.kernel.org/doc/man-pages/.">https://www.kernel.org/doc/man-pages/.</A>
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="2"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="3"><A HREF="#lbAC">DESCRIPTION</A><DD>
|
|
<DT id="4"><A HREF="#lbAD">FILES</A><DD>
|
|
<DT id="5"><A HREF="#lbAE">NOTES</A><DD>
|
|
<DT id="6"><A HREF="#lbAF">EXAMPLE</A><DD>
|
|
<DT id="7"><A HREF="#lbAG">SEE ALSO</A><DD>
|
|
<DT id="8"><A HREF="#lbAH">COLOPHON</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:03 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|