|
Packit |
7cfc04 |
.\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de>
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_START(GPL_NOVERSION_ONELINE)
|
|
Packit |
7cfc04 |
.\" This file may be distributed under the GNU General Public License.
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_END
|
|
Packit |
7cfc04 |
.TH HOSTS.EQUIV 5 2015-07-23 "Linux" "Linux Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
hosts.equiv \- list of hosts and users that are granted "trusted"
|
|
Packit |
7cfc04 |
.B r
|
|
Packit |
7cfc04 |
command access to your system
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
The file
|
|
Packit |
7cfc04 |
.I /etc/hosts.equiv
|
|
Packit |
7cfc04 |
allows or denies hosts and users to use
|
|
Packit |
7cfc04 |
the \fBr\fP-commands (e.g.,
|
|
Packit |
7cfc04 |
.BR rlogin ,
|
|
Packit |
7cfc04 |
.BR rsh ,
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.BR rcp )
|
|
Packit |
7cfc04 |
without
|
|
Packit |
7cfc04 |
supplying a password.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The file uses the following format:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
\fI+|[\-]hostname|+@netgroup|\-@netgroup\fP \fI[+|[\-]username|+@netgroup|\-@netgroup]\fP
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I hostname
|
|
Packit |
7cfc04 |
is the name of a host which is logically equivalent
|
|
Packit |
7cfc04 |
to the local host.
|
|
Packit |
7cfc04 |
Users logged into that host are allowed to access
|
|
Packit |
7cfc04 |
like-named user accounts on the local host without supplying a password.
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I hostname
|
|
Packit |
7cfc04 |
may be (optionally) preceded by a plus (+) sign.
|
|
Packit |
7cfc04 |
If the plus sign is used alone, it allows any host to access your system.
|
|
Packit |
7cfc04 |
You can explicitly deny access to a host by preceding the
|
|
Packit |
7cfc04 |
.I hostname
|
|
Packit |
7cfc04 |
by a minus (\-) sign.
|
|
Packit |
7cfc04 |
Users from that host must always supply additional credentials,
|
|
Packit |
7cfc04 |
including possibly a password. For security reasons you should always
|
|
Packit |
7cfc04 |
use the FQDN of the hostname and not the short hostname.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I username
|
|
Packit |
7cfc04 |
entry grants a specific user access to all user
|
|
Packit |
7cfc04 |
accounts (except root) without supplying a password.
|
|
Packit |
7cfc04 |
That means the
|
|
Packit |
7cfc04 |
user is NOT restricted to like-named accounts.
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.I username
|
|
Packit |
7cfc04 |
may
|
|
Packit |
7cfc04 |
be (optionally) preceded by a plus (+) sign.
|
|
Packit |
7cfc04 |
You can also explicitly
|
|
Packit |
7cfc04 |
deny access to a specific user by preceding the
|
|
Packit |
7cfc04 |
.I username
|
|
Packit |
7cfc04 |
with
|
|
Packit |
7cfc04 |
a minus (\-) sign.
|
|
Packit |
7cfc04 |
This says that the user is not trusted no matter
|
|
Packit |
7cfc04 |
what other entries for that host exist.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Netgroups can be specified by preceding the netgroup by an @ sign.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Be extremely careful when using the plus (+) sign.
|
|
Packit |
7cfc04 |
A simple typographical
|
|
Packit |
7cfc04 |
error could result in a standalone plus sign.
|
|
Packit |
7cfc04 |
A standalone plus sign is
|
|
Packit |
7cfc04 |
a wildcard character that means "any host"!
|
|
Packit |
7cfc04 |
.SH FILES
|
|
Packit |
7cfc04 |
.I /etc/hosts.equiv
|
|
Packit |
7cfc04 |
.SH NOTES
|
|
Packit |
7cfc04 |
Some systems will honor the contents of this file only when it has owner
|
|
Packit |
7cfc04 |
root and no write permission for anybody else.
|
|
Packit |
7cfc04 |
Some exceptionally
|
|
Packit |
7cfc04 |
paranoid systems even require that there be no other hard links to the file.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Modern systems use the Pluggable Authentication Modules library (PAM).
|
|
Packit |
7cfc04 |
With PAM a standalone plus sign is considered a wildcard
|
|
Packit |
7cfc04 |
character which means "any host" only when the word
|
|
Packit |
7cfc04 |
.I promiscuous
|
|
Packit |
7cfc04 |
is added to the auth component line in your PAM file for
|
|
Packit |
7cfc04 |
the particular service
|
|
Packit |
7cfc04 |
.RB "(e.g., " rlogin ).
|
|
Packit |
7cfc04 |
.SH EXAMPLE
|
|
Packit |
7cfc04 |
Below are some example
|
|
Packit |
7cfc04 |
.I /etc/host.equiv
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.I ~/.rhosts
|
|
Packit |
7cfc04 |
files.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow any user to log in from any host:
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
+
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow any user from
|
|
Packit |
7cfc04 |
.I host
|
|
Packit |
7cfc04 |
with a matching local account to log in:
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
host
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Note: the use of
|
|
Packit |
7cfc04 |
.I +host
|
|
Packit |
7cfc04 |
is never a valid syntax,
|
|
Packit |
7cfc04 |
including attempting to specify that any user from the host is allowed.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow any user from
|
|
Packit |
7cfc04 |
.I host
|
|
Packit |
7cfc04 |
to log in:
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
host +
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Note: this is distinct from the previous example
|
|
Packit |
7cfc04 |
since it does not require a matching local account.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow
|
|
Packit |
7cfc04 |
.I user
|
|
Packit |
7cfc04 |
from
|
|
Packit |
7cfc04 |
.I host
|
|
Packit |
7cfc04 |
to log in as any non-root user:
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
host user
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow all users with matching local accounts from
|
|
Packit |
7cfc04 |
.I host
|
|
Packit |
7cfc04 |
to log in except for
|
|
Packit |
7cfc04 |
.IR baduser :
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
host \-baduser
|
|
Packit |
7cfc04 |
host
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Deny all users from
|
|
Packit |
7cfc04 |
.IR host :
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
\-host
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Note: the use of
|
|
Packit |
7cfc04 |
.I "\-host\ \-user"
|
|
Packit |
7cfc04 |
is never a valid syntax,
|
|
Packit |
7cfc04 |
including attempting to specify that a particular user from the host
|
|
Packit |
7cfc04 |
is not trusted.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow all users with matching local accounts on all hosts in a
|
|
Packit |
7cfc04 |
.IR netgroup :
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
+@netgroup
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Disallow all users on all hosts in a
|
|
Packit |
7cfc04 |
.IR netgroup :
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
\-@netgroup
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow all users in a
|
|
Packit |
7cfc04 |
.I netgroup
|
|
Packit |
7cfc04 |
to log in from
|
|
Packit |
7cfc04 |
.IR host
|
|
Packit |
7cfc04 |
as any non-root user:
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
host +@netgroup
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Allow all users with matching local accounts on all hosts in a
|
|
Packit |
7cfc04 |
.I netgroup
|
|
Packit |
7cfc04 |
except
|
|
Packit |
7cfc04 |
.IR baduser :
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
+@netgroup \-baduser
|
|
Packit |
7cfc04 |
+@netgroup
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
Note: the deny statements must always precede the allow statements because
|
|
Packit |
7cfc04 |
the file is processed sequentially until the first matching rule is found.
|
|
Packit |
7cfc04 |
.SH SEE ALSO
|
|
Packit |
7cfc04 |
.BR rhosts (5),
|
|
Packit |
7cfc04 |
.BR rlogind (8),
|
|
Packit |
7cfc04 |
.BR rshd (8)
|
|
Packit |
7cfc04 |
.SH COLOPHON
|
|
Packit |
7cfc04 |
This page is part of release 4.15 of the Linux
|
|
Packit |
7cfc04 |
.I man-pages
|
|
Packit |
7cfc04 |
project.
|
|
Packit |
7cfc04 |
A description of the project,
|
|
Packit |
7cfc04 |
information about reporting bugs,
|
|
Packit |
7cfc04 |
and the latest version of this page,
|
|
Packit |
7cfc04 |
can be found at
|
|
Packit |
7cfc04 |
\%https://www.kernel.org/doc/man\-pages/.
|