]>
Commit | Line | Data |
---|---|---|
fea681da | 1 | .\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de> |
2297bf0e | 2 | .\" |
fd0fc519 | 3 | .\" %%%LICENSE_START(GPL_NOVERSION_ONELINE) |
fea681da | 4 | .\" This file may be distributed under the GNU General Public License. |
fd0fc519 | 5 | .\" %%%LICENSE_END |
fea681da MK |
6 | .TH HOSTS.EQUIV 5 2003-08-24 "Linux" "Linux Programmer's Manual" |
7 | .SH NAME | |
8 | /etc/hosts.equiv \- list of hosts and users that are granted "trusted" | |
9 | \fBr\fP command access to your system | |
10 | .SH DESCRIPTION | |
11 | The \fBhosts.equiv\fP file allows or denies hosts and users to use | |
75b94dc3 | 12 | the \fBr\fP-commands (e.g., \fBrlogin\fP, \fBrsh\fP or \fBrcp\fP) without |
fea681da MK |
13 | supplying a password. |
14 | .PP | |
15 | The file uses the following format: | |
16 | .TP | |
4d9b6984 | 17 | \fI[ + | \- ]\fP \fI[hostname]\fP \fI[username]\fP |
fea681da MK |
18 | .PP |
19 | The \fIhostname\fP is the name of a host which is logically equivalent | |
c13182ef MK |
20 | to the local host. |
21 | Users logged into that host are allowed to access | |
fea681da MK |
22 | like-named user accounts on the local host without supplying a password. |
23 | The \fIhostname\fP may be (optionally) preceded by a plus (+) sign. | |
24 | If the plus sign is used alone it allows any host to access your system. | |
9fdfa163 | 25 | You can explicitly deny access to a host by preceding the \fIhostname\fP |
c13182ef MK |
26 | by a minus (\-) sign. |
27 | Users from that host must always supply a password. | |
fea681da MK |
28 | For security reasons you should always use the FQDN of the hostname and |
29 | not the short hostname. | |
30 | .PP | |
31 | The \fIusername\fP entry grants a specific user access to all user | |
c13182ef MK |
32 | accounts (except root) without supplying a password. |
33 | That means the | |
34 | user is NOT restricted to like-named accounts. | |
35 | The \fIusername\fP may | |
36 | be (optionally) preceded by a plus (+) sign. | |
37 | You can also explicitly | |
fea681da | 38 | deny access to a specific user by preceding the \fIusername\fP with |
c13182ef MK |
39 | a minus (\-) sign. |
40 | This says that the user is not trusted no matter | |
fea681da MK |
41 | what other entries for that host exist. |
42 | .PP | |
43 | Netgroups can be specified by preceding the netgroup by an @ sign. | |
44 | .PP | |
c13182ef MK |
45 | Be extremely careful when using the plus (+) sign. |
46 | A simple typographical | |
47 | error could result in a standalone plus sign. | |
48 | A standalone plus sign is | |
fea681da MK |
49 | a wildcard character that means "any host"! |
50 | .SH FILES | |
51 | .I /etc/hosts.equiv | |
52 | .SH NOTES | |
53 | Some systems will only honor the contents of this file when it has owner | |
c13182ef MK |
54 | root and no write permission for anybody else. |
55 | Some exceptionally | |
fea681da MK |
56 | paranoid systems even require that there be no other hard links to the file. |
57 | .PP | |
58 | Modern systems use the Pluggable Authentication Modules library (PAM). | |
59 | With PAM a standalone plus sign is only considered a wildcard | |
60 | character which means "any host" when the word | |
61 | .I promiscuous | |
62 | is added to the auth component line in your PAM file for | |
63 | the particular service | |
75b94dc3 | 64 | .RB "(e.g., " rlogin ). |
47297adb | 65 | .SH SEE ALSO |
fea681da MK |
66 | .BR rhosts (5), |
67 | .BR rlogind (8), | |
68 | .BR rshd (8) |