]>
Commit | Line | Data |
---|---|---|
fea681da MK |
1 | .\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de> |
2 | .\" This file may be distributed under the GNU General Public License. | |
3 | .TH HOSTS.EQUIV 5 2003-08-24 "Linux" "Linux Programmer's Manual" | |
4 | .SH NAME | |
5 | /etc/hosts.equiv \- list of hosts and users that are granted "trusted" | |
6 | \fBr\fP command access to your system | |
7 | .SH DESCRIPTION | |
8 | The \fBhosts.equiv\fP file allows or denies hosts and users to use | |
75b94dc3 | 9 | the \fBr\fP-commands (e.g., \fBrlogin\fP, \fBrsh\fP or \fBrcp\fP) without |
fea681da MK |
10 | supplying a password. |
11 | .PP | |
12 | The file uses the following format: | |
13 | .TP | |
4d9b6984 | 14 | \fI[ + | \- ]\fP \fI[hostname]\fP \fI[username]\fP |
fea681da MK |
15 | .PP |
16 | The \fIhostname\fP is the name of a host which is logically equivalent | |
c13182ef MK |
17 | to the local host. |
18 | Users logged into that host are allowed to access | |
fea681da MK |
19 | like-named user accounts on the local host without supplying a password. |
20 | The \fIhostname\fP may be (optionally) preceded by a plus (+) sign. | |
21 | If the plus sign is used alone it allows any host to access your system. | |
9fdfa163 | 22 | You can explicitly deny access to a host by preceding the \fIhostname\fP |
c13182ef MK |
23 | by a minus (\-) sign. |
24 | Users from that host must always supply a password. | |
fea681da MK |
25 | For security reasons you should always use the FQDN of the hostname and |
26 | not the short hostname. | |
27 | .PP | |
28 | The \fIusername\fP entry grants a specific user access to all user | |
c13182ef MK |
29 | accounts (except root) without supplying a password. |
30 | That means the | |
31 | user is NOT restricted to like-named accounts. | |
32 | The \fIusername\fP may | |
33 | be (optionally) preceded by a plus (+) sign. | |
34 | You can also explicitly | |
fea681da | 35 | deny access to a specific user by preceding the \fIusername\fP with |
c13182ef MK |
36 | a minus (\-) sign. |
37 | This says that the user is not trusted no matter | |
fea681da MK |
38 | what other entries for that host exist. |
39 | .PP | |
40 | Netgroups can be specified by preceding the netgroup by an @ sign. | |
41 | .PP | |
c13182ef MK |
42 | Be extremely careful when using the plus (+) sign. |
43 | A simple typographical | |
44 | error could result in a standalone plus sign. | |
45 | A standalone plus sign is | |
fea681da MK |
46 | a wildcard character that means "any host"! |
47 | .SH FILES | |
48 | .I /etc/hosts.equiv | |
49 | .SH NOTES | |
50 | Some systems will only honor the contents of this file when it has owner | |
c13182ef MK |
51 | root and no write permission for anybody else. |
52 | Some exceptionally | |
fea681da MK |
53 | paranoid systems even require that there be no other hard links to the file. |
54 | .PP | |
55 | Modern systems use the Pluggable Authentication Modules library (PAM). | |
56 | With PAM a standalone plus sign is only considered a wildcard | |
57 | character which means "any host" when the word | |
58 | .I promiscuous | |
59 | is added to the auth component line in your PAM file for | |
60 | the particular service | |
75b94dc3 | 61 | .RB "(e.g., " rlogin ). |
47297adb | 62 | .SH SEE ALSO |
fea681da MK |
63 | .BR rhosts (5), |
64 | .BR rlogind (8), | |
65 | .BR rshd (8) |