hosts.equiv - A file containing the names of remote systems and users that
can execute commands on the local system
The /etc/hosts.equiv file and the .rhosts file in a user's home directory
contain the names of remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is allowed to access a
local nonsuperuser account with the rsh command or rcp command, or to log
in to such an account without having to supply a password.
The /etc/hosts.equiv file specifies equivalence for an entire system, while
a user's .rhosts file specifies equivalence between that user and remote
users. The local user and the target system exist in the same area as the
hosts.equiv file. The .rhosts file must be owned by the user in whose home
directory the file is located, or by the superuser. It cannot be a sym-
Each line, or entry, in hosts.equiv or .rhosts may consist of the follow-
+ A blank line.
+ A comment (begins with a #).
+ A host name (a string of any printable characters except newline, #,
or white space). In addition, an NIS netgroup can be specified in
place of the host name.
+ A host name followed by white space and a user name. In addition, an
NIS netgroup can be specified in place of the host name, user name, or
+ A single plus (+) character. This means any host and user.
+ The keyword NO_PLUS. This keyword disallows the use of the plus char-
acter (+) to match any host or user on a system-wide basis. By
default, the line containing this keyword is a comment. Remove the
comment character to disallow the use of the plus character.
Entries in the hosts.equiv file are either positive or negative. Positive
entries allow access; negative entries deny access. The following entries
In addition, the plus sign (+) can be used in place of the host name or
user name. In place of the host name, it means any remote host. In place of
the user name, it means any user.
The following entries are negative:
To be allowed access or denied access, a user's remote host name and user
name must match an entry in hosts.equiv or .rhosts. The hosts.equiv file
is searched first; if a match is found, the search ends. Therefore, the
order in which the positive and negative entries appear is important. If a
match is not found, .rhosts is searched if it exists in the user's home
A host name or user name can match an entry in hosts.equiv in one of the
+ The official host name (not an alias) of the remote host matches a
host name in hosts.equiv.
+ The remote user name matches a user name in hosts.equiv.
+ If a user name parameter is included in the hosts.equiv file, this
means that the remote user is a trusted user and is allowed to rlogin
to any local user account without being prompted for a password. Oth-
erwise, if the user name parameter is not specified in the hosts.equiv
file, the name of the remote user must match that of the local user.
+ If the remote user name does not match a user name in hosts.equiv, the
remote user name matches the local user name.
For security purposes, the files /etc/hosts.equiv and .rhosts should exist
and be readable and writable only by the owner, even if they are empty.
The following are sample entries in an /etc/hosts.equiv file:
# Allows access to users on host1 and host2 that have accounts
on this host:
# Allows access to user johnson on host1 to any local user:
# Allows access to all users on systems specified in netgroup chicago
# Denies access to users specified in netgroup finance on host5
# Allows access to all users on all systems except root
Commands: rcp(1), rlogin(1), rsh(1)
Daemons: rlogind(8), rshd(8)