unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



hosts.equiv(4)						       hosts.equiv(4)



NAME
  hosts.equiv -	A file containing the names of remote systems and users	that
  can execute commands on the local system

SYNOPSIS

  /etc/hosts.equiv

DESCRIPTION

  The /etc/hosts.equiv file and	the .rhosts file in a user's home directory
  contain the names of remote hosts and	users that are equivalent to the
  local	host or	user.  An equivalent host or user is allowed to	access a
  local	nonsuperuser account with the rsh command or rcp command, or to	log
  in to	such an	account	without	having to supply a password.

  The /etc/hosts.equiv file specifies equivalence for an entire	system,	while
  a user's .rhosts file	specifies equivalence between that user	and remote
  users.  The local user and the target	system exist in	the same area as the
  hosts.equiv file.  The .rhosts file must be owned by the user	in whose home
  directory the	file is	located, or by the superuser.  It cannot be a sym-
  bolic	link.

  Each line, or	entry, in hosts.equiv or .rhosts may consist of	the follow-
  ing:

    +  A blank line.

    +  A comment (begins with a	#).

    +  A host name (a string of	any printable characters except	newline, #,
       or white	space).	In addition, an	NIS netgroup can be specified in
       place of	the host name.

    +  A host name followed by white space and a user name. In addition, an
       NIS netgroup can	be specified in	place of the host name,	user name, or
       both.

    +  A single	plus (+) character. This means any host	and user.

    +  The keyword NO_PLUS. This keyword disallows the use of the plus char-
       acter (+) to match any host or user on a	system-wide basis. By
       default,	the line containing this keyword is a comment. Remove the
       comment character to disallow the use of	the plus character.

  Entries in the hosts.equiv file are either positive or negative. Positive
  entries allow	access;	negative entries deny access. The following entries
  are positive:

       host name
       user name
       +@netgroup

  In addition, the plus	sign (+) can be	used in	place of the host name or
  user name. In	place of the host name,	it means any remote host. In place of
  the user name, it means any user.

  The following	entries	are negative:

       -host name
       -user name
       -@netgroup

  To be	allowed	access or denied access, a user's remote host name and user
  name must match an entry in hosts.equiv or .rhosts.  The hosts.equiv file
  is searched first; if	a match	is found, the search ends.  Therefore, the
  order	in which the positive and negative entries appear is important.	If a
  match	is not found, .rhosts is searched if it	exists in the user's home
  directory.

  A host name or user name can match an	entry in hosts.equiv in	one of the
  following ways:

    +  The official host name (not an alias) of	the remote host	matches	a
       host name in hosts.equiv.

    +  The remote user name matches a user name	in hosts.equiv.

    +  If a user name parameter	is included in the hosts.equiv file, this
       means that the remote user is a trusted user and	is allowed to rlogin
       to any local user account without being prompted	for a password.	Oth-
       erwise, if the user name	parameter is not specified in the hosts.equiv
       file, the name of the remote user must match that of the	local user.

    +  If the remote user name does not	match a	user name in hosts.equiv, the
       remote user name	matches	the local user name.

CAUTIONS

  For security purposes, the files /etc/hosts.equiv and	.rhosts	should exist
  and be readable and writable only by the owner, even if they are empty.

EXAMPLES

  The following	are sample entries in an /etc/hosts.equiv file:

       # Allows	access to users	on host1 and host2 that	have accounts
       on this host:
       host1
       host2

       # Allows	access to user johnson on host1	to any local user:
       host1 johnson

       # Allows	access to all users on systems specified in netgroup chicago
       +@chicago

       # Denies	access to users	specified in netgroup finance on host5
       host5 -@finance

       # Allows	access to all users on all systems except root
       + -root

RELATED	INFORMATION

  Commands: rcp(1), rlogin(1), rsh(1)

  Functions: ruserok(3).

  Files: netgroup(4)

  Daemons: rlogind(8), rshd(8)