diff options
Diffstat (limited to 'man5/hosts.equiv.5')
-rw-r--r-- | man5/hosts.equiv.5 | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/man5/hosts.equiv.5 b/man5/hosts.equiv.5 new file mode 100644 index 000000000..cbc0eb3e0 --- /dev/null +++ b/man5/hosts.equiv.5 @@ -0,0 +1,56 @@ +.\" Copyright (c) 1995 Peter Tobias <tobias@et-inf.fho-emden.de> +.\" This file may be distributed under the GNU General Public License. +.TH HOSTS.EQUIV 5 2003-08-24 "Linux" "Linux Programmer's Manual" +.SH NAME +/etc/hosts.equiv \- list of hosts and users that are granted "trusted" +\fBr\fP command access to your system +.SH DESCRIPTION +The \fBhosts.equiv\fP file allows or denies hosts and users to use +the \fBr\fP-commands (e.g. \fBrlogin\fP, \fBrsh\fP or \fBrcp\fP) without +supplying a password. +.PP +The file uses the following format: +.TP +\fI[ + | - ]\fP \fI[hostname]\fP \fI[username]\fP +.PP +The \fIhostname\fP is the name of a host which is logically equivalent +to the local host. Users logged into that host are allowed to access +like-named user accounts on the local host without supplying a password. +The \fIhostname\fP may be (optionally) preceded by a plus (+) sign. +If the plus sign is used alone it allows any host to access your system. +You can expicitly deny access to a host by preceding the \fIhostname\fP +by a minus (-) sign. Users from that host must always supply a password. +For security reasons you should always use the FQDN of the hostname and +not the short hostname. +.PP +The \fIusername\fP entry grants a specific user access to all user +accounts (except root) without supplying a password. That means the +user is NOT restricted to like-named accounts. The \fIusername\fP may +be (optionally) preceded by a plus (+) sign. You can also explicitly +deny access to a specific user by preceding the \fIusername\fP with +a minus (-) sign. This says that the user is not trusted no matter +what other entries for that host exist. +.PP +Netgroups can be specified by preceding the netgroup by an @ sign. +.PP +Be extremely careful when using the plus (+) sign. A simple typographical +error could result in a standalone plus sign. A standalone plus sign is +a wildcard character that means "any host"! +.SH FILES +.I /etc/hosts.equiv +.SH NOTES +Some systems will only honor the contents of this file when it has owner +root and no write permission for anybody else. Some exceptionally +paranoid systems even require that there be no other hard links to the file. +.PP +Modern systems use the Pluggable Authentication Modules library (PAM). +With PAM a standalone plus sign is only considered a wildcard +character which means "any host" when the word +.I promiscuous +is added to the auth component line in your PAM file for +the particular service +.RB "(e.g. " rlogin ). +.SH "SEE ALSO" +.BR rhosts (5), +.BR rlogind (8), +.BR rshd (8) |