hosts.equiv(4M) DG/UX R4.11MU05 hosts.equiv(4M)
NAME
hosts.equiv - file format list of trusted hosts database
DESCRIPTION
The hosts.equiv file, located in the /etc directory, gives the system
administrator the ability to control remote access. The .rhosts
file, located in a local user's home directory, gives each user the
ability to control remote access.
When a remote user on a remote host makes an rlogin(1C) or
remsh(1C)(formerly rsh) request, the ruserok(rcmd(3X)) function scans
the trusted host entries in hosts.equiv and .rhosts to determine if
the remote user on the remote host is trusted. If trusted, then the
user is allowed remote access; rlogin does not prompt for a password,
and remsh executes. Otherwise, rlogin prompts for a password, and
remsh does not execute.
The ruserok function allows remote access if either hosts.equiv or
.rhosts allows remote access. If hosts.equiv denies remote access
but .rhosts allows remote access, then remote access is allowed. If
the local user is root(user id is 0), then only .rhosts is searched.
A trusted host entry can allow remote access, deny remote access, or
make no decision. The ruserok function scans each file linearly,
allowing or denying remote access based on the first entry that
allows or denies remote access. If no entry allows or denies remote
access, then remote access is denied. If an entry in hosts.equiv
denies remote access before another entry in hosts.equiv allows
remote access, then remote access is denied by hosts.equiv. However,
remote access can still be allowed by .rhosts.
The hosts.equiv and .rhosts files have one trusted host entry per
line. A trusted host entry consists of a hostname expression and an
optional username expression, delimited by any number of blanks
and/or tab characters. An entry allows remote access if both the
hostname expression and the username expression allow remote access.
An entry denies remote access if the hostname expression denies
remote access, or the hostname expression allows remote access but
the username expression denies remote access.
The hostname expression can be any of the following:
+ Allow remote access to all hosts.
+@groupname
Allow remote access to all hosts in the netgroup(4)
groupname.
-@groupname
Deny remote access to all hosts in the netgroup groupname.
hostname
Allow remote access to the host named hostname.
-hostname
Deny remote access to the host named hostname.
If the domain name system is used, a separate entry must be made for
the simple and the fully-qualified hostnames. For example, sales and
sales.hq.acme.com. If the remote host has more than one interface, a
separate entry must be made for each of the host's interfaces. For
example, accounting and accounting-alt.
The username expression can be any of the following:
+ Allow remote access to all users.
+@groupname
Allow remote access to all users in the netgroup groupname.
-@groupname
Deny remote access to all users in the netgroup groupname.
username
Allow remote access to the user named username.
-username
Deny remote access to the user named username.
If the username expression is omitted, then remote access is allowed
if the remote username and the local username are the same. For
example, the remote user bob must log in to the local host as bob,
not as sally or billy.
EXAMPLE
The following is an example hosts.equiv file:
+ +@engineering
+ -@marketing
+ -billy
sales
sales.org.acme.com
sales-alt
sales-alt.org.acme.com
-accounting
-accounting.org.acme.com
qa sally
qa.org.acme.com sally
The first entry allows remote access to all users in the netgroup
engineering. The next entry denies remote access to all users in the
netgroup marketing. The third entry denies remote access to billy
from all hosts. If billy were in the netgroup engineering, he would
have already been allowed remote access with the first entry. The
sales entries allow remote access to users on the host sales who log
in with the same remote and local usernames. The host sales has two
interfaces named sales and sales-alt. Since the domain name system
is being used, there are separate entries for the simple name, sales,
and the fully-qualified name, sales.org.acme.com. The next two
entries deny remote access to users on the host accounting. The last
two entries allow remote access to sally from host qa.
FILES
/etc/hosts.equiv
~/.rhosts
SEE ALSO
hostname(1C), remsh(1C), rlogin(1C), rcmd(3X), netgroup(4).
Licensed material--property of copyright holder(s)