Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ net_acc(NF) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rexd(NADM)

rshd(ADMN)


 net_access(NF)                                                net_access(NF)


 Name

    net_access - allow/deny client access to network services

 Syntax

    /etc/service.allow
    /etc/service.deny

 Description

    Some network service daemons allow the system administrator to allow or
    deny access to that service on a per user/host basis.  The files
    /etc/service.allow and /etc/service.deny contain triples which specify
    individual users or groups of users to be allowed or denied access to a
    particular service.

    Each triple consists of three whitespace-separated values on a single
    line.  The first value contains the name of a network host to which this
    triple applies; the special entry ``*'' may be used to identify all
    hosts. (If a host is known by its host name and by aliases, then any tri-
    ple for that host must have one triple entry with the host name as the
    first value and a duplicate triple entry for each alias with the alias as
    the first value.)  The second value contains one of the keywords user,
    group, subsystem, or kernel to mean that this triple applies to a single
    user, a single group, a group of users having some subsystem authoriza-
    tion, or a group of users having some kernel authorization. The third
    value is a local instance of the class identified by the second value,
    i.e. a local user name, a local group name, a local subsystem authoriza-
    tion, or a local kernel authorization. In all cases, the special entry
    ``*'' may be used as the third value to identify all instances of the
    class identified by the second value.

    If the allow file for a particular service exists, then all requests from
    remote hosts for that service are checked to see that the user making the
    request is identified by at least one of the triples in the allow file.
    The service is denied if the allow file exists and this check fails.

    If no allow file for a particular service exists, but a deny file does
    exist, then all requests from remote hosts for that service are checked
    to see that the user making the request is not identified by any of the
    triples in the deny file. The service is denied if any of the deny file
    triples identify the host/user making the request.

    If neither the allow nor the deny files exist for a particular service,
    access to the service is permitted in the normal fashion.

 Examples

    Typical /etc/net.allow file:

       *                     user           paulm
       *                     group          sales
       machine1              subsystem      backup
       machine1.sco.com      subsystem      backup
       machine2              user           *
       machine2.sco.com      user           *

    This restricts access to the rexd service to user paulm (from any host),
    any member of local group sales, any user from host machine1 who would
    have the backup subsystem privilege on the local host, and all users from
    host machine2.

    Typical /etc/net.deny file:

       *                     subsystem       auth
       *                     user            fred
       machine3              group           engineers
       machine3.sco.com      group           engineers

    This denies access to the rexd service to any user from any host who
    would have the auth subsystem privilege, user fred (from any host), and
    any member of local group engineers from host machine3.

 Files

    /etc/service.allow  hosts/users to be allowed access to service
    /etc/service.deny   hosts/users to be denied access to service

 See also

    rexd(NADM), rshd(ADMN)

 Notes

    At present, only the following use the net_access facility: RPC remote
    execution server rexd and remote shell server rshd.


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026