Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ hosts.equiv(5N) — UTek 3.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

netgroup(5)

rcp(1N)

rlogin(1N)

rsh(1N)

rcmd(3N)



HOSTS.EQUIV(5N)         COMMAND REFERENCE         HOSTS.EQUIV(5N)



NAME
     hosts.equiv, .rhosts - control remote access for rsh, rcp,
     rlogin and rcmd

DESCRIPTION
     The files /etc/hosts.equiv and .rhosts determine which users
     on which hosts may access the local file system.  System
     utilities like rlogin(1N), rsh(1N), and rcp(1N) use these
     files.

     Access is based on user login names listed in /etc/passwd.
     Therefore it is important from a security standpoint that
     all hosts allowed access to the local file system are under
     the same administration (or at least cooperating closely) to
     prevent accidently assigning the same user login name to two
     different individuals.

     The file /etc/hosts.equiv is meant to be used by system
     administrators to govern which other hosts are allowed
     access to the local file system.  Typically, only host names
     are specified in this file.  Any remote access attempt from
     any remote user (except root) on a host named in
     /etc/hosts.equiv will be permitted assuming 1) the remote
     user has an account on the local machine, and 2) the
     permissions for the local account allow accessing the target
     file.

     It is also possible to limit access to a particular user on
     a particular host by specifying the user name after the host
     name.  An example hosts.equiv file follows:

          host1
          host2
          +@group1
          -@group2


     A line consisting of a simple host name means that anyone
     logging in from that host is allowed access.  A line
     consisting of +@group means that all hosts in that network
     group are allowed access.  A line consisting of -@group
     means that hosts in that group are not allowed access.
     Programs scan hosts.equiv linearly, and stop at the first
     entry, either positive for host name and +@ entries, or
     negative for -@ entries.  A line consisting of a single +
     means that everyone is allowed access.

     The file .rhosts has the same format as hosts.equiv and is
     meant to be used by individual users to allow access from
     their accounts on other remote hosts or to allow access by
     other remote users to the local user's account.  The file
     must be located in the user's home directory.  An example



Printed 5/12/88                                                 1





HOSTS.EQUIV(5N)         COMMAND REFERENCE         HOSTS.EQUIV(5N)



     .rhosts file follows:

          host1 peter
          host2 root


     In other words, remote accesses from peter on host1 will be
     allowed.  If this example .rhosts file appeared in user
     scarlett's home directory, then requests from peter on host1
     will execute on the local system as if submitted by
     scarlett.

     If a user is excluded from hosts.equiv (by a -@ entry) but
     is included in .rhosts then that user is allowed access to
     the host.  In the special case when the user is root, only
     the /.rhosts file is checked.

     It is also possible to have two entries (separated by a
     single space) on a line of these files.  In this case, if
     the remote host is equivalenced by the first entry, the user
     named by the second entry is allowed to log in as anyone,
     that is, specify any name to the -l login flag (provided
     that name is in the /etc/passwd file, of course).  Thus,

          sundown john

     allows john to log in from sundown as anyone.  The usual
     usage would be to put this entry in the .rhosts file in the
     home directory for bill.  Then john may log in as bill when
     coming from sundown.  The second entry may be a netgroup,
     thus

          +@group1 +@group2

     allows any user in group2 coming from a host in group1 to
     log in as anyone.

     The hosts.equiv file is read each time access is attempted,
     so as soon as the file is modified, the latest version of
     that file will be in effect.

FILES
     In the following files, domain is the name of your domain
     (host).

     /etc/hosts.equiv
     .rhosts
     /etc/yp/domain/netgroup
     /etc/yp/domain/netgroup.byuser
     /etc/yp/domain/netgroup.byhost





Printed 5/12/88                                                 2





HOSTS.EQUIV(5N)         COMMAND REFERENCE         HOSTS.EQUIV(5N)



SEE ALSO
     netgroup(5), rcp(1N), rlogin(1N), rsh(1N), and rcmd(3N).





















































Printed 5/12/88                                                 3





































































%%index%%
na:432,131;
de:563,3296;4363,2143;
fi:6506,459;
se:7469,257;
%%index%%000000000094

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026