HOSTS.EQUIV(5N) COMMAND REFERENCE HOSTS.EQUIV(5N) NAME hosts.equiv, .rhosts - control remote access for rsh, rcp, rlogin and rcmd DESCRIPTION The files /etc/hosts.equiv and .rhosts determine which users on which hosts may access the local file system. System utilities like rlogin(1N), rsh(1N), and rcp(1N) use these files. Access is based on user login names listed in /etc/passwd. Therefore it is important from a security standpoint that all hosts allowed access to the local file system are under the same administration (or at least cooperating closely) to prevent accidently assigning the same user login name to two different individuals. The file /etc/hosts.equiv is meant to be used by system administrators to govern which other hosts are allowed access to the local file system. Typically, only host names are specified in this file. Any remote access attempt from any remote user (except root) on a host named in /etc/hosts.equiv will be permitted assuming 1) the remote user has an account on the local machine, and 2) the permissions for the local account allow accessing the target file. It is also possible to limit access to a particular user on a particular host by specifying the user name after the host name. An example hosts.equiv file follows: host1 host2 +@group1 -@group2 A line consisting of a simple host name means that anyone logging in from that host is allowed access. A line consisting of +@group means that all hosts in that network group are allowed access. A line consisting of -@group means that hosts in that group are not allowed access. Programs scan hosts.equiv linearly, and stop at the first entry, either positive for host name and +@ entries, or negative for -@ entries. A line consisting of a single + means that everyone is allowed access. The file .rhosts has the same format as hosts.equiv and is meant to be used by individual users to allow access from their accounts on other remote hosts or to allow access by other remote users to the local user's account. The file must be located in the user's home directory. An example Printed 5/12/88 1
HOSTS.EQUIV(5N) COMMAND REFERENCE HOSTS.EQUIV(5N) .rhosts file follows: host1 peter host2 root In other words, remote accesses from peter on host1 will be allowed. If this example .rhosts file appeared in user scarlett's home directory, then requests from peter on host1 will execute on the local system as if submitted by scarlett. If a user is excluded from hosts.equiv (by a -@ entry) but is included in .rhosts then that user is allowed access to the host. In the special case when the user is root, only the /.rhosts file is checked. It is also possible to have two entries (separated by a single space) on a line of these files. In this case, if the remote host is equivalenced by the first entry, the user named by the second entry is allowed to log in as anyone, that is, specify any name to the -l login flag (provided that name is in the /etc/passwd file, of course). Thus, sundown john allows john to log in from sundown as anyone. The usual usage would be to put this entry in the .rhosts file in the home directory for bill. Then john may log in as bill when coming from sundown. The second entry may be a netgroup, thus +@group1 +@group2 allows any user in group2 coming from a host in group1 to log in as anyone. The hosts.equiv file is read each time access is attempted, so as soon as the file is modified, the latest version of that file will be in effect. FILES In the following files, domain is the name of your domain (host). /etc/hosts.equiv .rhosts /etc/yp/domain/netgroup /etc/yp/domain/netgroup.byuser /etc/yp/domain/netgroup.byhost Printed 5/12/88 2
HOSTS.EQUIV(5N) COMMAND REFERENCE HOSTS.EQUIV(5N) SEE ALSO netgroup(5), rcp(1N), rlogin(1N), rsh(1N), and rcmd(3N). Printed 5/12/88 3
%%index%% na:432,131; de:563,3296;4363,2143; fi:6506,459; se:7469,257; %%index%%000000000094