home   contributing   bugs   download   online pages  

NAME | DESCRIPTION | FILES | NOTES | SEE ALSO | COLOPHON 


HOSTS.EQUIV(5)                Linux Programmer's Manual                HOSTS.EQUIV(5)

NAME         top

       /etc/hosts.equiv  -  list of hosts and users that are granted "trusted" r com-
       mand access to your system

DESCRIPTION         top

       The hosts.equiv file allows or denies hosts and users to use the r-commands
       (e.g., rlogin, rsh or rcp) without supplying a password.

       The file uses the following format:

       [ + | - ] [hostname] [username]

       The hostname is the name of a host which is logically equivalent to the local
       host.  Users logged into that host are allowed to access like-named user
       accounts on the local host without supplying a password.  The hostname may be
       (optionally) preceded by a plus (+) sign.  If the plus sign is used alone it
       allows any host to access your system.  You can explicitly deny access to a
       host by preceding the hostname by a minus (-) sign.  Users from that host must
       always supply a password.  For security reasons you should always use the FQDN
       of the hostname and not the short hostname.

       The username entry grants a specific user access to all user accounts (except
       root) without supplying a password.  That means the user is NOT restricted to
       like-named accounts.  The username may be (optionally) preceded by a plus (+)
       sign.  You can also explicitly deny access to a specific user by preceding the
       username with a minus (-) sign.  This says that the user is not trusted no
       matter what other entries for that host exist.

       Netgroups can be specified by preceding the netgroup by an @ sign.

       Be extremely careful when using the plus (+) sign.  A simple typographical
       error could result in a standalone plus sign.  A standalone plus sign is a
       wildcard character that means "any host"!

FILES         top

       /etc/hosts.equiv

NOTES         top

       Some systems will only honor the contents of this file when it has owner root
       and no write permission for anybody else.  Some exceptionally paranoid systems
       even require that there be no other hard links to the file.

       Modern systems use the Pluggable Authentication Modules library (PAM).  With
       PAM a standalone plus sign is only considered a wildcard character which means
       "any host" when the word promiscuous is added to the auth component line in
       your PAM file for the particular service (e.g., rlogin).

SEE ALSO         top

       rhosts(5), rlogind(8), rshd(8)

COLOPHON         top

       This page is part of release 3.23 of the Linux man-pages project.  A
       description of the project, and information about reporting bugs, can be found
       at http://www.kernel.org/doc/man-pages/.

Linux                                 2003-08-24                       HOSTS.EQUIV(5)