hosts_options(5) hosts_options(5)
NAME [Toc] [Back]
hosts_options - host access control language extensions
DESCRIPTION [Toc] [Back]
This manual page describes the optional extensions to the language
described in the hosts_access(5) manual page.
The extensible language uses the following format:
daemon_list : client_list : option : option ...
The first two fields are described in the hosts_access(5) manual page.
Briefly, daemon_list is a list of one or more daemon process names or
wildcards. client_list is a list of one or more host names, host
addresses, patterns or wildcards that will be matched against the
client host name or address.
The remainder of the rules is a list of zero or more options. Any ":"
characters within options must be protected with a backslash "\".
An option is of the form "keyword" or "keyword value". Options are
processed in the specified order. Some options are subjected to
%letter substitutions. For the sake of backwards compatibility with
earlier versions, an equals sign "=" is permitted between keyword and
value.
Logging Options [Toc] [Back]
severity mail.info
severity notice
Change the severity level at which the event will be logged. Facility
names (such as mail) are optional and are not supported on systems
with older syslog implementations. See syslog(3C) related to
facilities. The severity option can be used to emphasize or to ignore
specific events.
Access Control Options [Toc] [Back]
allow
deny
Grant or deny the service for allow and deny options respectively.
These options must appear at the end of a rule.
The allow and deny keywords make it possible to keep all access
control rules within a single file, for example in the hosts.allow
file. Examples are as follows:
To permit access from specific hosts only:
ALL: .friendly.domain: ALLOW
ALL: ALL: DENY
Hewlett-Packard Company - 1 - HP-UX 11i Version 2: August 2003
hosts_options(5) hosts_options(5)
To permit access from all hosts except a few trouble-makers:
ALL: .bad.domain: DENY
ALL: ALL: ALLOW
Notice the leading dot (.) on the domain name patterns.
Running Other Commands [Toc] [Back]
spawn shell_command
Execute, in a child process, the specified shell command, after
performing the %letter expansions described in the
hosts_access(5) manual page. The command is executed with stdin,
stdout and stderr connected to the null device, so that it will
not mess up the conversation with the client host. For example:
spawn (/usr/bin/sffinger -l @%h | \
/usr/bin/mailx -s "alert" root) &
executes, in a background child process, the shell command
sffinger -l @%h | mail root
after replacing %h by the name or address of the remote host.
The example uses the sffinger command instead of the regular
finger command to limit possible damage from data sent by the
finger server. The sffinger command is part of the daemon
wrapper package. It is a wrapper around the regular finger
command that filters the data sent by the remote host.
twist shell_command
Replace the current process by an instance of the specified shell
command, after performing the %letter expansions described in the
hosts_access(5) manual page. stdin, stdout, and stderr are
connected to the client process. This option must appear at the
end of a rule.
To send a customized bounce message to the client instead of
running the real ftp daemon:
ftpd : ... : twist /bin/echo 421 Some bounce message
For an alternative way to communicate with the client processes,
see the banners option below.
To run /some/other/telnetd without polluting its command-line
array or its process environment:
telnetd : ... : twist PATH=/some/other; exec telnetd
Hewlett-Packard Company - 2 - HP-UX 11i Version 2: August 2003
hosts_options(5) hosts_options(5)
WARNING: in case of UDP services, do not twist to commands that use
the standard I/O or the read()/write() routines to communicate with
the client process. UDP requires other I/O primitives.
Network Options [Toc] [Back]
keepalive
Causes the server to periodically send a message to the client.
The connection is considered broken when the client does not
respond. The keepalive option can be useful when users turn off
their machine while it is still connected to a server. The
keepalive option is not useful for datagram (UDP) services.
linger number_of_seconds
Specifies how long the kernel will try to deliver undelivered
data after the server process closes a connection.
Username Lookup Options [Toc] [Back]
rfc931 [ timeout_in_seconds ]
Look up the client user name with the RFC 931 (TAP, IDENT, RFC
1413) protocol. This option is silently ignored in case of
services based on transports other than TCP. It requires that
the client system runs an RFC 931-compliant daemon (IDENT etc.)
and may cause noticeable delays with connections from non-UNIX
clients. The timeout period is tunable through configuration
file /etc/tcpd.conf. If no or invalid timeout is specified, the
user name lookup is disabled.
Miscellaneous Options [Toc] [Back]
banners /some/directory
Look for a file in /some/directory with the same name as the
daemon process (for example, telnetd for the telnet service), and
copy its contents to the client. Newline characters are replaced
by carriage-return newline, and %letter sequences are expanded
(see the hosts_access(5) manual page).
WARNING: Banners are supported for connection-oriented (TCP)
network services only.
nice [number]
Change the nice value of the process (default 10). Specify a
positive value to spend more CPU resources on other processes.
setenv name value
Place a (name, value) pair into the process environment. The
value is subjected to %letter expansions and may contain
whitespace (but leading and trailing blanks are stripped off).
WARNING: Many network daemons reset their environment before
spawning a login or shell process.
Hewlett-Packard Company - 3 - HP-UX 11i Version 2: August 2003
hosts_options(5) hosts_options(5)
umask 022
Like the umask command that is built into the shell. A umask of
022 prevents the creation of files with group and world write
permission. The umask argument must be an octal number.
user someuser or user someuser.somegroup
Assume the privileges of the "someuser" userid (or user
"someuser", group "somegroup"). The first form is useful with
inetd implementations that run all services with root privilege.
The second form is useful for services that need special group
privileges only.
DIAGNOSTICS [Toc] [Back]
Problems are reported via syslogd, the syslog daemon, at info, notice,
warning and err levels. When a syntax error is found in an access
control rule, the error is reported to the syslog daemon; further
options will be ignored, and service is denied.
AUTHOR [Toc] [Back]
Wietse Venema ([email protected])
Department of Mathematics and Computing Science
Eindhoven University of Technology
Den Dolech 2, P.O. Box 513,
5600 MB Eindhoven, The Netherlands
SEE ALSO [Toc] [Back]
hosts_access(5), the default access control language.
Hewlett-Packard Company - 4 - HP-UX 11i Version 2: August 2003 [ Back ] |
