hosts.equiv - A file containing the names of remote systems
and users that can execute commands on the local system
/etc/hosts.equiv
The /etc/hosts.equiv file and the file in a user's home
directory contain the names of remote hosts and users that
are equivalent to the local host or user. An equivalent
host or user is allowed to access a local nonsuperuser
account with the rsh command or rcp command, or to log in
to such an account without having to supply a password.
The /etc/hosts.equiv file specifies equivalence for an
entire system, while a user's file specifies equivalence
between that user and remote users. The local user and the
target system exist in the same area as the hosts.equiv
file. The file must be owned by the user in whose home
directory the file is located, or by the superuser. It
cannot be a symbolic link.
Each line, or entry, in hosts.equiv or may consist of the
following: A blank line. A comment (begins with a #). A
host name (a string of any printable characters except
newline, #, or white space). In addition, an NIS netgroup
can be specified in place of the host name. A host name
followed by white space and a user name. In addition, an
NIS netgroup can be specified in place of the host name,
user name, or both. A single plus (+) character. This
means any host and user. The keyword NO_PLUS. This keyword
disallows the use of the plus character (+) to match
any host or user on a system-wide basis. By default, the
line containing this keyword is a comment. Remove the comment
character to disallow the use of the plus character.
Entries in the hosts.equiv file are either positive or
negative. Positive entries allow access; negative entries
deny access. The following entries are positive:
host name user name +@netgroup
In addition, the plus sign (+) can be used in place of the
host name or user name. In place of the host name, it
means any remote host. In place of the user name, it means
any user.
The following entries are negative:
-host name -user name -@netgroup
To be allowed access or denied access, a user's remote
host name and user name must match an entry in hosts.equiv
or hosts.equiv file is searched first; if a match is
found, the search ends. Therefore, the order in which the
positive and negative entries appear is important. If a
match is not found, is searched if it exists in the user's
home directory.
A host name or user name can match an entry in hosts.equiv
in one of the following ways: The official host name (not
an alias) of the remote host matches a host name in
hosts.equiv. The remote user name matches a user name in
hosts.equiv. If a user name parameter is included in the
hosts.equiv file, this means that the remote user is a
trusted user and is allowed to rlogin to any local user
account without being prompted for a password. Otherwise,
if the user name parameter is not specified in the
hosts.equiv file, the name of the remote user must match
that of the local user. If the remote user name does not
match a user name in hosts.equiv, the remote user name
matches the local user name.
For security purposes, the files /etc/hosts.equiv and
should exist and be readable and writable only by the
owner, even if they are empty.
The following are sample entries in an /etc/hosts.equiv
file:
# Allows access to users on host1 and host2 that have
accounts on this host: host1 host2
# Allows access to user johnson on host1 to any local
user: host1 johnson
# Allows access to all users on systems specified in netgroup
chicago +@chicago
# Denies access to users specified in netgroup finance on
host5 host5 -@finance
# Allows access to all users on all systems except root +
-root
Commands: rcp(1), rlogin(1), rsh(1)
Functions: ruserok(3)
Files: netgroup(4)
Daemons: rlogind(8), rshd(8)
hosts.equiv(4)
[ Back ] |
