1HOSTS.EQUIV(5)             Linux Programmer's Manual            HOSTS.EQUIV(5)
2
3
4

NAME

6       hosts.equiv - list of hosts and users that are granted "trusted" r com‐
7       mand access to your system
8

DESCRIPTION

10       The file /etc/hosts.equiv allows or denies hosts and users to  use  the
11       r-commands (e.g., rlogin, rsh, or rcp) without supplying a password.
12
13       The file uses the following format:
14
15       +|[-]hostname|+@netgroup|-@netgroup    [+|[-]username|+@netgroup|-@net‐
16       group]
17
18       The hostname is the name of a host which is logically equivalent to the
19       local  host.   Users  logged into that host are allowed to access like-
20       named user accounts on the local host  without  supplying  a  password.
21       The  hostname  may be (optionally) preceded by a plus (+) sign.  If the
22       plus sign is used alone, it allows any host to access your system.  You
23       can explicitly deny access to a host by preceding the hostname by a mi‐
24       nus (-) sign.  Users from that host must always supply additional  cre‐
25       dentials,  including  possibly  a  password.  For  security reasons you
26       should always use the FQDN of the hostname and not the short hostname.
27
28       The username entry grants a specific user access to all  user  accounts
29       (except root) without supplying a password.  That means the user is NOT
30       restricted to like-named accounts.  The username  may  be  (optionally)
31       preceded  by a plus (+) sign.  You can also explicitly deny access to a
32       specific user by preceding the username with a minus  (-)  sign.   This
33       says that the user is not trusted no matter what other entries for that
34       host exist.
35
36       Netgroups can be specified by preceding the netgroup by an @ sign.
37
38       Be extremely careful when using the plus (+) sign.  A simple typograph‐
39       ical  error  could result in a standalone plus sign.  A standalone plus
40       sign is a wildcard character that means "any host"!
41

FILES

43       /etc/hosts.equiv
44

NOTES

46       Some systems will honor the contents of this  file  only  when  it  has
47       owner  root  and no write permission for anybody else.  Some exception‐
48       ally paranoid systems even require that there be no other hard links to
49       the file.
50
51       Modern  systems use the Pluggable Authentication Modules library (PAM).
52       With PAM a standalone plus sign  is  considered  a  wildcard  character
53       which  means  "any host" only when the word promiscuous is added to the
54       auth component line in your PAM file for the particular service  (e.g.,
55       rlogin).
56

EXAMPLES

58       Below are some example /etc/host.equiv or ~/.rhosts files.
59
60       Allow any user to log in from any host:
61
62           +
63
64       Allow any user from host with a matching local account to log in:
65
66           host
67
68       Note: the use of +host is never a valid syntax, including attempting to
69       specify that any user from the host is allowed.
70
71       Allow any user from host to log in:
72
73           host +
74
75       Note: this is distinct from the previous example since it does not  re‐
76       quire a matching local account.
77
78       Allow user from host to log in as any non-root user:
79
80           host user
81
82       Allow all users with matching local accounts from host to log in except
83       for baduser:
84
85           host -baduser
86           host
87
88       Deny all users from host:
89
90           -host
91
92       Note: the use of -host -user is never a  valid  syntax,  including  at‐
93       tempting  to  specify  that  a  particular  user  from  the host is not
94       trusted.
95
96       Allow all users with matching local accounts on all  hosts  in  a  net‐
97       group:
98
99           +@netgroup
100
101       Disallow all users on all hosts in a netgroup:
102
103           -@netgroup
104
105       Allow all users in a netgroup to log in from host as any non-root user:
106
107           host +@netgroup
108
109       Allow all users with matching local accounts on all hosts in a netgroup
110       except baduser:
111
112           +@netgroup -baduser
113           +@netgroup
114
115       Note: the deny statements must always precede the allow statements  be‐
116       cause  the file is processed sequentially until the first matching rule
117       is found.
118

SEE ALSO

120       rhosts(5), rlogind(8), rshd(8)
121

COLOPHON

123       This page is part of release 5.10 of the Linux  man-pages  project.   A
124       description  of  the project, information about reporting bugs, and the
125       latest    version    of    this    page,    can     be     found     at
126       https://www.kernel.org/doc/man-pages/.
127
128
129
130Linux                             2020-06-09                    HOSTS.EQUIV(5)
Impressum