Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rlogin(1C)

rsh(1C)

hosts(5)

netgroup(5)

passwd(5)

HOSTS.EQUIV(5)  —  FILE FORMATS

NAME

hosts.equiv, rhosts − trusted hosts by system and by user

DESCRIPTION

The /etc/hosts.equiv file contains a list of trusted hosts.  When an rlogin(1C) or rsh(1C) request is received from a host listed in this file, and when the user making the request is listed in the /etc/passwd file, then the remote login is allowed with no further checking.  In this case, rlogin does not prompt for a password, and commands submitted through rsh are executed.  Thus, a remote user with a local user ID is said to have “equivalent” access from a remote host named in this file. 

The format of the hosts.equiv file consists of a one-line entry for each host, of the form:

hostname [username]

The hostname field normally contains the name of a trusted host from which a remote login can be made.  However, an entry consisting of a single ‘+’ indicates that all known hosts are to be trusted.  A hostname must be the “official” name as listed in the hosts(5) database.  This is the first name given in the hosts database entry; hostname aliases are not recognized.  Remote login access can also be given or denied for all hosts within a specific network group.  An entry of the form:

+@group

means that all hosts in the named network group are trusted.  An entry of the form:

−@group

means that all hosts in the group are not trusted; remote login access is denied to hosts in that group, except when an entry for a specific host appears ahead of the “minus” group entry. 

The username field can be used to specify a user who is allowed to log in under any valid user ID.  Careful thought about security should be given before providing this privilege to a user.  You can also specify a network group in the username field with an entry of the form:

+@group1 +@group2

in which case any user in group2 logging in from a host in group1 may log in as anyone.  Again, security is an important consideration here. 

The User’s .rhosts File

Whenever a remote login is attempted, the remote login daemon checks for a .rhosts file in the home directory of the user attempting to log in.  A user’s .rhosts file has the same format as the hosts.equiv file, and is used to give or deny access only for the specific user attempting to log in from a given host.  While an entry in the hosts.equiv file allows remote login access to any user from the indicated host, an entry in a user’s .rhosts file only allows access from a named host to the user in whose home directory the .rhosts file appears.  (When this file is used, permissions in the user’s home directory should allow read and search access by anyone, so it may be located and read.)  When a user attempts a remote login, his .rhosts file is, in effect, prepended to the hosts.equiv file for permission checking.  Thus, if a host is specified in the user’s .rhosts file, login access is allowed, even if it would otherwise be excluded by a minus group entry in /etc/hosts.equiv. 

The Root .rhosts File

When the user attempting a remote login is root, only the /.rhosts file is checked, not /etc/hosts.equiv. 

FILES

/etc/hosts.equiv

/etc/passwd

~/.rhosts

/etc

SEE ALSO

rlogin(1C), rsh(1C), hosts(5), netgroup(5), passwd(5)

Sun Release 4.0  —  Last change: 19 October 1987

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026