hosts.equiv(5) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

hosts.equiv(5)

hosts.equiv(5)                   File Formats                   hosts.equiv(5)



NAME
       hosts.equiv, rhosts - trusted remote hosts and users

DESCRIPTION
       The  /etc/hosts.equiv and .rhosts files provide the "remote authentica‐
       tion" database for rlogin(1), rsh(1), rcp(1), and rcmd(3C).  The  files
       specify  remote  hosts and users that are considered "trusted". Trusted
       users are allowed to access the local system without supplying a  pass‐
       word. The library routine ruserok() (see rcmd(3C)) performs the authen‐
       tication procedure for  programs  by  using  the  /etc/hosts.equiv  and
       .rhosts  files. The /etc/hosts.equiv file applies to the entire system,
       while individual users can maintain their own .rhosts  files  in  their
       home directories.


       These  files  bypass  the  standard  password-based user authentication
       mechanism. To maintain system security, care must be taken in  creating
       and maintaining these files.


       The  remote  authentication  procedure determines whether a user from a
       remote host should be allowed to access the local system with the iden‐
       tity  of a local user. This procedure first checks the /etc/hosts.equiv
       file and then checks the .rhosts file in  the  home  directory  of  the
       local  user  who is requesting access. Entries in these files can be of
       two forms. Positive entries allow access, while negative  entries  deny
       access.  The  authentication succeeds when a matching positive entry is
       found. The procedure fails when the first matching  negative  entry  is
       found, or if no matching entries are found in either file. The order of
       entries is important. If the files contain both positive  and  negative
       entries,  the  entry  that  appears  first will prevail. The rsh(1) and
       rcp(1) programs fail if the remote authentication procedure fails.  The
       rlogin  program  falls back to the standard password-based login proce‐
       dure if the remote authentication fails.


       Both files are formatted as a list of one-line entries. Each entry  has
       the form:

         hostname [username]



       Hostnames  must  be the official name of the host, not one of its nick‐
       names.


       Negative entries are differentiated from  positive  entries  by  a  '−'
       character preceding either the hostname or username field.

   Positive Entries
       If the form:

         hostname



       is  used, then users from the named host are trusted. That is, they may
       access the system with the same user name as they have  on  the  remote
       system.  This form may be used in both the /etc/hosts.equiv and .rhosts
       files.


       If the line is in the form:

         hostname username



       then the named user from the named host can  access  the  system.  This
       form  may  be used in individual .rhosts files to allow remote users to
       access the system as a different local user. If this form  is  used  in
       the  /etc/hosts.equiv  file,  the  named remote user will be allowed to
       access the system as any local user.


       netgroup(5) can be used in either the hostname or  username  fields  to
       match a number of hosts or users in one entry. The form:

         +@netgroup



       allows  access  from  all hosts in the named netgroup. When used in the
       username field, netgroups allow a group of remote users to  access  the
       system as a particular local user. The form:

         hostname +@netgroup



       allows  all  of  the users in the named netgroup from the named host to
       access the system as the local user. The form:

         +@netgroup1 +@netgroup2



       allows the users in netgroup2 from the hosts in netgroup1 to access the
       system as the local user.


       The  special  character  '+' can be used in place of either hostname or
       username to match any host or user. For example, the entry

         +



       will allow a user from any remote host to access the  system  with  the
       same username. The entry

         + username



       will  allow  the  named user from any remote host to access the system.
       The entry

         hostname +



       will allow any user from the named host to access  the  system  as  the
       local user.

   Negative Entries
       Negative entries are preceded by a '−' sign. The form:

         −hostname



       will disallow all access from the named host. The form:

         −@netgroup



       means  that access is explicitly disallowed from all hosts in the named
       netgroup. The form:

         hostname −username



       disallows access by the named user only from the named host, while  the
       form:

         + −@netgroup



       will disallow access by all of the users in the named netgroup from all
       hosts.

   Search Sequence
       To help maintain system security,  the  /etc/hosts.equiv  file  is  not
       checked when access is being attempted for root. If the user attempting
       access is not the root, /etc/hosts.equiv is searched for lines  of  the
       form described above.


       Checks are made for lines in this file in the following order:

           1.     +


           2.     +@netgroup


           3.     −@netgroup


           4.     −hostname


           5.     hostname




       The user is granted access if a positive match occurs. Negative entries
       apply only to /etc/hosts.equiv and  may  be  overridden  by  subsequent
       .rhosts entries.


       If no positive match occurred, the .rhosts file is then searched if the
       user attempting access maintains such a file.  This  file  is  searched
       whether  or  not  the user attempting access is the root. As a security
       feature, the .rhosts file must be owned by the user who  is  attempting
       access.


       Checks are made for lines in .rhosts in the following order:

           1.     +


           2.     +@netgroup


           3.     −@netgroup


           4.     −hostname


           5.     hostname



FILES
       /etc/hosts.equiv    system trusted hosts and users


       ~/.rhosts           user's trusted hosts and users


SEE ALSO
       rcp(1),  rlogin(1), rsh(1), rcmd(3C), hosts(5), netgroup(5), passwd(5),
       pam_rhosts_auth(7)

NOTES
       The PAM configuration of pam_rhosts_auth(7) can cause  the  hosts.equiv
       support to be disabled.

WARNINGS
       Positive  entries  in  /etc/hosts.equiv  that  include a username field
       (either an individual named user, a netgroup, or '+'  sign)  should  be
       used  with  extreme  caution.  Because /etc/hosts.equiv applies system-
       wide, these entries allow one, or a group of, remote  users  to  access
       the system as any local user. This can be a security hole. For example,
       because of the search sequence, an /etc/hosts.equiv file consisting  of
       the entries

         +
         −hostxxx



       will not deny access to "hostxxx".



Oracle Solaris 11.4               27 Nov 2017                   hosts.equiv(5)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3