Man Linux: Main Page and Category List

NAME

       /etc/hosts.equiv - list of hosts and users that are granted "trusted" r
       command access to your system

DESCRIPTION

       The hosts.equiv file allows or denies hosts and users  to  use  the  r-
       commands (e.g., rlogin, rsh or rcp) without supplying a password.

       The file uses the following format:

       [ + | - ] [hostname] [username]

       The hostname is the name of a host which is logically equivalent to the
       local host.  Users logged into that host are allowed  to  access  like-
       named  user  accounts  on  the local host without supplying a password.
       The hostname may be (optionally) preceded by a plus (+) sign.   If  the
       plus  sign is used alone it allows any host to access your system.  You
       can explicitly deny access to a host by preceding  the  hostname  by  a
       minus  (-)  sign.   Users from that host must always supply a password.
       For security reasons you should always use the FQDN of the hostname and
       not the short hostname.

       The  username  entry grants a specific user access to all user accounts
       (except root) without supplying a password.  That means the user is NOT
       restricted  to  like-named  accounts.  The username may be (optionally)
       preceded by a plus (+) sign.  You can also explicitly deny access to  a
       specific  user  by  preceding the username with a minus (-) sign.  This
       says that the user is not trusted no matter what other entries for that
       host exist.

       Netgroups can be specified by preceding the netgroup by an @ sign.

       Be   extremely  careful  when  using  the  plus  (+)  sign.   A  simple
       typographical  error  could  result  in  a  standalone  plus  sign.   A
       standalone plus sign is a wildcard character that means "any host"!

FILES

       /etc/hosts.equiv

NOTES

       Some  systems  will  only  honor  the contents of this file when it has
       owner  root  and  no  write  permission   for   anybody   else.    Some
       exceptionally paranoid systems even require that there be no other hard
       links to the file.

       Modern systems use the Pluggable Authentication Modules library  (PAM).
       With PAM a standalone plus sign is only considered a wildcard character
       which means "any host" when the word promiscuous is added to  the  auth
       component  line  in  your  PAM  file  for the particular service (e.g.,
       rlogin).

SEE ALSO

       rhosts(5), rlogind(8), rshd(8)

COLOPHON

       This page is part of release 3.24 of the Linux  man-pages  project.   A
       description  of  the project, and information about reporting bugs, can
       be found at http://www.kernel.org/doc/man-pages/.