HOSTS.EQUIV(5) BSD Programmer's Manual HOSTS.EQUIV(5)NAME
hosts.equiv, .rhosts - files listing trusted remote hosts and users
DESCRIPTION
The /etc/hosts.equiv and .rhosts files list authorized hosts and users
for the rsh(1), rcp(1), and rlogin(1) commands, and the rcmd(3) library
routine. These commands and functions use either the iruserok(3) or
ruserok(3) functions to implement ``authentication''.
The /etc/hosts.equiv and .rhosts files specify remote hosts and users
that are trusted (i.e., which may bypass the standard password authenti-
cation mechanism).
Care should be taken when setting up these files to maintain system secu-
rity. Specifically:
1. The /etc/hosts.equiv file should be owned by the super-user.
2. The .rhosts files should be owned by each individual user.
3. Both the /etc/hosts.equiv and the .rhosts files should be mode 600
(-rw-------), i.e. readable and writable by the owner only.
4. No entries from untrusted machines should be included in either
file.
The rest of this manual page will refer to the host from which the access
request is coming as the ``remote host'', and the user name on the remote
host as the ``remote user''. Similarly, the host responding to the access
request is the ``local host'', and the user name on the local host for
which access is requested is the ``local user''. Generally, the command
interfaces which provide network access, (e.g., rlogin(1)), automatical-
ly use the local user's login name as the remote user name, unless anoth-
er remote user name is explicitly specified.
The format for entries in both the /etc/hosts.equiv and the .rhosts files
is as follows:
hostname [username]
If the remote user is NOT the super-user, the /etc/hosts.equiv file is
checked before the .rhosts file is checked.
An entry in the /etc/hosts.equiv file of the form
hostname
indicates that remote users from the specified remote host may access the
local host using the same login name as they use on the remote host.
An entry in the /etc/hosts.equiv file of the form
hostname username
indicates that the specified remote user from the specified remote host
may access the local host as any user. For obvious reasons, the latter
syntax is extremely dangerous, and should almost never be used.
If the /etc/hosts.equiv lookup is not done or is unsuccessful, the
.rhosts file in the local user's home directory is checked. If the us-
er's .rhosts file:
does not exist
is not a regular file
is not owned by the local user or the super-user
is writable by anyone other than the file owner
... access will not be granted.
An entry in the .rhosts file of the form
hostname
indicates that the remote user on the specified remote host with the same
login name as the local user can access the local host.
An entry in the .rhosts file of the form
hostname username
indicates that the specified remote user on the specified remote host can
access the local host as the local user (i.e., possibly using a different
login name).
Any line starting with a '#' is considered a comment and is ignored in
both the hosts.equiv and .rhosts files.
As noted above, the hosts.equiv file is not used to authenticate root ac-
cess; only the .rhosts file in root's home directory is used for root.
The hosts.equiv file, as well as the user's .rhosts file, is only con-
sulted for traditional r-command ``authentication'' and is not used with
Kerberos or other forms of authentication.
FILES
/etc/hosts.equiv The hosts.equiv file.
$HOME/.rhosts User specific access file.
SEE ALSOrcp(1), rlogin(1), rsh(1), rcmd(3), ruserok(3)
January 3, 1994 2