From 3d08cd331c1adcf0d917392f7e527b3f00511748 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 24 May 2024 06:52:22 +0200 Subject: Merging upstream version 6.8. Signed-off-by: Daniel Baumann --- man5/hosts.equiv.5 | 212 ----------------------------------------------------- 1 file changed, 212 deletions(-) delete mode 100644 man5/hosts.equiv.5 (limited to 'man5/hosts.equiv.5') diff --git a/man5/hosts.equiv.5 b/man5/hosts.equiv.5 deleted file mode 100644 index b8ff0f6..0000000 --- a/man5/hosts.equiv.5 +++ /dev/null @@ -1,212 +0,0 @@ -.\" Copyright (c) 1995 Peter Tobias -.\" -.\" SPDX-License-Identifier: GPL-1.0-or-later -.TH hosts.equiv 5 2023-10-31 "Linux man-pages 6.7" -.SH NAME -hosts.equiv \- list of hosts and users that are granted "trusted" -.B r -command access to your system -.SH DESCRIPTION -The file -.I /etc/hosts.equiv -allows or denies hosts and users to use -the \fBr\fP-commands (e.g., -.BR rlogin , -.BR rsh , -or -.BR rcp ) -without -supplying a password. -.P -The file uses the following format: -.TP -\fI+|[\-]hostname|+@netgroup|\-@netgroup\fP \fI[+|[\-]username|+@netgroup|\-@netgroup]\fP -.P -The -.I hostname -is the name of a host which is logically equivalent -to the local host. -Users logged into that host are allowed to access -like-named user accounts on the local host without supplying a password. -The -.I hostname -may be (optionally) preceded by a plus (+) sign. -If the plus sign is used alone, it allows any host to access your system. -You can explicitly deny access to a host by preceding the -.I hostname -by a minus (\-) sign. -Users from that host must always supply additional credentials, -including possibly a password. -For security reasons you should always -use the FQDN of the hostname and not the short hostname. -.P -The -.I username -entry grants a specific user access to all user -accounts (except root) without supplying a password. -That means the -user is NOT restricted to like-named accounts. -The -.I username -may -be (optionally) preceded by a plus (+) sign. -You can also explicitly -deny access to a specific user by preceding the -.I username -with -a minus (\-) sign. -This says that the user is not trusted no matter -what other entries for that host exist. -.P -Netgroups can be specified by preceding the netgroup by an @ sign. -.P -Be extremely careful when using the plus (+) sign. -A simple typographical -error could result in a standalone plus sign. -A standalone plus sign is -a wildcard character that means "any host"! -.SH FILES -.I /etc/hosts.equiv -.SH NOTES -Some systems will honor the contents of this file only when it has owner -root and no write permission for anybody else. -Some exceptionally -paranoid systems even require that there be no other hard links to the file. -.P -Modern systems use the Pluggable Authentication Modules library (PAM). -With PAM a standalone plus sign is considered a wildcard -character which means "any host" only when the word -.I promiscuous -is added to the auth component line in your PAM file for -the particular service -.RB "(e.g., " rlogin ). -.SH EXAMPLES -Below are some example -.I /etc/host.equiv -or -.I \[ti]/.rhosts -files. -.P -Allow any user to log in from any host: -.P -.in +4n -.EX -+ -.EE -.in -.P -Allow any user from -.I host -with a matching local account to log in: -.P -.in +4n -.EX -host -.EE -.in -.P -Note: the use of -.I +host -is never a valid syntax, -including attempting to specify that any user from the host is allowed. -.P -Allow any user from -.I host -to log in: -.P -.in +4n -.EX -host + -.EE -.in -.P -Note: this is distinct from the previous example -since it does not require a matching local account. -.P -Allow -.I user -from -.I host -to log in as any non-root user: -.P -.in +4n -.EX -host user -.EE -.in -.P -Allow all users with matching local accounts from -.I host -to log in except for -.IR baduser : -.P -.in +4n -.EX -host \-baduser -host -.EE -.in -.P -Deny all users from -.IR host : -.P -.in +4n -.EX -\-host -.EE -.in -.P -Note: the use of -.I "\-host\ \-user" -is never a valid syntax, -including attempting to specify that a particular user from the host -is not trusted. -.P -Allow all users with matching local accounts on all hosts in a -.IR netgroup : -.P -.in +4n -.EX -+@netgroup -.EE -.in -.P -Disallow all users on all hosts in a -.IR netgroup : -.P -.in +4n -.EX -\-@netgroup -.EE -.in -.P -Allow all users in a -.I netgroup -to log in from -.I host -as any non-root user: -.P -.in +4n -.EX -host +@netgroup -.EE -.in -.P -Allow all users with matching local accounts on all hosts in a -.I netgroup -except -.IR baduser : -.P -.in +4n -.EX -+@netgroup \-baduser -+@netgroup -.EE -.in -.P -Note: the deny statements must always precede the allow statements because -the file is processed sequentially until the first matching rule is found. -.SH SEE ALSO -.BR rhosts (5), -.BR rlogind (8), -.BR rshd (8) -- cgit v1.2.3