hosts.equiv(4)hosts.equiv(4)NAMEhosts.equiv - A file containing the names of remote systems and users
that can execute commands on the local system
SYNOPSIS
/etc/hosts.equiv
DESCRIPTION
The /etc/hosts.equiv file and the file in a user's home directory con‐
tain the names of remote hosts and users that are equivalent to the
local host or user. An equivalent host or user is allowed to access a
local nonsuperuser account with the rsh command or rcp command, or to
log in to such an account without having to supply a password.
The /etc/hosts.equiv file specifies equivalence for an entire system,
while a user's file specifies equivalence between that user and remote
users. The local user and the target system exist in the same area as
the hosts.equiv file. The file must be owned by the user in whose home
directory the file is located, or by the superuser. It cannot be a
symbolic link.
Each line, or entry, in hosts.equiv or may consist of the following: A
blank line. A comment (begins with a #). A host name (a string of any
printable characters except newline, #, or white space). In addition,
an NIS netgroup can be specified in place of the host name. A host
name followed by white space and a user name. In addition, an NIS net‐
group can be specified in place of the host name, user name, or both.
A single plus (+) character. This means any host and user. The keyword
NO_PLUS. This keyword disallows the use of the plus character (+) to
match any host or user on a system-wide basis. By default, the line
containing this keyword is a comment. Remove the comment character to
disallow the use of the plus character.
Entries in the hosts.equiv file are either positive or negative. Posi‐
tive entries allow access; negative entries deny access. The following
entries are positive:
host name user name +@netgroup
In addition, the plus sign (+) can be used in place of the host name or
user name. In place of the host name, it means any remote host. In
place of the user name, it means any user.
The following entries are negative:
-host name -user name -@netgroup
To be allowed access or denied access, a user's remote host name and
user name must match an entry in hosts.equiv or hosts.equiv file is
searched first; if a match is found, the search ends. Therefore, the
order in which the positive and negative entries appear is important.
If a match is not found, is searched if it exists in the user's home
directory.
A host name or user name can match an entry in hosts.equiv in one of
the following ways: The official host name (not an alias) of the remote
host matches a host name in hosts.equiv. The remote user name matches
a user name in hosts.equiv. If a user name parameter is included in
the hosts.equiv file, this means that the remote user is a trusted user
and is allowed to rlogin to any local user account without being
prompted for a password. Otherwise, if the user name parameter is not
specified in the hosts.equiv file, the name of the remote user must
match that of the local user. If the remote user name does not match a
user name in hosts.equiv, the remote user name matches the local user
name.
CAUTIONS
For security purposes, the files /etc/hosts.equiv and should exist and
be readable and writable only by the owner, even if they are empty.
EXAMPLES
The following are sample entries in an /etc/hosts.equiv file:
# Allows access to users on host1 and host2 that have accounts on this
host: host1 host2
# Allows access to user johnson on host1 to any local user: host1 john‐
son
# Allows access to all users on systems specified in netgroup chicago
+@chicago
# Denies access to users specified in netgroup finance on host5 host5
-@finance
# Allows access to all users on all systems except root + -root
SEE ALSO
Commands: rcp(1), rlogin(1), rsh(1)
Functions: ruserok(3)
Files: netgroup(4)
Daemons: rlogind(8), rshd(8)hosts.equiv(4)