| 1 | .\" $OpenBSD: hosts.equiv.5,v 1.1 1997/11/30 05:35:25 deraadt Exp $ |
| 2 | .\" |
| 3 | .\" Copyright (c) 1997 Todd Vierling |
| 4 | .\" Copyright (c) 1997 The NetBSD Foundation, Inc. |
| 5 | .\" All rights reserved. |
| 6 | .\" |
| 7 | .\" This code is derived from software contributed to The NetBSD Foundation |
| 8 | .\" by Todd Vierling <tv@pobox.com>. |
| 9 | .\" |
| 10 | .\" Redistribution and use in source and binary forms, with or without |
| 11 | .\" modification, are permitted provided that the following conditions |
| 12 | .\" are met: |
| 13 | .\" 1. Redistributions of source code must retain the above copyright |
| 14 | .\" notice, this list of conditions and the following disclaimer. |
| 15 | .\" 2. Redistributions in binary form must reproduce the above copyright |
| 16 | .\" notice, this list of conditions and the following disclaimer in the |
| 17 | .\" documentation and/or other materials provided with the distribution. |
| 18 | .\" 3. All advertising materials mentioning features or use of this software |
| 19 | .\" must display the following acknowledgement: |
| 20 | .\" This product includes software developed by the NetBSD |
| 21 | .\" Foundation, Inc. and its contributors. |
| 22 | .\" 4. Neither the name of The NetBSD Foundation nor the names of its |
| 23 | .\" contributors may be used to endorse or promote products derived |
| 24 | .\" from this software without specific prior written permission. |
| 25 | .\" |
| 26 | .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS |
| 27 | .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED |
| 28 | .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 29 | .\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS |
| 30 | .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| 31 | .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| 32 | .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
| 33 | .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN |
| 34 | .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 35 | .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE |
| 36 | .\" POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" |
| 38 | .Dd November 26, 1997 |
| 39 | .Dt HOSTS.EQUIV 5 |
| 40 | .Os |
| 41 | .Sh NAME |
| 42 | .Nm hosts.equiv , |
| 43 | .Nm .rhosts |
| 44 | .Nd trusted remote hosts and host-user pairs |
| 45 | .Sh DESCRIPTION |
| 46 | The |
| 47 | .Nm hosts.equiv |
| 48 | and |
| 49 | .Nm .rhosts |
| 50 | files list hosts and users which are ``trusted'' by the local host when a |
| 51 | connection is made via |
| 52 | .Xr rlogind 8 , |
| 53 | .Xr rshd 8 , |
| 54 | or any other server that uses |
| 55 | .Xr ruserok 3 . |
| 56 | This mechanism bypasses password checks, and is required for access via |
| 57 | .Xr rsh 1 . |
| 58 | .Pp |
| 59 | Each line of these files has the format: |
| 60 | .Pp |
| 61 | .Bd -unfilled -offset indent -compact |
| 62 | hostname [username] |
| 63 | .Ed |
| 64 | .Pp |
| 65 | The |
| 66 | .Em hostname |
| 67 | may be specified as a host name (typically a fully qualified host |
| 68 | name in a DNS environment) or address, |
| 69 | .Em +@netgroup |
| 70 | (from which only the host names are checked), |
| 71 | or a ``+'' wildcard (allow all hosts). |
| 72 | .Pp |
| 73 | The |
| 74 | .Em username , |
| 75 | if specified, may be given as a user name on the remote host, |
| 76 | .Em +@netgroup |
| 77 | (from which only the user names are checked), |
| 78 | or a ``+'' wildcard (allow all remote users). |
| 79 | .Pp |
| 80 | If a |
| 81 | .Em username |
| 82 | is specified, only that user from the specified host may login to the |
| 83 | local machine. If a |
| 84 | .Em username |
| 85 | is not specified, any user may login with the same user name. |
| 86 | .Sh EXAMPLES |
| 87 | .Li somehost |
| 88 | .Bd -filled -offset indent -compact |
| 89 | A common usage: users on |
| 90 | .Em somehost |
| 91 | may login to the local host as the same user name. |
| 92 | .Ed |
| 93 | .Li somehost username |
| 94 | .Bd -filled -offset indent -compact |
| 95 | The user |
| 96 | .Em username |
| 97 | on |
| 98 | .Em somehost |
| 99 | may login to the local host. If specified in |
| 100 | .Em /etc/hosts.equiv , |
| 101 | the user may login with only the same user name. |
| 102 | .Ed |
| 103 | .Li +@anetgroup username |
| 104 | .Bd -filled -offset indent -compact |
| 105 | The user |
| 106 | .Em username |
| 107 | may login to the local host from any machine listed in the netgroup |
| 108 | .Em anetgroup . |
| 109 | .Ed |
| 110 | .Bd -literal -compact |
| 111 | + |
| 112 | + + |
| 113 | .Ed |
| 114 | .Bd -filled -offset indent -compact |
| 115 | Two severe security hazards. In the first case, allows a user on any |
| 116 | machine to login to the local host as the same user name. In the second |
| 117 | case, allows any user on any machine to login to the local host (as any |
| 118 | user, if in |
| 119 | .Em /etc/hosts.equiv ) . |
| 120 | .Ed |
| 121 | .Sh WARNINGS |
| 122 | The username checks provided by this mechanism are |
| 123 | .Em not |
| 124 | secure, as the remote user name is received by the server unchecked |
| 125 | for validity. Therefore this mechanism should only be used |
| 126 | in an environment where all hosts are completely trusted. |
| 127 | .Pp |
| 128 | A numeric host address instead of a host name can help security |
| 129 | considerations somewhat; the address is then used directly by |
| 130 | .Xr iruserok 3 . |
| 131 | .Pp |
| 132 | When a username (or netgroup, or +) is specified in |
| 133 | .Em /etc/hosts.equiv , |
| 134 | that user (or group of users, or all users, respectively) may login to |
| 135 | the local host as |
| 136 | .Em any local user . |
| 137 | Usernames in |
| 138 | .Em /etc/hosts.equiv |
| 139 | should therefore be used with extreme caution, or not at all. |
| 140 | .Pp |
| 141 | A |
| 142 | .Em .rhosts |
| 143 | file must be owned by the user whose home directory it resides in, and |
| 144 | must be writable only by that user. |
| 145 | .Pp |
| 146 | Logins as root only check root's |
| 147 | .Em .rhosts |
| 148 | file; the |
| 149 | .Em /etc/hosts.equiv |
| 150 | file is not checked for security. Access permitted through root's |
| 151 | .Em .rhosts |
| 152 | file is typically only for |
| 153 | .Xr rsh 1 , |
| 154 | as root must still login on the console for an interactive login such as |
| 155 | .Xr rlogin 1 . |
| 156 | .Sh FILES |
| 157 | .Bl -tag -width /etc/hosts.equiv -compact |
| 158 | .It Pa /etc/hosts.equiv |
| 159 | Global trusted host-user pairs list |
| 160 | .It Pa ~/.rhosts |
| 161 | Per-user trusted host-user pairs list |
| 162 | .El |
| 163 | .Sh SEE ALSO |
| 164 | .Xr rcp 1 , |
| 165 | .Xr rlogin 1 , |
| 166 | .Xr rsh 1 , |
| 167 | .Xr rcmd 3 , |
| 168 | .Xr ruserok 3 , |
| 169 | .Xr netgroup 5 |
| 170 | .Sh HISTORY |
| 171 | The |
| 172 | .Nm .rhosts |
| 173 | file format appeared in |
| 174 | .Bx 4.2 . |
| 175 | .Sh BUGS |
| 176 | The |
| 177 | .Xr ruserok 3 |
| 178 | implementation currently skips negative entries (preceded with a |
| 179 | ``-'' sign) and does not treat them as ``short-circuit'' negative entries. |