[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Files Reference


.rhosts File Format for TCP/IP

Purpose

Specifies remote users that can use a local user account on a network.

Description

The $HOME/.rhosts file defines which remote hosts (computers on a network) can invoke certain commands on the local host without supplying a password. This file is a hidden file in the local user's home directory and must be owned by the local user. It is recommended that the permissions of the .rhosts file be set to 600 (read and write by the owner only). The group user and others should NOT have write permission on this file. If write permission is granted to the group user or others, then permission will not be given to the remote host to invoke any command on the local host. The format of the $HOME/.rhosts file is:
HostNameField [UserNameField]

When a remote command executes, the local host uses the local /etc/hosts.equiv file and the $HOME/.rhosts file of the local user account to validate the remote host and remote user.

Host-Name Field

The .rhosts file supports the following host-name entries:

+
HostName
-HostName
+@NetGroup
-@NetGroup

A + (plus sign) signifies that any host on the network is trusted. The HostName entry is the name of a remote host and signifies that any user logging in from HostName is trusted. A -HostName entry signifies that the host is not trusted. A +@NetGroup or -@NetGroup entry signifies that all hosts in the netgroup or no hosts in the netgroup, respectively, are trusted.

The @NetGroup parameter is used by Network Information Service (NIS) for grouping. Refer to the NIS netgroup file for more information.

User-Name Field

The .rhosts file supports the following user-name entries:

+
UserName
-UserName
+@NetGroup
-@NetGroup

A + (plus sign) signifies that any user on the network is trusted. The UserName entry is the login name of the remote user and signifies that the user is trusted. If no user name is specified, the remote user name must match the local user name. A -UserName entry signifies that the user is not trusted. A +@NetGroup or -@NetGroup entry signifies that all users in the netgroup or no users in the netgroup, respectively, are trusted.

The @NetGroup parameter is used by NIS for grouping. Refer to the NIS netgroup file for more information.

Examples

  1. To allow remote users to log in to a local-user account, enter:

    hamlet dewey
    hamlet irving
    

    These entries in the local user's $HOME/.rhosts file allow users dewey and irving at remote host hamlet to log in as the local user on the local host.

  2. To prevent any user on a given remote host from logging in to a local-user account, enter:

    -hamlet
    

    This entry in the local user's $HOME/.rhosts file prevents any user on remote host hamlet from logging in as a local user on the local host.

  3. To allow all hosts in a netgroup to log in to a local-user account, while restricting specified users, enter:

    +@century -joe
    +@century -mary
    +@century
    

    This entry in the local user's $HOME/.rhosts file allows all hosts in the century netgroup to log in to the local host. However, users joe and mary are not trusted, and therefore are requested to supply a password. The deny, or - (minus sign), statements must precede the accept, or + (plus sign), statements in the list. The @ (at sign) signifies the network is using NIS grouping.

Implementation Specifics

This file is part of TCP/IP in Network Support Facilities in Base Operating System (BOS) Runtime.

Files


/etc/host.equiv Specifies remote systems that can execute commands on the local system.
netgroup Lists the groups of users on the network.

Related Information

The lpd command, rcp command, rdist command, rdump command, rlogin command, rsh command, ruser command.

The NIS netgroup file.

The rlogind daemon, rshd daemon.

The TCP/IP hosts.equiv file format.

Naming in AIX 5L Version 5.1 System Management Guide: Communications and Networks.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]