Installing and Administering Internet Services
Chapter 2 57
Installing and Configuring Internet Services
Configuring Files to Bypass Security
The remshd and rlogind servers can be configured to ignore
$HOME/.rhosts files. See “To Disable Use of $HOME/.rhosts” on page
57.
When a non-root user attempts to connect to your host, the
/etc/hosts.equiv file is checked before $HOME/.rhosts. If an entry
is found in /etc/hosts.equiv, $HOME/.rhosts is not checked. When
a user attempts to connect to your host as root, the /etc/hosts.equiv
file is not checked. Only the /.rhosts file is checked.
The $HOME/.rhosts file may contain NFS netgroups. See Installing
and Administering NFS Services for more information.
Each $HOME/.rhosts file should be owned by the user of the home
directory, with permissions set to 0600 (-rw-------). The user’s home
directory should be write-protected so that no other user can create a
.rhosts file in it.
CAUTION The $HOME/.rhosts file creates a significant security risk.
Type man 4 hosts.equiv for more information.
To Disable Use of $HOME/.rhosts
1. Add the -l option to the lines in /etc/inetd.conf that begin with
login and shell, as in the following example:
login stream tcp nowait root /usr/lbin/rlogind rlogind -l
shell stream tcp nowait root /usr/lbin/remshd remshd -l
2. Type the following command to force inetd to read its configuration
file:
/usr/sbin/inetd -c
This procedure disables the use of $HOME/.rhosts files. It does not
disable the use of the /etc/hosts.equiv file.
For more information, type man 1M rlogind or man 1M remshd.
To Configure the $HOME/.netrc File
Any user may create a .netrc file in his or her home directory. Each line
in the .netrc file has the following form:
machine hostname login remote_login_name password password
Following is an example entry in a .netrc file: