## Understanding Network Files ## Greg Munker There are two files can have a significant impact on the security of your system. Those files are the /etc/hosts.equiv and ~/.rhosts. /etc/hosts.equiv The /etc/hosts.equiv file contains a list of trusted hosts. This file is used by the r* commands, such as rlogin, rcd, and rsh. For more information about the r* commands, see the second part of this article at /features/rcommands.shtml. The format of /etc/hosts.equiv consists of a list of machine names, one per line. For example: localhost infected.org submental It would be advisable to use fully qualified domain names, but if the name is omitted, then TCP/IP will then add it to the hostname when validating the remote system. ~/.rhosts The ~/.rhosts file that is used is the your home directory. What it does is similar to /etc/hosts.equiv. The file format is the same, with one notable exception. The /etc/hosts.equiv file is used to provide equivalence between hosts, while the ~/.rhosts file is used to provide equivalence between users. The .rhosts file is appended to the info found in /etc/hosts.equiv when checking for equivalence. The /etc/hosts.equiv file is NOT used for the root user. The only file processed in this case is root's .rhosts file. User and Host Equivalency Host Equivalency, or Trusted Host Access, is configured by the system admin by using the /etc/hosts.equiv file. Every entry in the /etc/hosts.equiv file is trusted. That is, users on the named machine can access their equivalency accounts on this machine without a password. This is not applicable for root, this will be explained in my next example. A sample network Let's say for example purposes that you have two machines on your network and their hostnames are infected and submental, and both have a user john. If the user john is currently logged into submental and issues the command: $ rlogin infected If host equivalency is established, then john will be logged into infected without being asked for a password. If host equivalency is not established, john will be asked for his password on the remote system (infected.org). Keep in mind the following when dealing with /etc/hosts.equiv: 1) It assumes you trust "ALL" the users on the remote machine. 2) root is NEVER trusted though the use of this file. There is a second format for the /etc/hosts.equiv file, known as .rhosts, which was discussed earlier in this article. This format lists a system name and a user name. With the addition of the user name, the user is allowed to log in with any user name found in /etc/passwd. User equivalence is a mechanism in which the same user is known to all the machines in the network. This makes the network admin's job easier in the long run. It should be considered for environments where NFS is used or is planned. To configure user equivalence, the user creates a file called ~/.rhosts. This file must be writeable only by the owner of the file. If it is not then it will be ignored for validation purposes. As with the /etc/host.equiv file contains a system name per line, but generally also includes the name of the user who is being authorized. Good luck with your network, Greg Munker $Id: net.txt,v 1.1 2000/02/16 08:07:44 jim Exp $