{
    "name": "hosts.equiv(5)",
    "mode": "man",
    "parameter": "hosts.equiv",
    "section": "5",
    "url": "/phpMan.php/man/hosts.equiv/5/json",
    "generated": "2026-05-27T16:09:29Z",
    "sections": [
        {
            "name": "NAME",
            "level": 1,
            "content": "hosts.equiv  -  list  of  hosts and users that are granted \"trusted\" r command access to your\nsystem\n",
            "subsections": []
        },
        {
            "name": "DESCRIPTION",
            "level": 1,
            "content": "The file /etc/hosts.equiv allows or denies hosts and  users  to  use  the  r-commands  (e.g.,\nrlogin, rsh, or rcp) without supplying a password.\n\nThe file uses the following format:\n\n+|[-]hostname|+@netgroup|-@netgroup [+|[-]username|+@netgroup|-@netgroup]\n\nThe  hostname  is  the name of a host which is logically equivalent to the local host.  Users\nlogged into that host are allowed to access like-named user accounts on the local host  with‐\nout  supplying a password.  The hostname may be (optionally) preceded by a plus (+) sign.  If\nthe plus sign is used alone, it allows any host to access your system.   You  can  explicitly\ndeny  access  to  a host by preceding the hostname by a minus (-) sign.  Users from that host\nmust always supply additional credentials, including possibly a password. For  security  rea‐\nsons you should always use the FQDN of the hostname and not the short hostname.\n\nThe  username  entry grants a specific user access to all user accounts (except root) without\nsupplying a password.  That means the user is NOT restricted  to  like-named  accounts.   The\nusername  may  be (optionally) preceded by a plus (+) sign.  You can also explicitly deny ac‐\ncess to a specific user by preceding the username with a minus (-) sign.  This says that  the\nuser is not trusted no matter what other entries for that host exist.\n\nNetgroups can be specified by preceding the netgroup by an @ sign.\n\nBe extremely careful when using the plus (+) sign.  A simple typographical error could result\nin a standalone plus sign.  A standalone plus sign is a wildcard character  that  means  \"any\nhost\"!\n",
            "subsections": []
        },
        {
            "name": "FILES",
            "level": 1,
            "content": "/etc/hosts.equiv\n",
            "subsections": []
        },
        {
            "name": "NOTES",
            "level": 1,
            "content": "Some  systems  will  honor the contents of this file only when it has owner root and no write\npermission for anybody else.  Some exceptionally paranoid systems even require that there  be\nno other hard links to the file.\n\nModern systems use the Pluggable Authentication Modules library (PAM).  With PAM a standalone\nplus sign is considered a wildcard character which means \"any host\" only when the  word  pro‐\nmiscuous  is  added  to  the  auth component line in your PAM file for the particular service\n(e.g., rlogin).\n",
            "subsections": []
        },
        {
            "name": "EXAMPLES",
            "level": 1,
            "content": "Below are some example /etc/host.equiv or ~/.rhosts files.\n\nAllow any user to log in from any host:\n\n+\n\nAllow any user from host with a matching local account to log in:\n\nhost\n\nNote: the use of +host is never a valid syntax, including attempting to specify that any user\nfrom the host is allowed.\n\nAllow any user from host to log in:\n\nhost +\n\nNote:  this  is distinct from the previous example since it does not require a matching local\naccount.\n\nAllow user from host to log in as any non-root user:\n\nhost user\n\nAllow all users with matching local accounts from host to log in except for baduser:\n\nhost -baduser\nhost\n\nDeny all users from host:\n\n-host\n\nNote: the use of -host -user is never a valid syntax, including attempting to specify that  a\nparticular user from the host is not trusted.\n\nAllow all users with matching local accounts on all hosts in a netgroup:\n\n+@netgroup\n\nDisallow all users on all hosts in a netgroup:\n\n-@netgroup\n\nAllow all users in a netgroup to log in from host as any non-root user:\n\nhost +@netgroup\n\nAllow all users with matching local accounts on all hosts in a netgroup except baduser:\n\n+@netgroup -baduser\n+@netgroup\n\nNote:  the  deny statements must always precede the allow statements because the file is pro‐\ncessed sequentially until the first matching rule is found.\n",
            "subsections": [
                {
                    "name": "SEE ALSO",
                    "level": 2,
                    "content": "rhosts(5), rlogind(8), rshd(8)\n"
                }
            ]
        },
        {
            "name": "COLOPHON",
            "level": 1,
            "content": "This page is part of release 5.10 of the Linux  man-pages  project.   A  description  of  the\nproject,  information about reporting bugs, and the latest version of this page, can be found\nat https://www.kernel.org/doc/man-pages/.\n\n\n",
            "subsections": []
        },
        {
            "name": "Linux                                        2020-06-09                               HOSTS.EQUIV(5)",
            "level": 1,
            "content": "",
            "subsections": []
        }
    ]
}