.rhosts File Format for TCP/IP
Purpose
Specifies remote users that can use a local user account on a network.
Description
The $HOME/.rhosts file defines which remote hosts (computers on a network) can invoke certain commands on the local host without supplying a password. This file is a hidden file in the local user's home directory and must be owned by the local user. It is recommended that the permissions of the .rhosts file be set to 600 (read and write by the owner only). The group user and others should not have write permission for the .rhosts file. If write permission is granted to the group user (and others), then permission to invoke any command on the local host will not be given to the remote host . The format of the $HOME/.rhosts file is:
When a remote command executes, the local host uses the local /etc/hosts.equiv file and the $HOME/.rhosts file of the local user account to validate the remote host and remote user.
Host-Name Field
The .rhosts file supports the following host-name entries:
+
HostName
-HostName
+@NetGroup
-@NetGroupA + (plus sign) signifies that any host on the network is trusted. The HostName entry is the name of a remote host and signifies that any user logging in from HostName is trusted. A -HostName entry signifies that the host is not trusted. A +@NetGroup or -@NetGroup entry signifies that all hosts in the netgroup or no hosts in the netgroup, respectively, are trusted.
The @NetGroup parameter is used by Network Information Service (NIS) for grouping. Refer to the NIS netgroup file for more information.
User-Name Field
The .rhosts file supports the following user-name entries:
+
UserName
-UserName
+@NetGroup
-@NetGroupA + (plus sign) signifies that any user on the network is trusted. The UserName entry is the login name of the remote user and signifies that the user is trusted. If no user name is specified, the remote user name must match the local user name. A -UserName entry signifies that the user is not trusted. A +@NetGroup or -@NetGroup entry signifies that all users in the netgroup or no users in the netgroup, respectively, are trusted.
The @NetGroup parameter is used by NIS for grouping. Refer to the NIS netgroup file for more information.
Examples
- To allow remote users to log in to a local-user account, enter:
 
 These entries in the local user's $HOME/.rhosts file allow users dewey and irving at remote host hamlet to log in as the local user on the local host.hamlet dewey hamlet irving
- To prevent any user on a given remote host from logging in to
a local-user account, enter:  
 This entry in the local user's $HOME/.rhosts file prevents any user on remote host hamlet from logging in as a local user on the local host.-hamlet
- To allow all hosts in a netgroup to log in to a local-user account,
while restricting specified users, enter:  
 This entry in the local user's $HOME/.rhosts file allows all hosts in the century netgroup to log in to the local host. However, users joe and mary are not trusted, and therefore are requested to supply a password. The deny, or - (minus sign), statements must precede the accept, or + (plus sign), statements in the list. The @ (at sign) signifies the network is using NIS grouping.+@century -joe +@century -mary +@century
Files
| Item | Description | 
|---|---|
| /etc/host.equiv | Specifies remote systems that can execute commands on the local system. | 
| netgroup | Lists the groups of users on the network. |