source: trunk/third/tcp_wrappers/hosts_options.5 @ 11717

Revision 11717, 6.5 KB checked in by danw, 26 years ago (diff)
This commit was generated by cvs2svn to compensate for changes in r11716, which included commits to RCS files with non-trunk default branches.
Line 
1.TH HOSTS_OPTIONS 5
2.SH NAME
3hosts_options \- host access control language extensions
4.SH DESCRIPTION
5This document describes optional extensions to the language described
6in the hosts_access(5) document. The extensions are enabled at program
7build time. For example, by editing the Makefile and turning on the
8PROCESS_OPTIONS compile-time option.
9.PP
10The extensible language uses the following format:
11.sp
12.ti +3
13daemon_list : client_list : option : option ...
14.PP
15The first two fields are described in the hosts_access(5) manual page.
16The remainder of the rules is a list of zero or more options.  Any ":"
17characters within options should be protected with a backslash.
18.PP
19An option is of the form "keyword" or "keyword value". Options are
20processed in the specified order. Some options are subjected to
21%<letter> substitutions. For the sake of backwards compatibility with
22earlier versions, an "=" is permitted between keyword and value.
23.SH LOGGING
24.IP "severity mail.info"
25.IP "severity notice"
26Change the severity level at which the event will be logged. Facility
27names (such as mail) are optional, and are not supported on systems
28with older syslog implementations. The severity option can be used
29to emphasize or to ignore specific events.
30.SH ACCESS CONTROL
31.IP "allow"
32.IP "deny"
33Grant (deny) service. These options must appear at the end of a rule.
34.PP
35The \fIallow\fR and \fIdeny\fR keywords make it possible to keep all
36access control rules within a single file, for example in the
37\fIhosts.allow\fR file.
38.sp
39To permit access from specific hosts only:
40.sp
41.ne 2
42.ti +3
43ALL: .friendly.domain: ALLOW
44.ti +3
45ALL: ALL: DENY
46.sp
47To permit access from all hosts except a few trouble makers:
48.sp
49.ne 2
50.ti +3
51ALL: .bad.domain: DENY
52.ti +3
53ALL: ALL: ALLOW
54.sp
55Notice the leading dot on the domain name patterns.
56.SH RUNNING OTHER COMMANDS
57.IP "spawn shell_command"
58Execute, in a child process, the specified shell command, after
59performing the %<letter> expansions described in the hosts_access(5)
60manual page.  The command is executed with stdin, stdout and stderr
61connected to the null device, so that it won\'t mess up the
62conversation with the client host. Example:
63.sp
64.nf
65.ti +3
66spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) &
67.fi
68.sp
69executes, in a background child process, the shell command "safe_finger
70-l @%h | mail root" after replacing %h by the name or address of the
71remote host.
72.sp
73The example uses the "safe_finger" command instead of the regular
74"finger" command, to limit possible damage from data sent by the finger
75server. The "safe_finger" command is part of the daemon wrapper
76package; it is a wrapper around the regular finger command that filters
77the data sent by the remote host.
78.IP "twist shell_command"
79Replace the current process by an instance of the specified shell
80command, after performing the %<letter> expansions described in the
81hosts_access(5) manual page.  Stdin, stdout and stderr are connected to
82the client process. This option must appear at the end of a rule.
83.sp
84To send a customized bounce message to the client instead of
85running the real ftp daemon:
86.sp
87.nf
88.ti +3
89in.ftpd : ... : twist /bin/echo 421 Some bounce message
90.fi
91.sp
92For an alternative way to talk to client processes, see the
93\fIbanners\fR option below.
94.sp
95To run /some/other/in.telnetd without polluting its command-line
96array or its process environment:
97.sp
98.nf
99.ti +3
100in.telnetd : ... : twist PATH=/some/other; exec in.telnetd
101.fi
102.sp
103Warning:  in case of UDP services, do not twist to commands that use
104the standard I/O or the read(2)/write(2) routines to communicate with
105the client process; UDP requires other I/O primitives.
106.SH NETWORK OPTIONS
107.IP "keepalive"
108Causes the server to periodically send a message to the client.  The
109connection is considered broken when the client does not respond. The
110keepalive option can be useful when users turn off their machine while
111it is still connected to a server.  The keepalive option is not useful
112for datagram (UDP) services.
113.IP "linger number_of_seconds"
114Specifies how long the kernel will try to deliver not-yet delivered
115data after the server process closes a connection.
116.SH USERNAME LOOKUP
117.IP "rfc931 [ timeout_in_seconds ]"
118Look up the client user name with the RFC 931 (TAP, IDENT, RFC 1413)
119protocol.  This option is silently ignored in case of services based on
120transports other than TCP.  It requires that the client system runs an
121RFC 931 (IDENT, etc.) -compliant daemon, and may cause noticeable
122delays with connections from non-UNIX clients.  The timeout period is
123optional. If no timeout is specified a compile-time defined default
124value is taken.
125.SH MISCELLANEOUS
126.IP "banners /some/directory"
127Look for a file in `/some/directory' with the same name as the daemon
128process (for example in.telnetd for the telnet service), and copy its
129contents to the client. Newline characters are replaced by
130carriage-return newline, and %<letter> sequences are expanded (see
131the hosts_access(5) manual page).
132.sp
133The tcp wrappers source code distribution provides a sample makefile
134(Banners.Makefile) for convenient banner maintenance.
135.sp
136Warning: banners are supported for connection-oriented (TCP) network
137services only.
138.IP "nice [ number ]"
139Change the nice value of the process (default 10).  Specify a positive
140value to spend more CPU resources on other processes.
141.IP "setenv name value"
142Place a (name, value) pair into the process environment. The value is
143subjected to %<letter> expansions and may contain whitespace (but
144leading and trailing blanks are stripped off).
145.sp
146Warning: many network daemons reset their environment before spawning a
147login or shell process.
148.IP "umask 022"
149Like the umask command that is built into the shell. An umask of 022
150prevents the creation of files with group and world write permission.
151The umask argument should be an octal number.
152.IP "user nobody"
153.IP "user nobody.kmem"
154Assume the privileges of the "nobody" userid (or user "nobody", group
155"kmem"). The first form is useful with inetd implementations that run
156all services with root privilege. The second form is useful for
157services that need special group privileges only.
158.SH DIAGNOSTICS
159When a syntax error is found in an access control rule, the error
160is reported to the syslog daemon; further options will be ignored,
161and service is denied.
162.SH SEE ALSO
163hosts_access(5), the default access control language
164.SH AUTHOR
165.na
166.nf
167Wietse Venema (wietse@wzv.win.tue.nl)
168Department of Mathematics and Computing Science
169Eindhoven University of Technology
170Den Dolech 2, P.O. Box 513,
1715600 MB Eindhoven, The Netherlands
172\" @(#) hosts_options.5 1.10 94/12/28 17:42:28
Note: See TracBrowser for help on using the repository browser.