1 | .TH HOSTS_OPTIONS 5 |
---|
2 | .SH NAME |
---|
3 | hosts_options \- host access control language extensions |
---|
4 | .SH DESCRIPTION |
---|
5 | This document describes optional extensions to the language described |
---|
6 | in the hosts_access(5) document. The extensions are enabled at program |
---|
7 | build time. For example, by editing the Makefile and turning on the |
---|
8 | PROCESS_OPTIONS compile-time option. |
---|
9 | .PP |
---|
10 | The extensible language uses the following format: |
---|
11 | .sp |
---|
12 | .ti +3 |
---|
13 | daemon_list : client_list : option : option ... |
---|
14 | .PP |
---|
15 | The first two fields are described in the hosts_access(5) manual page. |
---|
16 | The remainder of the rules is a list of zero or more options. Any ":" |
---|
17 | characters within options should be protected with a backslash. |
---|
18 | .PP |
---|
19 | An option is of the form "keyword" or "keyword value". Options are |
---|
20 | processed in the specified order. Some options are subjected to |
---|
21 | %<letter> substitutions. For the sake of backwards compatibility with |
---|
22 | earlier versions, an "=" is permitted between keyword and value. |
---|
23 | .SH LOGGING |
---|
24 | .IP "severity mail.info" |
---|
25 | .IP "severity notice" |
---|
26 | Change the severity level at which the event will be logged. Facility |
---|
27 | names (such as mail) are optional, and are not supported on systems |
---|
28 | with older syslog implementations. The severity option can be used |
---|
29 | to emphasize or to ignore specific events. |
---|
30 | .SH ACCESS CONTROL |
---|
31 | .IP "allow" |
---|
32 | .IP "deny" |
---|
33 | Grant (deny) service. These options must appear at the end of a rule. |
---|
34 | .PP |
---|
35 | The \fIallow\fR and \fIdeny\fR keywords make it possible to keep all |
---|
36 | access control rules within a single file, for example in the |
---|
37 | \fIhosts.allow\fR file. |
---|
38 | .sp |
---|
39 | To permit access from specific hosts only: |
---|
40 | .sp |
---|
41 | .ne 2 |
---|
42 | .ti +3 |
---|
43 | ALL: .friendly.domain: ALLOW |
---|
44 | .ti +3 |
---|
45 | ALL: ALL: DENY |
---|
46 | .sp |
---|
47 | To permit access from all hosts except a few trouble makers: |
---|
48 | .sp |
---|
49 | .ne 2 |
---|
50 | .ti +3 |
---|
51 | ALL: .bad.domain: DENY |
---|
52 | .ti +3 |
---|
53 | ALL: ALL: ALLOW |
---|
54 | .sp |
---|
55 | Notice the leading dot on the domain name patterns. |
---|
56 | .SH RUNNING OTHER COMMANDS |
---|
57 | .IP "spawn shell_command" |
---|
58 | Execute, in a child process, the specified shell command, after |
---|
59 | performing the %<letter> expansions described in the hosts_access(5) |
---|
60 | manual page. The command is executed with stdin, stdout and stderr |
---|
61 | connected to the null device, so that it won\'t mess up the |
---|
62 | conversation with the client host. Example: |
---|
63 | .sp |
---|
64 | .nf |
---|
65 | .ti +3 |
---|
66 | spawn (/some/where/safe_finger -l @%h | /usr/ucb/mail root) & |
---|
67 | .fi |
---|
68 | .sp |
---|
69 | executes, in a background child process, the shell command "safe_finger |
---|
70 | -l @%h | mail root" after replacing %h by the name or address of the |
---|
71 | remote host. |
---|
72 | .sp |
---|
73 | The example uses the "safe_finger" command instead of the regular |
---|
74 | "finger" command, to limit possible damage from data sent by the finger |
---|
75 | server. The "safe_finger" command is part of the daemon wrapper |
---|
76 | package; it is a wrapper around the regular finger command that filters |
---|
77 | the data sent by the remote host. |
---|
78 | .IP "twist shell_command" |
---|
79 | Replace the current process by an instance of the specified shell |
---|
80 | command, after performing the %<letter> expansions described in the |
---|
81 | hosts_access(5) manual page. Stdin, stdout and stderr are connected to |
---|
82 | the client process. This option must appear at the end of a rule. |
---|
83 | .sp |
---|
84 | To send a customized bounce message to the client instead of |
---|
85 | running the real ftp daemon: |
---|
86 | .sp |
---|
87 | .nf |
---|
88 | .ti +3 |
---|
89 | in.ftpd : ... : twist /bin/echo 421 Some bounce message |
---|
90 | .fi |
---|
91 | .sp |
---|
92 | For an alternative way to talk to client processes, see the |
---|
93 | \fIbanners\fR option below. |
---|
94 | .sp |
---|
95 | To run /some/other/in.telnetd without polluting its command-line |
---|
96 | array or its process environment: |
---|
97 | .sp |
---|
98 | .nf |
---|
99 | .ti +3 |
---|
100 | in.telnetd : ... : twist PATH=/some/other; exec in.telnetd |
---|
101 | .fi |
---|
102 | .sp |
---|
103 | Warning: in case of UDP services, do not twist to commands that use |
---|
104 | the standard I/O or the read(2)/write(2) routines to communicate with |
---|
105 | the client process; UDP requires other I/O primitives. |
---|
106 | .SH NETWORK OPTIONS |
---|
107 | .IP "keepalive" |
---|
108 | Causes the server to periodically send a message to the client. The |
---|
109 | connection is considered broken when the client does not respond. The |
---|
110 | keepalive option can be useful when users turn off their machine while |
---|
111 | it is still connected to a server. The keepalive option is not useful |
---|
112 | for datagram (UDP) services. |
---|
113 | .IP "linger number_of_seconds" |
---|
114 | Specifies how long the kernel will try to deliver not-yet delivered |
---|
115 | data after the server process closes a connection. |
---|
116 | .SH USERNAME LOOKUP |
---|
117 | .IP "rfc931 [ timeout_in_seconds ]" |
---|
118 | Look up the client user name with the RFC 931 (TAP, IDENT, RFC 1413) |
---|
119 | protocol. This option is silently ignored in case of services based on |
---|
120 | transports other than TCP. It requires that the client system runs an |
---|
121 | RFC 931 (IDENT, etc.) -compliant daemon, and may cause noticeable |
---|
122 | delays with connections from non-UNIX clients. The timeout period is |
---|
123 | optional. If no timeout is specified a compile-time defined default |
---|
124 | value is taken. |
---|
125 | .SH MISCELLANEOUS |
---|
126 | .IP "banners /some/directory" |
---|
127 | Look for a file in `/some/directory' with the same name as the daemon |
---|
128 | process (for example in.telnetd for the telnet service), and copy its |
---|
129 | contents to the client. Newline characters are replaced by |
---|
130 | carriage-return newline, and %<letter> sequences are expanded (see |
---|
131 | the hosts_access(5) manual page). |
---|
132 | .sp |
---|
133 | The tcp wrappers source code distribution provides a sample makefile |
---|
134 | (Banners.Makefile) for convenient banner maintenance. |
---|
135 | .sp |
---|
136 | Warning: banners are supported for connection-oriented (TCP) network |
---|
137 | services only. |
---|
138 | .IP "nice [ number ]" |
---|
139 | Change the nice value of the process (default 10). Specify a positive |
---|
140 | value to spend more CPU resources on other processes. |
---|
141 | .IP "setenv name value" |
---|
142 | Place a (name, value) pair into the process environment. The value is |
---|
143 | subjected to %<letter> expansions and may contain whitespace (but |
---|
144 | leading and trailing blanks are stripped off). |
---|
145 | .sp |
---|
146 | Warning: many network daemons reset their environment before spawning a |
---|
147 | login or shell process. |
---|
148 | .IP "umask 022" |
---|
149 | Like the umask command that is built into the shell. An umask of 022 |
---|
150 | prevents the creation of files with group and world write permission. |
---|
151 | The umask argument should be an octal number. |
---|
152 | .IP "user nobody" |
---|
153 | .IP "user nobody.kmem" |
---|
154 | Assume the privileges of the "nobody" userid (or user "nobody", group |
---|
155 | "kmem"). The first form is useful with inetd implementations that run |
---|
156 | all services with root privilege. The second form is useful for |
---|
157 | services that need special group privileges only. |
---|
158 | .SH DIAGNOSTICS |
---|
159 | When a syntax error is found in an access control rule, the error |
---|
160 | is reported to the syslog daemon; further options will be ignored, |
---|
161 | and service is denied. |
---|
162 | .SH SEE ALSO |
---|
163 | hosts_access(5), the default access control language |
---|
164 | .SH AUTHOR |
---|
165 | .na |
---|
166 | .nf |
---|
167 | Wietse Venema (wietse@wzv.win.tue.nl) |
---|
168 | Department of Mathematics and Computing Science |
---|
169 | Eindhoven University of Technology |
---|
170 | Den Dolech 2, P.O. Box 513, |
---|
171 | 5600 MB Eindhoven, The Netherlands |
---|
172 | \" @(#) hosts_options.5 1.10 94/12/28 17:42:28 |
---|