Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
HP & Linux

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 176 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

hosts_options



DESCRIPTION

       This  document  describes  optional extensions to the lan­
       guage  described  in  the  hosts_access(5)  document.  The
       extensions are enabled at program build time. For example,
       by editing the Makefile and turning on the PROCESS_OPTIONS
       compile-time option.

       The extensible language uses the following format:

          daemon_list : client_list : option : option ...

       The  first two fields are described in the hosts_access(5)
       manual page.  The remainder of the rules is a list of zero
       or more options.  Any ":" characters within options should
       be protected with a backslash.

       An option is of the form  "keyword"  or  "keyword  value".
       Options are processed in the specified order. Some options
       are subjected to %<letter> substitutions. For the sake  of
       backwards  compatibility  with earlier versions, an "=" is
       permitted between keyword and value.


LOGGING

       severity mail.info

       severity notice
              Change the severity level at which the  event  will
              be  logged.  Facility  names  (such  as  mail)  are
              optional, and are not  supported  on  systems  with
              older  syslog  implementations. The severity option
              can be used to  emphasize  or  to  ignore  specific
              events.


ACCESS CONTROL

       allow

       deny   Grant  (deny) service. These options must appear at
              the end of a rule.

       The allow and deny keywords make it possible to  keep  all
       access  control rules within a single file, for example in
       the hosts.allow file.

       To permit access from specific hosts only:

          ALL: .friendly.domain: ALLOW
          ALL: ALL: DENY

       To permit access from all hosts except a few trouble  mak­
       ers:

          ALL: .bad.domain: DENY

              executes, in a background child process, the  shell
              command  "safe_finger  -l  @%h  |  mail root" after
              replacing %h by the name or address of  the  remote
              host.

              The  example uses the "safe_finger" command instead
              of the regular "finger" command, to limit  possible
              damage  from  data  sent  by the finger server. The
              "safe_finger" command is part of the daemon wrapper
              package;  it is a wrapper around the regular finger
              command that filters the data sent  by  the  remote
              host.

       twist shell_command
              Replace  the  current process by an instance of the
              specified  shell  command,  after  performing   the
              %<letter>     expansions     described    in    the
              hosts_access(5) manual  page.   Stdin,  stdout  and
              stderr  are  connected  to the client process. This
              option must appear at the end of a rule.

              To send a customized bounce message to  the  client
              instead of running the real ftp daemon:

                 in.ftpd : ... : twist /bin/echo 421 Some bounce message

              For an alternative way to talk to client processes,
              see the banners option below.

              To run /some/other/in.telnetd without polluting its
              command-line array or its process environment:

                 in.telnetd : ... : twist PATH=/some/other; exec in.telnetd

              Warning:   in case of UDP services, do not twist to
              commands  that  use  the  standard   I/O   or   the
              read(2)/write(2)  routines  to communicate with the
              client process; UDP requires other I/O  primitives.


NETWORK OPTIONS

       keepalive
              Causes the server to periodically send a message to
              the client.  The connection  is  considered  broken
              when  the  client  does  not respond. The keepalive
              option can be useful  when  users  turn  off  their
              machine  while  it  is still connected to a server.
              The keepalive option is  not  useful  for  datagram
              (UDP) services.

       linger number_of_seconds
              Specifies  how  long the kernel will try to deliver


MISCELLANEOUS

       banners /some/directory
              Look  for a file in `/some/directory' with the same
              name as the daemon process (for example  in.telnetd
              for  the  telnet service), and copy its contents to
              the client. Newline characters are replaced by car­
              riage-return  newline,  and %<letter> sequences are
              expanded (see the hosts_access(5) manual page).

              The tcp wrappers source code distribution  provides
              a sample makefile (Banners.Makefile) for convenient
              banner maintenance.

              Warning: banners are supported for  connection-ori­
              ented (TCP) network services only.

       nice [ number ]
              Change  the nice value of the process (default 10).
              Specify  a  positive  value  to  spend   more   CPU
              resources on other processes.

       setenv name value
              Place  a  (name, value) pair into the process envi­
              ronment. The value is subjected to %<letter> expan­
              sions  and  may contain whitespace (but leading and
              trailing blanks are stripped off).

              Warning: many network daemons reset their  environ­
              ment before spawning a login or shell process.

       umask 022
              Like  the  umask  command  that  is  built into the
              shell. An umask of 022  prevents  the  creation  of
              files  with  group and world write permission.  The
              umask argument should be an octal number.

       user nobody

       user nobody.kmem
              Assume the privileges of the  "nobody"  userid  (or
              user  "nobody",  group  "kmem").  The first form is
              useful with inetd implementations that run all ser­
              vices  with root privilege. The second form is use­
              ful for services that need special group privileges
              only.


DIAGNOSTICS

       When  a  syntax  error is found in an access control rule,
       the error  is  reported  to  the  syslog  daemon;  further
       options will be ignored, and service is denied.

  
Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
You can help in many different ways.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.04 Seconds