Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 64 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       This  document  describes  optional extensions to the lan­
       guage  described  in  the  hosts_access(5)  document.  The
       extensions are enabled at program build time. For example,
       by editing the Makefile and turning on the PROCESS_OPTIONS
       compile-time option.

       The extensible language uses the following format:

          daemon_list : client_list : option : option ...

       The  first two fields are described in the hosts_access(5)
       manual page.  The remainder of the rules is a list of zero
       or more options.  Any ":" characters within options should
       be protected with a backslash.

       An option is of the form  "keyword"  or  "keyword  value".
       Options are processed in the specified order. Some options
       are subjected to %<letter> substitutions. For the sake  of
       backwards  compatibility  with earlier versions, an "=" is
       permitted between keyword and value.


       severity mail.info

       severity notice
              Change the severity level at which the  event  will
              be  logged.  Facility  names  (such  as  mail)  are
              optional, and are not  supported  on  systems  with
              older  syslog  implementations. The severity option
              can be used to  emphasize  or  to  ignore  specific



       deny   Grant  (deny) service. These options must appear at
              the end of a rule.

       The allow and deny keywords make it possible to  keep  all
       access  control rules within a single file, for example in
       the hosts.allow file.

       To permit access from specific hosts only:

          ALL: .friendly.domain: ALLOW
          ALL: ALL: DENY

       To permit access from all hosts except a few trouble  mak­

          ALL: .bad.domain: DENY

              executes, in a background child process, the  shell
              command  "safe_finger  -l  @%h  |  mail root" after
              replacing %h by the name or address of  the  remote

              The  example uses the "safe_finger" command instead
              of the regular "finger" command, to limit  possible
              damage  from  data  sent  by the finger server. The
              "safe_finger" command is part of the daemon wrapper
              package;  it is a wrapper around the regular finger
              command that filters the data sent  by  the  remote

       twist shell_command
              Replace  the  current process by an instance of the
              specified  shell  command,  after  performing   the
              %<letter>     expansions     described    in    the
              hosts_access(5) manual  page.   Stdin,  stdout  and
              stderr  are  connected  to the client process. This
              option must appear at the end of a rule.

              To send a customized bounce message to  the  client
              instead of running the real ftp daemon:

                 in.ftpd : ... : twist /bin/echo 421 Some bounce message

              For an alternative way to talk to client processes,
              see the banners option below.

              To run /some/other/in.telnetd without polluting its
              command-line array or its process environment:

                 in.telnetd : ... : twist PATH=/some/other; exec in.telnetd

              Warning:   in case of UDP services, do not twist to
              commands  that  use  the  standard   I/O   or   the
              read(2)/write(2)  routines  to communicate with the
              client process; UDP requires other I/O  primitives.


              Causes the server to periodically send a message to
              the client.  The connection  is  considered  broken
              when  the  client  does  not respond. The keepalive
              option can be useful  when  users  turn  off  their
              machine  while  it  is still connected to a server.
              The keepalive option is  not  useful  for  datagram
              (UDP) services.

       linger number_of_seconds
              Specifies  how  long the kernel will try to deliver


       banners /some/directory
              Look  for a file in `/some/directory' with the same
              name as the daemon process (for example  in.telnetd
              for  the  telnet service), and copy its contents to
              the client. Newline characters are replaced by car­
              riage-return  newline,  and %<letter> sequences are
              expanded (see the hosts_access(5) manual page).

              The tcp wrappers source code distribution  provides
              a sample makefile (Banners.Makefile) for convenient
              banner maintenance.

              Warning: banners are supported for  connection-ori­
              ented (TCP) network services only.

       nice [ number ]
              Change  the nice value of the process (default 10).
              Specify  a  positive  value  to  spend   more   CPU
              resources on other processes.

       setenv name value
              Place  a  (name, value) pair into the process envi­
              ronment. The value is subjected to %<letter> expan­
              sions  and  may contain whitespace (but leading and
              trailing blanks are stripped off).

              Warning: many network daemons reset their  environ­
              ment before spawning a login or shell process.

       umask 022
              Like  the  umask  command  that  is  built into the
              shell. An umask of 022  prevents  the  creation  of
              files  with  group and world write permission.  The
              umask argument should be an octal number.

       user nobody

       user nobody.kmem
              Assume the privileges of the  "nobody"  userid  (or
              user  "nobody",  group  "kmem").  The first form is
              useful with inetd implementations that run all ser­
              vices  with root privilege. The second form is use­
              ful for services that need special group privileges


       When  a  syntax  error is found in an access control rule,
       the error  is  reported  to  the  syslog  daemon;  further
       options will be ignored, and service is denied.

Help us cut cost by not downloading the whole site!
Use of automated download sofware ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and therefore is expressedly prohibited. For more details on this, take a look here



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.11 Seconds