• Last 5 Forum Topics
    Last post

The Web Only This Site



  • MARC

    Mailing list ARChives
    - Search by -


    Computing Dictionary

  • Text Link Ads

  • LINUX man pages
  • Linux Man Page Viewer

    The following form allows you to view linux man pages.





           This  document  describes optional extensions to the language described
           in the hosts_access(5) document. The extensions are enabled at  program
           build  time.  For  example,  by editing the Makefile and turning on the
           PROCESS_OPTIONS compile-time option.
           The extensible language uses the following format:
              daemon_list : client_list : option : option ...
           The first two fields are described in the hosts_access(5) manual  page.
           The  remainder of the rules is a list of zero or more options.  Any ":"
           characters within options should be protected with a backslash.
           An option is of the form "keyword" or "keyword value". Options are pro-
           cessed  in the specified order. Some options are subjected to %<letter>
           substitutions. For the sake of  backwards  compatibility  with  earlier
           versions, an "=" is permitted between keyword and value.


           severity notice
                  Change  the  severity  level  at which the event will be logged.
                  Facility names (such as mail) are optional,  and  are  not  sup-
                  ported  on systems with older syslog implementations. The sever-
                  ity option can be  used  to  emphasize  or  to  ignore  specific


           deny   Grant  (deny) service. These options must appear at the end of a
           The allow and deny keywords make it possible to keep all access control
           rules within a single file, for example in the hosts.allow file.
           To permit access from specific hosts only:
              ALL: .friendly.domain: ALLOW
              ALL: ALL: DENY
           To permit access from all hosts except a few trouble makers:
              ALL: .bad.domain: DENY
              ALL: ALL: ALLOW
           Notice the leading dot on the domain name patterns.


           spawn shell_command
                  the finger server. The "safe_finger" command is part of the dae-
                  mon  wrapper  package; it is a wrapper around the regular finger
                  command that filters the data sent by the remote host.
           twist shell_command
                  Replace the current process by  an  instance  of  the  specified
                  shell   command,   after  performing  the  %<letter>  expansions
                  described in the hosts_access(5) manual page.  Stdin, stdout and
                  stderr  are  connected  to  the client process. This option must
                  appear at the end of a rule.
                  To send a customized bounce message to  the  client  instead  of
                  running the real ftp daemon:
                     in.ftpd : ... : twist /bin/echo 421 Some bounce message
                  For an alternative way to talk to client processes, see the ban-
                  ners option below.
                  To run /some/other/in.telnetd without polluting its command-line
                  array or its process environment:
                     in.telnetd : ... : twist PATH=/some/other; exec in.telnetd
                  Warning:  in case of UDP services, do not twist to commands that
                  use the standard I/O or the read(2)/write(2) routines to  commu-
                  nicate  with  the  client process; UDP requires other I/O primi-


                  Causes the server to periodically send a message to the  client.
                  The  connection  is  considered  broken when the client does not
                  respond. The keepalive option can be useful when users turn  off
                  their  machine  while  it  is  still connected to a server.  The
                  keepalive option is not useful for datagram (UDP) services.
           linger number_of_seconds
                  Specifies how long the kernel will try to deliver not-yet deliv-
                  ered data after the server process closes a connection.


           rfc931 [ timeout_in_seconds ]
                  Look  up  the client user name with the RFC 931 (TAP, IDENT, RFC
                  1413) protocol.  This option is silently ignored in case of ser-
                  vices  based on transports other than TCP.  It requires that the
                  client system runs an RFC 931 (IDENT, etc.)  -compliant  daemon,
                  and  may  cause noticeable delays with connections from non-UNIX
                  clients.  The timeout period is optional. If no timeout is spec-
                  ified a compile-time defined default value is taken.


                  Change  the  nice  value of the process (default 10).  Specify a
                  positive value to spend more CPU resources on other processes.
           setenv name value
                  Place a (name, value) pair into  the  process  environment.  The
                  value  is  subjected  to  %<letter>  expansions  and may contain
                  whitespace (but leading and trailing blanks are stripped off).
                  Warning: many network daemons  reset  their  environment  before
                  spawning a login or shell process.
           umask 022
                  Like the umask command that is built into the shell. An umask of
                  022 prevents the creation of files with group  and  world  write
                  permission.  The umask argument should be an octal number.
           user nobody
           user nobody.kmem
                  Assume  the privileges of the "nobody" userid (or user "nobody",
                  group "kmem"). The first form is useful with  inetd  implementa-
                  tions that run all services with root privilege. The second form
                  is useful for services that need special group privileges  only.


           When  a  syntax  error is found in an access control rule, the error is
           reported to the syslog daemon; further options  will  be  ignored,  and
           service is denied.


           hosts_access(5), the default access control language


           Wietse Venema (
           Department of Mathematics and Computing Science
           Eindhoven University of Technology
           Den Dolech 2, P.O. Box 513,
           5600 MB Eindhoven, The Netherlands

  • Linux

    The Distributions


    The Software


    The News


  • Toll Free
Copyright © 1999 - 2016 by LinuxGuruz