LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    hosts_options

    
    
    

    DESCRIPTION

           This  document  describes optional extensions to the language described
           in the hosts_access(5) document. The extensions are enabled at  program
           build  time.  For  example,  by editing the Makefile and turning on the
           PROCESS_OPTIONS compile-time option.
    
           The extensible language uses the following format:
    
              daemon_list : client_list : option : option ...
    
           The first two fields are described in the hosts_access(5) manual  page.
           The  remainder of the rules is a list of zero or more options.  Any ":"
           characters within options should be protected with a backslash.
    
           An option is of the form "keyword" or "keyword value". Options are pro-
           cessed  in the specified order. Some options are subjected to %<letter>
           substitutions. For the sake of  backwards  compatibility  with  earlier
           versions, an "=" is permitted between keyword and value.
    
    
    

    LOGGING

           severity mail.info
    
           severity notice
                  Change  the  severity  level  at which the event will be logged.
                  Facility names (such as mail) are optional,  and  are  not  sup-
                  ported  on systems with older syslog implementations. The sever-
                  ity option can be  used  to  emphasize  or  to  ignore  specific
                  events.
    
    
    

    ACCESS CONTROL

           allow
    
           deny   Grant  (deny) service. These options must appear at the end of a
                  rule.
    
           The allow and deny keywords make it possible to keep all access control
           rules within a single file, for example in the hosts.allow file.
    
           To permit access from specific hosts only:
    
              ALL: .friendly.domain: ALLOW
              ALL: ALL: DENY
    
           To permit access from all hosts except a few trouble makers:
    
              ALL: .bad.domain: DENY
              ALL: ALL: ALLOW
    
           Notice the leading dot on the domain name patterns.
    
    
    

    RUNNING OTHER COMMANDS

           spawn shell_command
                  the finger server. The "safe_finger" command is part of the dae-
                  mon  wrapper  package; it is a wrapper around the regular finger
                  command that filters the data sent by the remote host.
    
           twist shell_command
                  Replace the current process by  an  instance  of  the  specified
                  shell   command,   after  performing  the  %<letter>  expansions
                  described in the hosts_access(5) manual page.  Stdin, stdout and
                  stderr  are  connected  to  the client process. This option must
                  appear at the end of a rule.
    
                  To send a customized bounce message to  the  client  instead  of
                  running the real ftp daemon:
    
                     in.ftpd : ... : twist /bin/echo 421 Some bounce message
    
                  For an alternative way to talk to client processes, see the ban-
                  ners option below.
    
                  To run /some/other/in.telnetd without polluting its command-line
                  array or its process environment:
    
                     in.telnetd : ... : twist PATH=/some/other; exec in.telnetd
    
                  Warning:  in case of UDP services, do not twist to commands that
                  use the standard I/O or the read(2)/write(2) routines to  commu-
                  nicate  with  the  client process; UDP requires other I/O primi-
                  tives.
    
    
    

    NETWORK OPTIONS

           keepalive
                  Causes the server to periodically send a message to the  client.
                  The  connection  is  considered  broken when the client does not
                  respond. The keepalive option can be useful when users turn  off
                  their  machine  while  it  is  still connected to a server.  The
                  keepalive option is not useful for datagram (UDP) services.
    
           linger number_of_seconds
                  Specifies how long the kernel will try to deliver not-yet deliv-
                  ered data after the server process closes a connection.
    
    
    

    USERNAME LOOKUP

           rfc931 [ timeout_in_seconds ]
                  Look  up  the client user name with the RFC 931 (TAP, IDENT, RFC
                  1413) protocol.  This option is silently ignored in case of ser-
                  vices  based on transports other than TCP.  It requires that the
                  client system runs an RFC 931 (IDENT, etc.)  -compliant  daemon,
                  and  may  cause noticeable delays with connections from non-UNIX
                  clients.  The timeout period is optional. If no timeout is spec-
                  ified a compile-time defined default value is taken.
    
    
    

    MISCELLANEOUS

                  Change  the  nice  value of the process (default 10).  Specify a
                  positive value to spend more CPU resources on other processes.
    
           setenv name value
                  Place a (name, value) pair into  the  process  environment.  The
                  value  is  subjected  to  %<letter>  expansions  and may contain
                  whitespace (but leading and trailing blanks are stripped off).
    
                  Warning: many network daemons  reset  their  environment  before
                  spawning a login or shell process.
    
           umask 022
                  Like the umask command that is built into the shell. An umask of
                  022 prevents the creation of files with group  and  world  write
                  permission.  The umask argument should be an octal number.
    
           user nobody
    
           user nobody.kmem
                  Assume  the privileges of the "nobody" userid (or user "nobody",
                  group "kmem"). The first form is useful with  inetd  implementa-
                  tions that run all services with root privilege. The second form
                  is useful for services that need special group privileges  only.
    
    
    

    DIAGNOSTICS

           When  a  syntax  error is found in an access control rule, the error is
           reported to the syslog daemon; further options  will  be  ignored,  and
           service is denied.
    
    
    

    SEE ALSO

           hosts_access(5), the default access control language
    
    
    

    AUTHOR

           Wietse Venema (wietse@wzv.win.tue.nl)
           Department of Mathematics and Computing Science
           Eindhoven University of Technology
           Den Dolech 2, P.O. Box 513,
           5600 MB Eindhoven, The Netherlands
    
                                                                  HOSTS_OPTIONS(5)
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz