Table of Contents
Advertisement
Section 9.2:Host-Based Access Control Lists
Various expansions containing specific information about the client, server, and process involved are
available to the shell commands:
•
%a — The client's IP address.
•
%A — The server's IP address.
•
%c — Various types of client information, such as the username and hostname, or the username
and IP address.
•
%d — The daemon process name.
•
%h — The client's hostname (or IP address, if the hostname is unavailable).
•
%H — The server's hostname (or IP address, if the hostname is unavailable).
•
%n — The client's hostname. If unavailable, unknown is printed. If the client's hostname and
host address do not match, paranoid is printed.
•
%N — The server's hostname. If unavailable, unknown is printed. If the server's hostname and
host address do not match, paranoid is printed.
•
%p — The daemon process ID.
•
%s — Various types of server information, such as the daemon process and the host or IP address
of the server.
•
%u — The client's username. If unavailable, unknown is printed.
For a full examination of shell commands, as well as some additional access control examples, review
the hosts_access(5) man page.
Special attention must be given to portmap when using it with host access
control lists. Only IP addresses or the ALL option should be used when spec-
ifying hosts to allow or deny, as host names are not supported. In addition,
changes to the host access control lists that concern portmap may not take
affect immediately.
As widely used services, such as NIS and NFS, depend on portmap to op-
erate, be aware of these limitations before depending on hosts.allow and
hosts.deny to control access by certain hosts.
Note
149
Advertisement
Table of Contents
Need help?
Do you have a question about the LINUX 7.2 and is the answer not in the manual?