10.1.2.2 Using the IP
AddressAll of the $HOME/.netrc, $HOME/.forward, $HOME/.rhosts, and /etc/hosts.equiv files have security implications for their implementation.
The $HOME/.netrc file contains information used by the automatic login feature of the rexec and ftp commands. It is a hidden file in a user's home directory and must be owned either by the user executing the command or by the root user. If the .netrc file contains a login password, the file's permissions must be set to 600 (read and write by owner only). The login password is in plain text. Even with permissions set to 600, passwords for remote systems are vulnerable to being revealed to any user with root authority.
When mail is sent to a local user, the sendmail command checks for the $HOME/.forward file. The $HOME/.forward file can contain one or more addresses or aliases. If the file exists, the message is not sent to the user. The message is sent to the addresses or aliases in the $HOME/.forward file. All messages, including confidential ones, will never reach the user if this is implemented.
The /etc/hosts.equiv file, along with any local $HOME/.rhosts files, defines the hosts (computers on a network) and user accounts that can invoke remote commands on a local host without supplying a password. The $HOME/.rhosts file is similar to the /etc/hosts.equiv file, except that it is maintained for individual users.
The $HOME/.rhosts file defines which remote hosts (computers on a network) can invoke certain commands on the local host without supplying a password. This file is a hidden file in the local user's home directory and must be owned by the local user. Although you can set any permissions for this file, it is recommended that the permissions of the .rhosts file be set to 600 (read and write by owner only). Bypassing the need for a password may be a security concern, especially if you allow all users on a particular system \access without needing a password.
The permissions and the entries in the $HOME/.rhosts file will affect
whether a user on a remote host can successfully establish an rsh
session. Some examples are:
Table 16: $HOME/.rhosts Definitions
10.3 Removing a Network
Adapter