The use of "dot files" on the PLUS clusters
In your AFS home directory you can create some files to make (parts of) your life easier. These files, affectionately known as "dot files", help in the authentication for different commands, that normally would need you to specify a username/password combination. The two "dot files" described on this page have a few common features: they should reside in your $HOME directory /afs/cern.ch/user/u/username, and should not be readable by anyone but you (and your programs). Although they are AFS protected as well, please add the standard UNIX protection as well:
chmod go= $HOME/.rhosts or chmod 600 $HOME/.rhosts
Here are the two dotfiles:
This file is used by many "remote" commands, like rsh, rlogin, rfcp and rcp. If you try to establish a connection with one of these commands, the $HOME/.rhosts decides whether you get it or not. If the machine/username combination of the machine from which you run your "remote" command is in this file, the target machine trusts you. In general, the file should look like this:
shift10.cern.ch vaneldik shift10 vaneldik shift27.cern.ch vaneldik shift27 vaneldik hpamin.cern.ch vaneldik hpamin vaneldik hpplus01.cern.ch vaneldik hpplus01 vaneldik hpplus02.cern.ch vaneldik hpplus02 vaneldik freya.nikhef.nl i41 freya i41 einar.nikhef.nl i41 einar i41
This implies long, long lists of machine/username combinations, especially with all the clusters and nodes at CERN. Fortunately, as your $HOME directory is AFS protected, this file can look much simpler. If $HOME/.rhosts consists of "+ your_login_name", it means that all users with the same login name as yours can "rlogin" etc. to your account. This sounds very dangerous, but on AFS it is safe: your $HOME directory is AFS protected, so NOONE can read that file, except people that have your AFS token, and that is normally ONLY YOU! But make sure your $HOME directory is well protected!
For more information: man rhosts.
This file is read by the FTP File Transfer Protocol program. If it looks like this:
machine hpplus.cern.ch login vaneldik password ajax1mil0 machine dxplus.cern.ch login vaneldik password ajax1mil0 machine cernsp.cern.ch login vaneldik password ajax1mil0 machine freya.nikhef.nl login i41 password aja4bochum2
you only need to ftp hpplus.cern.ch to establish a connection, you will not be prompted for username/password. Very handy in batch jobs!
Make sure to chmod go= $HOME/.netrc, or FTP might complain!
For more information: man ftp and man netrc.
There is another way of securing these files. Instead of keeping them in your $HOME directory, you can store them in your (AFS secure) $HOME/private directory, and create a link to those files:
ln -s $HOME/private/.rhosts $HOME/.rhosts ln -s $HOME/private/.netrc $HOME/.netrc
Questions and comments:
Jan van Eldik, Feb 5,1998