The use of "dot files" on the PLUS clusters

In your AFS home directory you can create some files to make (parts of) your life easier. These files, affectionately known as "dot files", help in the authentication for different commands, that normally would need you to specify a username/password combination. The two "dot files" described on this page have a few common features: they should reside in your $HOME directory /afs/, and should not be readable by anyone but you (and your programs). Although they are AFS protected as well, please add the standard UNIX protection as well:

chmod go= $HOME/.rhosts or chmod 600 $HOME/.rhosts

Here are the two dotfiles:


This file is used by many "remote" commands, like rsh, rlogin, rfcp and rcp. If you try to establish a connection with one of these commands, the $HOME/.rhosts decides whether you get it or not. If the machine/username combination of the machine from which you run your "remote" command is in this file, the target machine trusts you. In general, the file should look like this:  vaneldik
shift10          vaneldik  vaneldik
shift27          vaneldik   vaneldik
hpamin           vaneldik vaneldik
hpplus01         vaneldik vaneldik
hpplus02         vaneldik  i41
freya            i41  i41
einar            i41

This implies long, long lists of machine/username combinations, especially with all the clusters and nodes at CERN. Fortunately, as your $HOME directory is AFS protected, this file can look much simpler. If $HOME/.rhosts consists of "+ your_login_name", it means that all users with the same login name as yours can "rlogin" etc. to your account. This sounds very dangerous, but on AFS it is safe: your $HOME directory is AFS protected, so NOONE can read that file, except people that have your AFS token, and that is normally ONLY YOU! But make sure your $HOME directory is well protected!

For more information: man rhosts.


This file is read by the FTP File Transfer Protocol program. If it looks like this:

machine  login vaneldik password ajax1mil0  
machine  login vaneldik password ajax1mil0  
machine  login vaneldik password ajax1mil0  
machine login i41      password aja4bochum2

you only need to ftp to establish a connection, you will not be prompted for username/password. Very handy in batch jobs!

Make sure to chmod go= $HOME/.netrc, or FTP might complain!

For more information: man ftp and man netrc.

There is another way of securing these files. Instead of keeping them in your $HOME directory, you can store them in your (AFS secure) $HOME/private directory, and create a link to those files:

ln -s $HOME/private/.rhosts $HOME/.rhosts
ln -s $HOME/private/.netrc  $HOME/.netrc

Questions and comments:

Jan van Eldik, Feb 5,1998