The use of "dot files" on the PLUS clusters


In your AFS home directory you can create some files to make (parts of) your life easier. These files, affectionately known as "dot files", help in the authentication for different commands, that normally would need you to specify a username/password combination. The two "dot files" described on this page have a few common features: they should reside in your $HOME directory /afs/cern.ch/user/u/username, and should not be readable by anyone but you (and your programs). Although they are AFS protected as well, please add the standard UNIX protection as well:

chmod go= $HOME/.rhosts or chmod 600 $HOME/.rhosts

Here are the two dotfiles:


$HOME/.rhosts

This file is used by many "remote" commands, like rsh, rlogin, rfcp and rcp. If you try to establish a connection with one of these commands, the $HOME/.rhosts decides whether you get it or not. If the machine/username combination of the machine from which you run your "remote" command is in this file, the target machine trusts you. In general, the file should look like this:

shift10.cern.ch  vaneldik
shift10          vaneldik
shift27.cern.ch  vaneldik
shift27          vaneldik
hpamin.cern.ch   vaneldik
hpamin           vaneldik
hpplus01.cern.ch vaneldik
hpplus01         vaneldik
hpplus02.cern.ch vaneldik
hpplus02         vaneldik
freya.nikhef.nl  i41
freya            i41
einar.nikhef.nl  i41
einar            i41

This implies long, long lists of machine/username combinations, especially with all the clusters and nodes at CERN. Fortunately, as your $HOME directory is AFS protected, this file can look much simpler. If $HOME/.rhosts consists of "+ your_login_name", it means that all users with the same login name as yours can "rlogin" etc. to your account. This sounds very dangerous, but on AFS it is safe: your $HOME directory is AFS protected, so NOONE can read that file, except people that have your AFS token, and that is normally ONLY YOU! But make sure your $HOME directory is well protected!

For more information: man rhosts.


$HOME/.netrc

This file is read by the FTP File Transfer Protocol program. If it looks like this:

machine hpplus.cern.ch  login vaneldik password ajax1mil0  
machine dxplus.cern.ch  login vaneldik password ajax1mil0  
machine cernsp.cern.ch  login vaneldik password ajax1mil0  
machine freya.nikhef.nl login i41      password aja4bochum2

you only need to ftp hpplus.cern.ch to establish a connection, you will not be prompted for username/password. Very handy in batch jobs!

Make sure to chmod go= $HOME/.netrc, or FTP might complain!

For more information: man ftp and man netrc.


There is another way of securing these files. Instead of keeping them in your $HOME directory, you can store them in your (AFS secure) $HOME/private directory, and create a link to those files:

ln -s $HOME/private/.rhosts $HOME/.rhosts
ln -s $HOME/private/.netrc  $HOME/.netrc


Questions and comments:

delphi-core@cern.ch

Jan van Eldik, Feb 5,1998