Главная » Linux

Linux user host file

На чтение 13 мин Просмотров 1 Опубликовано
Содержание
  1. Can I create a user-specific hosts file to complement /etc/hosts?
  2. 8 Answers 8
  3. The /etc/hosts File Complete Guide for Linux
  4. What Is the /etc/hosts File and What is its Purpose?
  5. What will we Cover?
  6. Use Cases of the Hosts File
  7. Format of the /etc/hosts File
  8. Application of the Hosts File
  9. Access Control Files
  10. Security Issues of the Hosts File
  11. Conclusion
  12. About the author
  13. Ali Imran Nagori

Can I create a user-specific hosts file to complement /etc/hosts?

Is it possible to add a list of hosts that are only specific to a certain user? Perhaps a user-specific hosts file? This mechanism should also complement the entries in the /etc/hosts file.

well, you might instead run own nameservers, and have the user use different nameservers per user-specific resolv.conf — except creating user-specific resolv.conf appears to be exactly as difficult as making user-specific /etc/hosts.

8 Answers 8

The functionality you are looking for is implemented in glibc. You can define a custom hosts file by setting the HOSTALIASES environment variable. The names in this file will be picked up by gethostbyname (see documentation).

Example (tested on Ubuntu 13.10):

$ echo 'g www.google.com' >> ~/.hosts $ export HOSTALIASES=~/.hosts $ wget g -O /dev/null
  • HOSTALIASES only works for applications using getaddrinfo(3) or gethostbyname(3)
  • For setuid/setgid/setcap applications, libc sanitizes the environment, which means that the HOSTALIASES setting is lost. ping is setuid root or is given the net_raw capability upon execution (because it needs to listen for ICMP packets), so HOSTALIASES will not work with ping unless you’re already root before you call ping .

Late to the party, but this is the inverse of what is desired, isn’t it? I think OP is looking for a similar solution to adding host-resolving entries to /etc/hosts, but one that can be done in userland without escalated privileges. (i.e. 127.0.0.1 somedomain.com )

Beside the LD_PRELOAD tricks. A simple alternative that may work on a few systems would be to binary-edit a copy of the system library that handles hostname resolution to replace /etc/hosts with a path of your own.

If you’re not using nscd , copy libnss_files.so to some location of your own like:

mkdir -p -- ~/lib && cp /lib/x86_64-linux-gnu/libnss_files.so.2 ~/lib

(the shared library may be located elsewhere, e.g. /lib/libnss_files.so.2 )

Now, binary-edit the copy to replace /etc/hosts in there to something the same length like /tmp/hosts .

perl -pi -e 's:/etc/hosts:/tmp/hosts:g' ~/lib/libnss_files.so.2

Edit /tmp/hosts to add the entry you want. And use

export LD_LIBRARY_PATH=~/lib

for nss_files to look in /tmp/hosts instead of /etc/hosts .

Instead of /tmp/hosts , you could also make it /dev/fd//3 (here using two slashes so that the length of /dev/fd//3 is the same as that of /etc/hosts ), and do

For instance which would allow different commands to use different hosts files.

If nscd is installed and running, you can bypass it by doing the same trick, but this time for libc.so.6 and replace the path to the nscd socket (something like /var/run/nscd/socket ) with some nonexistent path.

@StéphaneChazelas Changing LD_LIBRARY_PATH to point to a directory owned by the user means any other process run by the user can use that directory to co-opt any new processes spawned by replacing libraries. And updates to libnss_files.so through the package manager (including security updates) won’t be reflected in the patched version. Modifying LD_LIBRARY_PATH is generally a bad thing to recommend for other reasons, but it’s also unwise because of those issues.

Читайте также:  Удаленный запуск компьютера linux

@ParthianShot, your point about missing updates is a fair point. However, for your other point, if a rogue software is running in your name, it having write access to an area in $LD_LIBRARY_PATH would be the least of your worries as it’s already got write access to a lot worse and more reliable areas like your .bash*, crontab, .forward, and all configuration files by all the software you use (where it can for instance set LD_ but would typically do a lot worse)

Private mountspaces created with the unshare command can be used to provide a private /etc/hosts file to a shell process and any subsequent child processes started from that shell.

# Start by creating your custom /etc/hosts file [user] cd ~ [user] cat >my_hosts

Wait. I thought mount just mounted filesystems onto directories (mount points). I didn't know that a file could be mounted onto another file. Does that really work? (I am asking that seriously. That isn't sarcasm.)

Just as a note to those curious: this is to do with namespaces; there are the syscalls unshare(2) and clone(2) that is part of the magic here. See also namespaces(7) and user_namespaces(7) .

While it can be really helpful, user namespaces are also a big security risks as numerous exploits in the last years have shown. This is not used above (ie you need sudo rights) but should be mentioned. Debian has disabled them on default. One other thing that should also be considered is that to use unshare you have to execute/fork another process. Thus it is not completely trivial to implant it in a shell script for automation. One way is to pass the whole code into sh -c as argument of unshare as explained here: piware.de/2012/12/…

I faced the same need, so I tried libnss-userhosts, but it fails at multithreaded applications. Therefore I have written libnss-homehosts. It's very new and tested only by me. You may give a chance for it! It supports some options in /etc/host.conf, multiple alias names, and reverse resolving (address to name).

This seems like a good idea to pitch to the libnss maintainers and/or to distribution maintainers. But before that happens, users without root themselves will not be able to use it. Still, +1

One solution is to have each user in a separate chroot , so they can each have a separate /etc/hosts to themselves.

Well. yeah, it's doable. Although chrooting is a pretty heavy-duty solution for this kind of thing. And brings with it its own set of issues.

Placing the following in ~/.bashrc is working for me in bash. It converts the hostname in the command into an address based on entries in ~/.hosts . If ~/.hosts doesn't exist or if the hostname can't be found in ~/.hosts , the command executes as normal. This should work with the original flags of the relevant functions and regarless of where the hostname is placed relative to the flags, e.g. ping -i 0.5 host1 -c 3 , works. The ~/.hosts file takes preference over any other location for finding hostnames, so if there are any dupicate hostnames, the address in ~/.hosts will be used.

$ cat ~/.bashrc function resolve < hostfile=~/.hosts if [[ -f "$hostfile" ]]; then for arg in $(seq 1 $#); do if [[ "$" != "-" ]]; then ip=$(sed -n -e "/^\s*\(\#.*\|\)$/d" -e "/\\>/" "$hostfile") if [[ -n "$ip" ]]; then command "$" "$" "$ip" "$" return fi fi done fi command "$" "$@" > function ping < resolve "$@" >function traceroute

An example of ~/.hosts is given below. It follows the same format as /etc/hosts . Comments and whitespace are handled correctly.

$ cat ~/.hosts # addresses and hostnames stackexchange.com se 192.168.0.1 host1 # this is host1's address login-node.inst.ac.uk login

Источник

The /etc/hosts File Complete Guide for Linux

What Is the /etc/hosts File and What is its Purpose?

The /etc/hosts or simply the Hosts file is a plain text file that maps IP addresses with their corresponding hostnames. Primarily, the Hosts file is useful when you are working on a local network of computers. It provides some simple sort of hostname resolution.

The /etc/hosts file is usually useful when we are not using DNS or NIS service for resolving IP addresses. In fact, when DNS did not exist, there were no centralized systems for resolving hostnames. Local networks and computers relied on their Hosts file. This file holds the entries for all the known hostnames and their corresponding IP addresses.

After DNS appeared on the scene, computers did not need this file and started using the DNS service for fetching hostnames. Despite these advances, the Hosts file is still relevant on modern operating systems.

What will we Cover?

In this guide, we will see what a Hosts file in Linux is, some use cases of this file, and an application of this file based on the use cases.

Use Cases of the Hosts File

We can assign a domain name to an IP address using the Hosts file. However, these changes are local and will work on the local computer.

The Hosts file is still relevant today, there are some specific use cases for the Hosts file as mentioned below:

  1. We have built a website, but it is not live on the web since we have not registered the domain name for it. However, if we have a registered IP address from our hosting, we can map this IP to a dummy or non-existing domain name and continue building our website. Similarly, in a software testing environment, many web applications run on the local hosts address i.e. addresses of the type 127.0.0.1. Again, we can manage this using the Hosts file.
  2. In case we have migrated our website from one hosting to another one and we want to check the new hosting performance, we can connect our domain to the new hosting without closing our old hosting account. In this way, we can see how our website is loading from the new hosting.
  3. Suppose you want to block a website, like blocking Facebook on an educational system. We can easily do this by mapping the target domain name to an invalid address IP like 0.0.0.0. This will create a loopback. This is usually helpful for blocking non-educational websites in universities or blocking mature content for kids.
  4. When edited in a proper manner, the Hosts file can operate as a security firewall for a system.

Format of the /etc/hosts File

The Hosts file is located inside the /etc folder. The entries of the file are per line basis. For instance, every single line consists of a hostname followed by its IP address:

The IP addresses used here are either IPv4 or IPv6. These addresses and hostnames maintain a distance of any number white space or a distance of a tab character.

On all operating systems, the Hosts file has the same format. Let us see the contents of the file on a Linux system:

# The following lines are desirable for IPv6 capable hosts
:: 1 ip6-localhost ip6-loopback
fe00:: 0 ip6-localnet
ff00:: 0 ip6-mcastprefix
ff02:: 1 ip6-allnodes
ff02:: 2 ip6-allrouters

The Hosts file contains the entries for both the IPv4 and IPv6 addresses.

Application of the Hosts File

As mentioned earlier, we can use the Hosts file for blocking a domain. Let us take the case of blocking Youtube. Open the file:

Use the tab character to insert space between the IP address and its corresponding domain name.

Now, save and close the file. Open any web browser and try to navigate to youtube and see what happens:

We can see youtube.com is blocked and we are getting an ‘Unable to connect’ message. To unblock the site, we have to simply remove the above entry from the /etc/hosts file.

Access Control Files

Besides the plain Hosts file, we also have a /etc/hosts.allow file and a /etc/hosts.deny file.

These files, referred to as hostess access files, are used by TCP wrappers. These files decide whether a client machine can connect to a host.

When a TCP wrapped service gets a client request, it performs the actions below:

  1. Refer to the hosts.allow file: it sequentially reads this file and executes the first rule stated for that service.
  2. Refer to the hosts.deny file: it sequentially reads this file and if a matching rule is found, it does not accept the connection request. Otherwise access is granted to the requesting service.

The hosts.allow file decides which IP addresses can connect to a host. The /etc/hosts.deny file is used in conjunction with it.

Security Issues of the Hosts File

Although the Hosts file looks like a simple file, in some cases, for example, on Windows systems, malware like adware or spyware modifies the Hosts file to take the users to malicious websites.

If you are unsure about the health of your Hosts file, you can use Lynis system auditor for Linux. Lynis has its built-in test build for checking the security strength of your Linux system.

Also, try to keep the Hosts file at a minimum length. If you have too many systems declared inside the Hosts file, you should consider placing them in a different DNS zone.

Conclusion

The Hosts file is an old file on Linux, but still, it is a powerful utility. Right from local name resolving, it is an important part of many software and their development process. In this article, we have seen a basic introduction to the Hosts file in Linux. We have also shown how to block a website using the Hosts file. Also, we can use it to block banners, adware, and other third party page counters.

After reading this article, you should now know how to use the Hosts file for managing DNS queries as per our requirements.

About the author

Ali Imran Nagori

Ali imran is a technical writer and Linux enthusiast who loves to write about Linux system administration and related technologies. You can connect with him on LinkedIn
.

Источник

Оцените статью
© 2023 Posetke
Adblock
detector