What

HOSTALIASES

What:

  • HOSTALIASES is an environment variable that Linux's glibc uses as an optional name resolution tweak.

Why:

  • To make referencing systems easier.

When & Where:

  • Any time glibc resolves a hostname to an IP address.
  • Any command that runs as your user ID.
  • Commands that run as a different user ID may not work by default.

How:

  • Set the HOSTALIASES environment variable to the path to a file.
  • Add entries to the file that the HOSTALIASES environment file points to.

Who:

  • Anyone who can benefit from the flexibility that HOSTALIASES provides.
    • Read: You!
  • No special system permission needed.

How

How does HOSTALIASES work?

HOSTALIASES works by setting an environment variable to point to a file that you manage.

HOSTALIASES="/home/gtaylor/.hostaliases"

I'd suggest setting the HOSTALIASES variable in your normal shell profile configuration file(s).

$ export HOSTALIASES="/home/gtaylor/.hostaliases"

Then add entries in a very simple format to the file.

<alias1>   <FQDN1>
<alias2>   <FQDN2>
<alias3>   <FQDN2>

Notice how aliases #2 and #3 go to the same FQDN.

Don't use the angle brackets as they are just place holders.

Here's an example for SLUUG:

bock     bock.sluug.org
bock2    bock2.sluug.org
sluug    www.sluug.org
wiki     wiki.sluug.org
google   www.google.com
yahoo    www.yahoo.com

${PROFIT}

${PROFIT}

$ ssh bock
$ ssh bock2
$ telnet bock 25
$ openssl s_client -connect wiki:443 < /dev/null 2>/dev/null | openssl x509 -noout -subject -dates

ping

But what about ping?

$ ping -c4 sluug
ping: google: No address associated with hostname

The ping command is sort of funny in that it doesn't run as your user ID.

Remember that I said that "Commands that run as a different user ID may not work by default."

The ping command is usually Set User ID (SUID) to root. So when you run ping, it's really running with root privileges.

The system will remove the HOSTALIASES environment variable as part of crossing the user boundary as a security measure. So ultimately when ping runs as the root user, it doesn't have the HOSTALIASES environment variable set. :-/

I did say "... by default." There are ways to get ping to work with HOSTALIASES.

  • Create an unprivileged copy of the ping command.

  • Run ping differently so that it doesn't cross the user boundary. Point the dynamic linker directly at the ping binary!

    $ /lib64/ld-linux-x86-64.so.2 /bin/ping

    That's annoying to type. Let's create an alias.

    $ alias ping="/lib64/ld-linux-x86-64.so.2 /bin/ping"

PING

But what about ping???

$ ping -c4 sluug
/bin/ping: socket Operation not permitted

By default, the contemporary Linux kernel doesn't allow non-root users to send ICMP packets like ping does.

So we tweak a setting to allow users to send ICMP packets.

# echo "0 100000" > /proc/sys/net/ipv4/ping_group_range

Yes, changing this setting does need additional privileges.

No, you won't need additional privileges in the future.

ProTip: Add the net.ipv4.ping_group_range="0 100000" setting to your system's sysctl file.

# echo "net.ipv4.ping_group_range=0 60000" > /etc/sysctl.d/net.ipv4.ping_group_range

You only need to do this for ping.

If you don't use ping frequently, you don't need to do this.

${PROFIT2}

${PROFIT2}

$ ping -c4 sluug
PING www.sluug.org (206.197.251.210) 56(84) bytes of data.
64 bytes from bock.sluug.org (206.197.251.210): icmp_seq=1 ttl=55 time=4.68 ms
64 bytes from bock.sluug.org (206.197.251.210): icmp_seq=2 ttl=55 time=4.11 ms
64 bytes from bock.sluug.org (206.197.251.210): icmp_seq=3 ttl=55 time=4.70 ms
64 bytes from bock.sluug.org (206.197.251.210): icmp_seq=4 ttl=55 time=4.26 ms

					
--- www.sluug.org ping statistics ---

					
4 packets transmitted, 4 received, 0% packet loss, time 3004ms

					
rtt min/avg/max/mdev = 4.114/4.438/4.695/0.255 ms

				

			

			

				
Web?

				

					
What about the World Wide Wait^W Web?

					
Command line utilities are nice and all, but what about the World Wide Wait^W Web?

					
I'm happy to say that both Firefox and Chromium on my Linux system utilized HOSTALIASES without any problems.

				

			

			

				
Summary

				

					
Summary

					
I've been playing with HOSTALIASES on and off for about 45 days and am liking it more and more.

					
I'm finding a new way to use HOSTALIASES on a weekly basis.

					
Do you have a production DB server that has an annoying host name?  Use HOSTALIASES.

					
I find that HOSTALIASES does for most commands what OpenSSH's config file's (nick)names does for ssh.

					
Other than ping, you can do all of this without any special privileges.