LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-06-2014, 10:41 AM   #1
AndyProk
LQ Newbie
 
Registered: Jun 2011
Distribution: Ubuntu 10.04
Posts: 7

Rep: Reputation: Disabled
How is /etc/hosts read?


Hello everyone

How does Linux read /etc/hosts?
Does each program (like firefox, wget or curl) access it individually, is there a library they all share that accesses it or is it read by Linux itself and stored in RAM?
If it's via library or read from RAM that is updated by the OS, what library or part of the OS is responsible for reading /etc/hosts?

Basically I'm trying to find a way to force myself to not visit certain sites anymore. Being the root of my machine, most solutions are extremely easily circumvented. One solution that came to mind was to fiddle with (recompile) whatever reads /etc/hosts so it would add some 0.0.0.0 hosts irrespective of whether they're actually in /etc/hosts or not. I know I could then circumvent this by using proxies, but those are usually slow or store data you don't want them to store or both, so I'd be recruiting my impatience, so to speak.
 
Old 11-06-2014, 10:52 AM   #2
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Yes - it is THE library that they share: libc, aka glibc.

http://www.gnu.org/software/libc/man...ost-Names.html

Quote:
16.6.2.4 Host Names

Besides the standard numbers-and-dots notation for Internet addresses, you can also refer to a host by a symbolic name. The advantage of a symbolic name is that it is usually easier to remember. For example, the machine with Internet address ‘158.121.106.19’ is also known as ‘alpha.gnu.org’; and other machines in the ‘gnu.org’ domain can refer to it simply as ‘alpha’.

Internally, the system uses a database to keep track of the mapping between host names and host numbers. This database is usually either the file /etc/hosts or an equivalent provided by a name server. The functions and other symbols for accessing this database are declared in netdb.h. They are BSD features, defined unconditionally if you include netdb.h.

Last edited by szboardstretcher; 11-06-2014 at 10:53 AM.
 
1 members found this post helpful.
Old 11-06-2014, 01:19 PM   #3
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by AndyProk View Post
Basically I'm trying to find a way to force myself to not visit certain sites anymore.
you're on the right track there.
hosts is just a text file, you can simply add entries to it.
you can block google.com by redirecting it to 0.0.0.0.
there's scripts to use hosts as an ad/malware site blocker, search, you will find.
 
Old 11-06-2014, 03:47 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
I'm still a fan of a good hosts file. Be sure to know that Ipv4 and Ipv6 may have to be looked at. Hosts files can help lower internet usage, reduce bad site access. There are many things to use for data protection.

There is actually some rules somewhere that tell what order to look up names. Most default OS's are set to host file first. Some dns services may alter that and setting priority higher on one or other will change it's lookup.

A proxy.pac generally bypasses hosts. You then have to create a pac file with same as hosts to block those sites.

Might also look to router for help in blocking sites too.
 
Old 11-06-2014, 09:20 PM   #5
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,400
Blog Entries: 28

Rep: Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166
The Arch wiki has a good article about hosts.

I generally redirect stuff to localhost (127.0.0.1) if I want not to go there; it's my preferred technique for controlling ad sites, as it's independent of any one browser.
 
Old 11-07-2014, 04:16 PM   #6
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
I used to use localhost 127.0.0.1 for a long time. Many of the other forums seem to be moving to 0.0.0.0 for some reason.
 
Old 11-07-2014, 08:10 PM   #7
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,400
Blog Entries: 28

Rep: Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166Reputation: 6166
Quote:
I used to use localhost 127.0.0.1 for a long time. Many of the other forums seem to be moving to 0.0.0.0 for some reason.
I found a link! (I was mildly taken aback that a search string of "0.0.0.0 127.0.0.1" would parse, but it did.)

There is a significant difference between 0.0.0.0 and 127.0.0.1. The former is not a valid IP address and the latter is. As far as I can see, for the purpose of blocking popups and ads etc., it doesn't make a bit of practical difference.

http://serverfault.com/questions/780...-and-127-0-0-1
 
Old 11-08-2014, 08:09 PM   #8
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
I had wondered if since 0.0.0.0 was faulty then a malware couldn't even bypass it by making a localhost web server.
 
Old 11-12-2014, 01:55 AM   #9
AndyProk
LQ Newbie
 
Registered: Jun 2011
Distribution: Ubuntu 10.04
Posts: 7

Original Poster
Rep: Reputation: Disabled
Thanks for your answers guys, but I get the feeling none of you have read/understood much beyond the title of this thread. (except szboardstretcher)
I know how the hosts file is structured and that I can use 0.0.0.0 and 127.0.0.1 as target IPs for adresses to be blocked.

What I'm wondering is not how to modify the hosts file (it's pretty easy afterall), but how the programs accessing it read it. But dang, glibc? That's a scarily basic library, I'd hoped it would be in a separate one.

I guess I might have to go a different route, like overwriting the hosts file with a backup every few minutes or something like that. A bit more easily circumventable (unless I pack the contents of the backup into compiled C; but even then I could just remove the script from crontab/kill it), but modifying glibc is rather scary. On the other hand, it's way easier to add adresses I want to avoid to a backup file and mave multiple backup hosts files to switch inbetween (say the one overwriting hosts during worktime has youtube blocked and the one during freetime hasn't)

Last edited by AndyProk; 11-12-2014 at 02:07 AM. Reason: alternative way
 
Old 11-12-2014, 03:59 PM   #10
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,020

Rep: Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630Reputation: 3630
What exactly are you asking then?

A web browser tends to only read that file once. If you change hosts file while browser is open the look up will still be as in original hosts.

Last edited by jefro; 11-12-2014 at 04:01 PM.
 
Old 11-12-2014, 04:13 PM   #11
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,278

Rep: Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694Reputation: 1694
Quote:
Originally Posted by AndyProk View Post
Thanks for your answers guys, but I get the feeling none of you have read/understood much beyond the title of this thread. (except szboardstretcher)
I know how the hosts file is structured and that I can use 0.0.0.0 and 127.0.0.1 as target IPs for adresses to be blocked.

What I'm wondering is not how to modify the hosts file (it's pretty easy afterall), but how the programs accessing it read it. But dang, glibc? That's a scarily basic library, I'd hoped it would be in a separate one.
Specifically this function:

http://linux.die.net/man/3/gethostbyname

Quote:
I guess I might have to go a different route, like overwriting the hosts file with a backup every few minutes or something like that. A bit more easily circumventable (unless I pack the contents of the backup into compiled C; but even then I could just remove the script from crontab/kill it), but modifying glibc is rather scary. On the other hand, it's way easier to add adresses I want to avoid to a backup file and mave multiple backup hosts files to switch inbetween (say the one overwriting hosts during worktime has youtube blocked and the one during freetime hasn't)
If you explain well enough exactly where you are at in your project, and where you hope to reach, I'm sure the community will be able to shed some light on the process. But try to avoid the XY problem, by starting from the beginning and sharing what you've done and where you want to go.
 
Old 11-13-2014, 03:10 AM   #12
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by AndyProk
Basically I'm trying to find a way to force myself to not visit certain sites anymore. Being the root of my machine, most solutions are extremely easily circumvented. One solution that came to mind was to fiddle with (recompile) whatever reads /etc/hosts so it would add some 0.0.0.0 hosts irrespective of whether they're actually in /etc/hosts or not...
i don't understand this.
is your need to visit certain sites (?) so strong that you would even edit /etc/hosts for that?
if it is, i doubt recompiling glibc will cure you.
and even if you succeed with that, you're facing the same problem again at the next glibc update.
Quote:
Originally Posted by AndyProk
I guess I might have to go a different route, like overwriting the hosts file with a backup every few minutes or something like that. A bit more easily circumventable (unless I pack the contents of the backup into compiled C; but even then I could just remove the script from crontab/kill it), but modifying glibc is rather scary. On the other hand, it's way easier to add adresses I want to avoid to a backup file and mave multiple backup hosts files to switch inbetween (say the one overwriting hosts during worktime has youtube blocked and the one during freetime hasn't)
this partly contradicts your previous words; now you want different levels of blocking on different occasion, afaiu?
anyhow, if you can't keep yourself from circumventing your restrictions, then no coding that you yourself wrote can help.

this is weird.
the more i think about it, the less i think this is a computer/linux/coding problem at all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] How to re-read /etc/hosts and /etc/sysconfig/network? szboardstretcher Linux - Newbie 4 01-15-2014 01:12 AM
How read only users from Nagios can see only their hostgroup along with their hosts mrwlad Linux - Server 6 10-02-2012 09:16 AM
[SOLVED] postfix fails to read /etc/hosts with selinux set to enforcing tkhater Linux - Server 1 07-17-2012 10:38 PM
hosts file not being read targettl Linux - Software 7 12-10-2009 03:57 AM
cupsd does not read hosts.allow/deny properly jarome Linux - Software 2 01-03-2007 02:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration