Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ USERFILE(8) — BSD/386 1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

uucp(1)

uux(1)

L.cmds(5)

L.sys(5)

uucico(8)

uuxqt(8)



USERFILE(8)                                           USERFILE(8)


NAME
       USERFILE - UUCP pathname permissions file

DESCRIPTION
       The  USERFILE  file  specifies  the  file system directory
       trees that are accessible to local  users  and  to  remote
       systems via UUCP.

       Each line in USERFILE is of the form:

       [loginname],[system] [ c ] pathname [pathname] [pathname]

       The  first  two items are separated by a comma; any number
       of spaces or tabs may separate the remaining items.  Lines
       beginning  with  a `#' character are comments.  A trailing
       `\' indicates that the next line is a continuation of  the
       current line.

       Loginname  is  a  login  (from  /etc/passwd)  on the local
       machine.

       System is the name of a remote machine, the same name used
       in L.sys(5).

       c  denotes  the  optional  callback field.  If a c appears
       here, a remote machine that calls in  will  be  told  that
       callback  is  requested,  and  the  conversation  will  be
       terminated.  The local system will then  immediately  call
       the remote host back.

       Pathname is a pathname prefix that is permissible for this
       login and/or system.

       When uucico(8) runs in master role or  uucp(1)  or  uux(1)
       are  run by local users, the permitted pathnames are those
       on the first line with a loginname that matches  the  name
       of  the  user  who  executed the command.  If no such line
       exists,  then  the  first  line  with  a  null   (missing)
       loginname  field is used.  (Beware: uucico is often run by
       the superuser or the UUCP administrator through  cron(8).)

       When  uucico  runs  in slave role, the permitted pathnames
       are those on the first  line  with  a  system  field  that
       matches  the  hostname  of the remote machine.  If no such
       line exists, then the first line  with  a  null  (missing)
       system field is used.

       Uuxqt(8)  works differently; it knows neither a login name
       nor a hostname.  It accepts the  pathnames  on  the  first
       line that has a null system field.  (This is the same line
       that is used by uucico when it  cannot  match  the  remote
       machine's hostname.)

       A line with both loginname and system null, for example



UUCP                                                            1




USERFILE(8)                                           USERFILE(8)


              , /usr/spool/uucppublic

       can be used to conveniently specify the paths for both "no
       match" cases if lines earlier in USERFILE did  not  define
       them.   (This  differs  from  older  Berkeley  and all USG
       versions, where each case must be individually  specified.
       If  neither  case  is  defined earlier, a "null" line only
       defines the "unknown login" case.)

       To correctly process  loginname  on  systems  that  assign
       several  logins per UID, the following strategy is used to
       determine the current loginname:

       1)     If the process is attached to a terminal,  a  login
              entry exists in /etc/utmp, and the UID for the utmp
              name matches the current real UID,  then  loginname
              is set to the utmp name.

       2)     If the USER environment variable is defined and the
              UID for this name matches  the  current  real  UID,
              then loginname is set to the name in USER.

       3)     If  both  of  the  above  fail, call getpwuid(3) to
              fetch the first name in  /etc/passwd  that  matches
              the real UID.

       4)     If all of the above fail, the utility aborts.

FILES
       /usr/lib/uucp/USERFILE

SEE ALSO
       uucp(1), uux(1), L.cmds(5), L.sys(5), uucico(8), uuxqt(8)

NOTES
       The  UUCP  utilities (uucico, uucp, uux, and uuxqt) always
       have access to the UUCP spool  files  in  /usr/spool/uucp,
       regardless of pathnames in USERFILE.

       If  uucp is listed in L.cmds(5), then a remote system will
       execute  uucp  on  the  local  system  with  the  USERFILE
       privileges for its login, not its hostname.

       Uucico  freely  switches  between  master  and slave roles
       during the course of a  conversation,  regardless  of  the
       role  it  was  started with.  This affects how USERFILE is
       interpreted.

WARNING
       USERFILE restricts access only on strings  that  the  UUCP
       utilities identify as being pathnames.  If the wrong holes
       are left in other UUCP control files (notably L.cmds),  it
       can  be easy for an intruder to open files anywhere in the
       file system.  Arguments to  uucp(1)  are  safe,  since  it



UUCP                                                            2




USERFILE(8)                                           USERFILE(8)


       assumes all of its non-option arguments are files.  Uux(1)
       cannot make such assumptions; hence, it is more dangerous.

BUGS
       The  Installation  and Operation of UUCP explicitly states
       that all remote login names must be  listed  in  USERFILE.
       This   requirement  is  not  enforced  by  Berkeley  UUCP,
       although it is by USG UUCP.

       Early versions of 4.2BSD uuxqt(8) erroneously  check  UUCP
       spool  files  against  the  USERFILE pathname permissions.
       Hence,  on  these  systems  it  is  necessary  to  specify
       /usr/spool/uucp  as a valid path on the USERFILE line used
       by uuxqt.  Otherwise, all  uux(1)  requests  are  rejected
       with a "PERMISSION DENIED" message.










































UUCP                                                            3


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026