Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ permiss(F) — OpenDesktop 1.1.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

uucico(ADM)

uucp(C)

uux(C)

uuxqt(C)

PERMISSIONS(F)


     PERMISSIONS(F)                       UNIX System V



     Name
          permissions - format of UUCP Permissions file


     Description
          The Permissions file  (/usr/lib/uucp/Permissions)  specifies
          the  permissions for remote computers concerning login, file
          access, and command execution.  In the Permissions file, you
          can  specify the commands that a remote computer can execute
          and restrict its ability to request or receive files  queued
          by the local site.

          Each entry is a logical line with physical lines  terminated
          by  a  \  to  indicate continuation.  Entries are made up of
          options delimited by white space.  Each option  is  a  name-
          value pair in the following format:
          name=value
          Note that  no  white  space  is  allowed  within  an  option
          assignment.

          Comment lines begin with a pound sign (#)  and  they  occupy
          the  entire line up to a newline character.  Blank lines are
          ignored (even within multi-line entries).

          There are two types of Permissions file entries:

               LOGNAME    specifies the permissions that  take  effect
                          when a remote computer calls your computer.

               MACHINE    specifies permissions that take effect  when
                          your computer calls a remote computer.


     Options
          This section describes each option, specifies how  they  are
          used, and lists their default values.

               REQUEST=yes/no
                    Specifies whether the remote computer can  request
                    to set up file transfers from your computer.  When
                    a remote computer calls your computer and requests
                    to  receive a file, this request can be granted or
                    denied.  no value is the default value.   It  will
                    be  used  if  the REQUEST option is not specified.
                    The REQUEST option can appear in either a  LOGNAME
                    (remote  calls  you)  entry or a MACHINE (you call
                    remote) entry.

               SENDFILES=yes/call
                    Specifies whether your computer can send the  work
                    queued  for  the  remote  computer.  When a remote
                    computer calls your  computer  and  completes  its
                    work,  it  may  attempt to take work your computer
                    has queued for it.  The call value is the  default
                    for  the  SENDFILE  option.   This  option is only
                    significant  in  LOGNAME  entries  since   MACHINE
                    entries  apply  when  calls are made out to remote
                    computers.  If this option is used with a  MACHINE
                    entry, it will be ignored.

               READ and WRITE
                    Specify the various parts of the file system  that
                    uucico  can  read  from or write to.  The READ and
                    WRITE options can be used with either  MACHINE  or
                    LOGNAME entries.

                    The default for both the READ and WRITE options is
                    the uucppublic directory as shown in the following
                    example:
                    READ=/usr/spool/uucppublic
                    WRITE=/usr/spool/uucppublic
                    Supplying ``/'' as a pathname gives permission  to
                    access   any  file  that  can  be  read  by  UUCP.
                    Multiple entries must be  separated  by  a  colon.
                    The  READ  option is for requesting files, and the
                    WRITE option for depositing  files.   One  of  the
                    values must be the prefix of any full path name of
                    a file coming in or going out.

          Note that the READ and  WRITE  options  do  not  effect  the
          actual  permissions  of  a file or directory.  You should be
          careful what directories you make accessible for reading and
          writing by remote systems.

     NOREAD and NOWRITE
          Specify  exceptions  to  the  READ  and  WRITE  options   or
          defaults.   NOWRITE  works  in the same manner as the NOREAD
          option.  The NOREAD and NOWRITE can be used in both  LOGNAME
          and MACHINE entries.

     CALLBACK
          Specifies in LOGNAME entries that no transaction  will  take
          place  until  the  calling system is called back.  There are
          two examples  of  when  you  would  use  CALLBACK.   From  a
          security  standpoint,  if you call back a machine you can be
          sure it is the machine it says it is.  If you are doing long
          data  transmissions, you can choose the machine that will be
          billed for the longer call.  The  default  for  the  COMMAND
          option  is  no.  The CALLBACK option is rarely used.  If two
          sites have this option set for each  other,  a  conversation
          will never get started.

     COMMANDS
          Specifies the commands in  MACHINE  entries  that  a  remote
          computer  can  execute  on  your computer.  This affects the
          security of your system; use it with extreme care.

          The uux program will generate remote execution requests  and
          queue  them to be transferred to the remote computer.  Files
          and a command are sent to the  target  computer  for  remote
          execution.   Note  that  COMMANDS  is  not used in a LOGNAME
          entry;  COMMANDS   in   MACHINE   entries   define   command
          permissions  whether  you call the remote system or it calls
          you.

          The default command that a remote computer  can  execute  on
          your  computer  is  rmail.  If a command string is used in a
          MACHINE entry, the default commands  are  overridden.   Full
          pathnames  can also be used.  Including the ALL value in the
          list  means  that  any  command  from  the  remote  computer
          specified  in  the  entry will be executed.  If you use this
          value, you give the remote  computer  full  access  to  your
          computer.   So, be careful; this allows far more access than
          normal users have.  The VALIDATE option should be used  with
          the  COMMANDS option whenever potentially dangerous commands
          like cat and uucp are specified with  the  COMMANDS  option.
          Any  command  that  reads  or  writes  files  is potentially
          dangerous to local security when executed by the UUCP remote
          execution daemon (uuxqt).

     VALIDATE
          Used in conjunction with the COMMANDS option when specifying
          commands  that  are potentially dangerous to your computer's
          security.  It provides a certain degree of  verification  of
          the  caller's  identity.   The  use  of  the VALIDATE option
          requires   that   privileged   computers   have   a   unique
          login/password  for  UUCP transactions.  An important aspect
          of this validation is  that  the  login/password  associated
          with  this  entry  be  protected.   If an outsider gets that
          information, that particular VALIDATE option can  no  longer
          be considered secure.  (VALIDATE is merely an added level of
          security to the COMMANDS option, though it is a more  secure
          way to open command access than ALL.)

        Entries for OTHER Systems
          You may want to specify different option values for machines
          or  logins  that  are  not  mentioned in specific MACHINE or
          LOGNAME  entries.   This  may  occur  when  there  are  many
          computers  calling in that have the same set of permissions.
          The special name OTHER for the computer name can be used  in
          a MACHINE or LOGNAME entry as follows:
          MACHINE=OTHER \
          COMMANDS=rmail:/usr/local/bin/lc

          LOGNAME=OTHER \
          REQUEST=yes SENDFILES=yes \
          READ=/usr/spool/uucppublic \
          WRITE=/usr/spool/uucppublic
          All options that can be set for specific machines or  logins
          can  be  used  with the OTHER value, although the use of the
          VALIDATE option makes little sense.


     Example
          This entry is for public login.   It  provides  the  default
          permissions.   Note that use of this type of anonymous login
          is not encouraged.
          LOGNAME=nuucp \
          MACHINE=OTHER \
          READ=/usr/spool/uucppublic \
          WRITE=/usr/spool/uucppublic \
          SENDFILES=call REQUEST=no \
          COMMANDS=/bin/rmail


     See Also
          uucico(ADM), uucp(C), uux(C), uuxqt(C)


     (printed 2/15/90)                             PERMISSIONS(F)






























































































































































































































































































































































































































Typewritten Software • bear@typewritten.org • Edmonds, WA 98026