Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ permiss(F) — OpenDesktop 3.0.0

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

uucico(ADM)

uucp(C)

uux(C)


 permissions(F)                06 January 1993                 permissions(F)


 Name

    permissions - format of UUCP Permissions file

 Description

    The Permissions file (/usr/lib/uucp/Permissions) specifies the permis-
    sions for remote computers concerning login, file access, and command
    execution.  In the Permissions file, you can specify the commands that a
    remote computer can execute and restrict its ability to request or
    receive files queued by the local site.

    Each entry is a logical line with physical lines terminated by a \ to
    indicate continuation.  Entries are made up of options delimited by white
    space.  Each option is a name-value pair in the following format:

       name=value

    Note that no white space is allowed within an option assignment.

    Comment lines begin with a hash sign (#) and they occupy the entire line
    up to a newline character.  Blank lines are ignored (even within multi-
    line entries).

    There are two types of Permissions file entries:

       LOGNAME     specifies the permissions that take effect when a remote
                   computer calls your computer.

       MACHINE     specifies permissions that take effect when your computer
                   calls a remote computer.

 Options

    This section describes each option, specifies how they are used, and
    lists their default values.

    REQUEST=yes|no
          Specifies whether the remote computer can request to set up file
          transfers from your computer.  When a remote computer calls your
          computer and requests to receive a file, this request can be
          granted or denied.  no value is the default value.  It will be used
          if the REQUEST option is not specified.  The REQUEST option can
          appear in either a LOGNAME (remote calls you) entry or a MACHINE
          (you call remote) entry.

    SENDFILES=yes|call
          Specifies whether your computer can send the work queued for the
          remote computer.  When a remote computer calls your computer and
          completes its work, it may attempt to take work your computer has
          queued for it.  The call value is the default for the SENDFILE
          option.  This option is only significant in LOGNAME entries since
          MACHINE entries apply when calls are made out to remote computers.
          If this option is used with a MACHINE entry, it will be ignored.

    READ and WRITE
          Specify the various parts of the file system that uucico can read
          from or write to.  The READ and WRITE options can be used with
          either MACHINE or LOGNAME entries.

          The default for both the READ and WRITE options is the uucppublic
          directory as shown in the following example:

             READ=/usr/spool/uucppublic
             WRITE=/usr/spool/uucppublic

          Supplying  ``/'' as a pathname gives permission to access any file
          that can be read by UUCP.  Multiple entries must be separated by a
          colon.  The READ option is for requesting files, and the WRITE
          option for depositing files.  One of the values must be the prefix
          of any full path name of a file coming in or going out.

          Note that the READ and WRITE options do not affect the actual per-
          missions of a file or directory.  You should be careful what direc-
          tories you make accessible for reading and writing by remote sys-
          tems.

    NOREAD and NOWRITE
          Specify exceptions to the READ and WRITE options or defaults.
          NOWRITE works in the same manner as the NOREAD option.  NOREAD and
          NOWRITE can be used in both LOGNAME and MACHINE entries.

    CALLBACK
          Specifies in LOGNAME entries that no transaction will take place
          until the calling system is called back.  There are two examples of
          when you would use CALLBACK.  From a security standpoint, if you
          call back a machine you can be sure it is the machine it says it
          is.  If you are doing long data transmissions, you can choose the
          machine that will be billed for the longer call.  The default for
          the COMMAND option is no.  The CALLBACK option is rarely used.  If
          two sites have this option set for each other, a conversation will
          never get started.

    COMMANDS
          Specifies the commands in MACHINE entries that a remote computer
          can execute on your computer.  This affects the security of your
          system; use it with extreme care.

          The uux program will generate remote execution requests and queue
          them to be transferred to the remote computer.  Files and a command
          are sent to the target computer for remote execution.  Note that
          COMMANDS is not used in a LOGNAME entry; COMMANDS in MACHINE
          entries define command permissions whether you call the remote sys-
          tem or it calls you.

          The default command that a remote computer can execute on your com-
          puter is rmail.  If a command string is used in a MACHINE entry,
          the default commands are overridden.  Full pathnames can also be
          used.  Including the ALL value in the list means that any command
          from the remote computer specified in the entry will be executed.
          If you use this value, you give the remote computer full access to
          your computer.  So, be careful; this allows far more access than
          normal users have.  The VALIDATE option should be used with the
          COMMANDS option whenever potentially dangerous commands like cat
          and uucp are specified with the COMMANDS option.

    VALIDATE
          Used in conjunction with the COMMANDS option when specifying com-
          mands that are potentially dangerous to your computer's security.
          It provides a certain degree of verification of the caller's iden-
          tity.  The use of the VALIDATE option requires that privileged com-
          puters have a unique login/password for UUCP transactions.  An
          important aspect of this validation is that the login/password
          associated with this entry be protected.  If an outsider gets that
          information, that particular VALIDATE option can no longer be con-
          sidered secure.  (VALIDATE is merely an added level of security to
          the COMMANDS option, though it is a more secure way to open command
          access than ALL.)

    Entries for OTHER systems

    You may want to specify different option values for machines or logins
    that are not mentioned in specific MACHINE or LOGNAME entries.  This may
    occur when there are many computers calling in that have the same set of
    permissions.  The special name OTHER for the computer name can be used in
    a MACHINE or LOGNAME entry as follows:

       MACHINE=OTHER \
       COMMANDS=rmail:/usr/local/bin/lc

       LOGNAME=OTHER \
       REQUEST=yes SENDFILES=yes \
       READ=/usr/spool/uucppublic \
       WRITE=/usr/spool/uucppublic

    All options that can be set for specific machines or logins can be used
    with the OTHER value, although the use of the VALIDATE option makes lit-
    tle sense.

 Example

    This entry is for public login.  It provides the default permissions.
    Note that use of this type of anonymous login is not encouraged.

       LOGNAME=nuucp \
       MACHINE=OTHER \
       READ=/usr/spool/uucppublic \
       WRITE=/usr/spool/uucppublic \
       SENDFILES=call REQUEST=no \
       COMMANDS=/bin/rmail

 See also

    uucico(ADM), uucp(C), uux(C)


Typewritten Software • bear@typewritten.org • Edmonds, WA 98026