Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ permissions(F) — Xenix 2.3.4g

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

uucico(ADM)

uucp(C)

uux(C)

uuxqt(C)



     PERMISSIONS(F)           XENIX System V            PERMISSIONS(F)



     Name
          permissions - Format of UUCP Permissions file.

     Description
          The Permissions file (/usr/lib/uucp/Permissions) specifies
          the permissions for remote computers concerning login, file
          access, and command execution.  In the Permissions file, you
          can specify the commands that a remote computer can execute
          and restrict its ability to request or receive files queued
          by the local site.

          Each entry is a logical line with physical lines terminated
          by a \ to indicate continuation.  Entries are made up of
          options delimited by white space.  Each option is a name-
          value pair in the following format:

               name=value

          Note that no white space is allowed within an option
          assignment.

          Comment lines begin with a pound sign (#) and they occupy
          the entire line up to a newline character.  Blank lines are
          ignored (even within multi-line entries).

          There are two types of Permissions file entries:

               LOGNAME    specifies the permissions that take effect
                          when a remote computer calls your computer.

               MACHINE    specifies permissions that take effect when
                          your computer calls a remote computer.

     Options
          This section describes each option, specifies how they are
          used, and lists their default values.

               REQUEST=yes/no
                    Specifies whether the remote computer can request
                    to set up file transfers from your computer.  When
                    a remote computer calls your computer and requests
                    to receive a file, this request can be granted or
                    denied.  no value is the default value.  It will
                    be used if the REQUEST option is not specified.
                    The REQUEST option can appear in either a LOGNAME
                    (remote calls you) entry or a MACHINE (you call
                    remote) entry.








     Page 1                                           (printed 2/7/91)





     PERMISSIONS(F)           XENIX System V            PERMISSIONS(F)



               SENDFILES=yes/call
                    Specifies whether your computer can send the work
                    queued for the remote computer.  When a remote
                    computer calls your computer and completes its
                    work, it may attempt to take work your computer
                    has queued for it.  The call value is the default
                    for the SENDFILE option.  This option is only
                    significant in LOGNAME entries since MACHINE
                    entries apply when calls are made out to remote
                    computers.  If this option is used with a MACHINE
                    entry, it will be ignored.

               READ and WRITE
                    Specify the various parts of the file system that
                    uucico can read from or write to.  The READ and
                    WRITE options can be used with either MACHINE or
                    LOGNAME entries.

                    The default for both the READ and WRITE options is
                    the uucppublic directory as shown in the following
                    example:

                         READ=/usr/spool/uucppublic
                         WRITE=/usr/spool/uucppublic

                    Supplying ``/'' as a pathname gives permission to
                    access any file that can be read by UUCP.
                    Multiple entries must be separated by a colon.
                    The READ option is for requesting files, and the
                    WRITE option for depositing files.  One of the
                    values must be the prefix of any full path name of
                    a file coming in or going out.

          Note that the READ and WRITE options do not effect the
          actual permissions of a file or directory.  You should be
          careful what directories you make accessible for reading and
          writing by remote systems.

     NOREAD and NOWRITE
          Specify exceptions to the READ and WRITE options or
          defaults.  NOWRITE works in the same manner as the NOREAD
          option.  The NOREAD and NOWRITE can be used in both LOGNAME
          and MACHINE entries.

     CALLBACK
          Specifies in LOGNAME entries that no transaction will take
          place until the calling system is called back.  There are
          two examples of when you would use CALLBACK.  From a
          security standpoint, if you call back a machine you can be
          sure it is the machine it says it is.  If you are doing long
          data transmissions, you can choose the machine that will be
          billed for the longer call.  The default for the COMMAND



     Page 2                                           (printed 2/7/91)





     PERMISSIONS(F)           XENIX System V            PERMISSIONS(F)



          option is no.  The CALLBACK option is rarely used.  If two
          sites have this option set for each other, a conversation
          will never get started.

     COMMANDS
          Specifies the commands in MACHINE entries that a remote
          computer can execute on your computer.  This affects the
          security of your system; use it with extreme care.

          The uux program will generate remote execution requests and
          queue them to be transferred to the remote computer.  Files
          and a command are sent to the target computer for remote
          execution.  Note that COMMANDS is not used in a LOGNAME
          entry; COMMANDS in MACHINE entries define command
          permissions whether you call the remote system or it calls
          you.

          The default command that a remote computer can execute on
          your computer is rmail.  If a command string is used in a
          MACHINE entry, the default commands are overridden.  Full
          pathnames can also be used.  Including the ALL value in the
          list means that any command from the remote computer
          specified in the entry will be executed.  If you use this
          value, you give the remote computer full access to your
          computer.  So, be careful; this allows far more access than
          normal users have.  The VALIDATE option should be used with
          the COMMANDS option whenever potentially dangerous commands
          like cat and uucp are specified with the COMMANDS option.
          Any command that reads or writes files is potentially
          dangerous to local security when executed by the UUCP remote
          execution daemon (uuxqt).

     VALIDATE
          Used in conjunction with the COMMANDS option when specifying
          commands that are potentially dangerous to your computer's
          security.  It provides a certain degree of verification of
          the caller's identity.  The use of the VALIDATE option
          requires that privileged computers have a unique
          login/password for UUCP transactions.  An important aspect
          of this validation is that the login/password associated
          with this entry be protected.  If an outsider gets that
          information, that particular VALIDATE option can no longer
          be considered secure.  (VALIDATE is merely an added level of
          security to the COMMANDS option, though it is a more secure
          way to open command access than ALL.)

        Entries for OTHER Systems
          You may want to specify different option values for machines
          or logins that are not mentioned in specific MACHINE or
          LOGNAME entries.  This may occur when there are many
          computers calling in that have the same set of permissions.
          The special name OTHER for the computer name can be used in



     Page 3                                           (printed 2/7/91)





     PERMISSIONS(F)           XENIX System V            PERMISSIONS(F)



          a MACHINE or LOGNAME entry as follows:

               MACHINE=OTHER \
               COMMANDS=rmail:/usr/local/bin/lc

               LOGNAME=OTHER \
               REQUEST=yes SENDFILES=yes \
               READ=/usr/spool/uucppublic \
               WRITE=/usr/spool/uucppublic

          All options that can be set for specific machines or logins
          can be used with the OTHER value, although the use of the
          VALIDATE option makes little sense.

     Example
          This entry is for public login.  It provides the default
          permissions.  Note that use of this type of anonymous login
          is not encouraged.

               LOGNAME=nuucp \
               MACHINE=OTHER \
               READ=/usr/spool/uucppublic \
               WRITE=/usr/spool/uucppublic \
               SENDFILES=call REQUEST=no \
               COMMANDS=/bin/rmail


     See Also
          uucico(ADM), uucp(C), uux(C), uuxqt(C)


























     Page 4                                           (printed 2/7/91)



Typewritten Software • bear@typewritten.org • Edmonds, WA 98026