![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to USERFILE.0 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp|
Return to USERFILE.0 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp |
1.1 root 1:
2:
3:
4: USERFILE(5) 1990 USERFILE(5)
5:
6:
7:
8: NNAAMMEE
9: USERFILE - UUCP pathname permissions file
10:
11: DDEESSCCRRIIPPTTIIOONN
12: The _U_S_E_R_F_I_L_E file specifies the file system directory trees
13: that are accessible to local users and to remote systems via
14: UUCP.
15:
16: Each line in _U_S_E_R_F_I_L_E is of the form:
17:
18: [_l_o_g_i_n_n_a_m_e],,[_s_y_s_t_e_m] [ cc ] _p_a_t_h_n_a_m_e [_p_a_t_h_n_a_m_e] [_p_a_t_h_n_a_m_e]
19:
20: The first two items are separated by a comma; any number of
21: spaces or tabs may separate the remaining items. Lines
22: beginning with a `#' character are comments. A trailing `\'
23: indicates that the next line is a continuation of the
24: current line.
25:
26: _L_o_g_i_n_n_a_m_e is a login (from /_e_t_c/_p_a_s_s_w_d) on the local
27: machine.
28:
29: _S_y_s_t_e_m is the name of a remote machine, the same name used
30: in _L._s_y_s(5).
31:
32: _c denotes the optional _c_a_l_l_b_a_c_k field. If a cc appears here,
33: a remote machine that calls in will be told that callback is
34: requested, and the conversation will be terminated. The
35: local system will then immediately call the remote host
36: back.
37:
38: _P_a_t_h_n_a_m_e is a pathname prefix that is permissible for this
39: _l_o_g_i_n and/or _s_y_s_t_e_m.
40:
41: When _u_u_c_i_c_o(8C) runs in master role or _u_u_c_p(1C) or _u_u_x(1C)
42: are run by local users, the permitted pathnames are those on
43: the first line with a _l_o_g_i_n_n_a_m_e that matches the name of the
44: user who executed the command. If no such line exists, then
45: the first line with a null (missing) _l_o_g_i_n_n_a_m_e field is
46: used. (Beware: _u_u_c_i_c_o is often run by the superuser or the
47: UUCP administrator through _c_r_o_n(8).)
48:
49: When _u_u_c_i_c_o runs in slave role, the permitted pathnames are
50: those on the first line with a _s_y_s_t_e_m field that matches the
51: hostname of the remote machine. If no such line exists,
52: then the first line with a null (missing) _s_y_s_t_e_m field is
53: used.
54:
55: _U_u_x_q_t(8) works differently; it knows neither a login name
56: nor a hostname. It accepts the pathnames on the first line
57: that has a null _s_y_s_t_e_m field. (This is the same line that
58: is used by _u_u_c_i_c_o when it cannot match the remote machine's
59: hostname.)
60:
61:
62:
63: Printed 7/4/90 June 1
64:
65:
66:
67:
68:
69:
70: USERFILE(5) 1990 USERFILE(5)
71:
72:
73:
74: A line with both _l_o_g_i_n_n_a_m_e and _s_y_s_t_e_m null, for example
75:
76: ,, //vvaarr//ssppooooll//uuuuccppppuubblliicc
77:
78: can be used to conveniently specify the paths for both "no
79: match" cases if lines earlier in _U_S_E_R_F_I_L_E did not define
80: them. (This differs from older Berkeley and all USG ver-
81: sions, where each case must be individually specified. If
82: neither case is defined earlier, a "null" line only defines
83: the "unknown login" case.)
84:
85: To correctly process _l_o_g_i_n_n_a_m_e on systems that assign
86: several logins per UID, the following strategy is used to
87: determine the current _l_o_g_i_n_n_a_m_e:
88:
89: 1) If the process is attached to a terminal, a login entry
90: exists in /_v_a_r/_r_u_n/_u_t_m_p, and the UID for the _u_t_m_p name
91: matches the current real UID, then _l_o_g_i_n_n_a_m_e is set to
92: the _u_t_m_p name.
93:
94: 2) If the UUSSEERR environment variable is defined and the UID
95: for this name matches the current real UID, then _l_o_g_i_n_-
96: _n_a_m_e is set to the name in UUSSEERR.
97:
98: 3) If both of the above fail, call _g_e_t_p_w_u_i_d(3) to fetch
99: the first name in /_e_t_c/_p_a_s_s_w_d that matches the real
100: UID.
101:
102: 4) If all of the above fail, the utility aborts.
103:
104: FFIILLEESS
105: /usr/lib/uucp/USERFILE
106: /usr/lib/uucp/UUAIDS/USERFILE USERFILE example
107:
108: SSEEEE AALLSSOO
109: uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C),
110: uuxqt(8C)
111:
112: NNOOTTEESS
113: The UUCP utilities (_u_u_c_i_c_o, _u_u_c_p, _u_u_x, and _u_u_x_q_t) always
114: have access to the UUCP spool files in /_v_a_r/_s_p_o_o_l/_u_u_c_p,
115: regardless of pathnames in _U_S_E_R_F_I_L_E.
116:
117: If uuuuccpp is listed in _L._c_m_d_s(5), then a remote system will
118: execute _u_u_c_p on the local system with the _U_S_E_R_F_I_L_E
119: privileges for its _l_o_g_i_n, not its hostname.
120:
121: _U_u_c_i_c_o freely switches between master and slave roles during
122: the course of a conversation, regardless of the role it was
123: started with. This affects how _U_S_E_R_F_I_L_E is interpreted.
124:
125:
126:
127:
128:
129: Printed 7/4/90 June 2
130:
131:
132:
133:
134:
135:
136: USERFILE(5) 1990 USERFILE(5)
137:
138:
139:
140: WWAARRNNIINNGG
141: _U_S_E_R_F_I_L_E restricts access only on strings that the UUCP
142: utilities identify as being pathnames. If the wrong holes
143: are left in other UUCP control files (notably _L._c_m_d_s), it
144: can be easy for an intruder to open files anywhere in the
145: file system. Arguments to _u_u_c_p(1C) are safe, since it
146: assumes all of its non-option arguments are files. _U_u_x(1C)
147: cannot make such assumptions; hence, it is more dangerous.
148:
149: BBUUGGSS
150: The _U_U_C_P _I_m_p_l_e_m_e_n_t_a_t_i_o_n _D_e_s_c_r_i_p_t_i_o_n explicitly states that
151: all remote login names must be listed in _U_S_E_R_F_I_L_E. This
152: requirement is not enforced by Berkeley UUCP, although it is
153: by USG UUCP.
154:
155: Early versions of 4.2BSD _u_u_x_q_t(8) erroneously check UUCP
156: spool files against the _U_S_E_R_F_I_L_E pathname permissions.
157: Hence, on these systems it is necessary to specify
158: /_v_a_r/_s_p_o_o_l/_u_u_c_p as a valid path on the _U_S_E_R_F_I_L_E line used by
159: _u_u_x_q_t. Otherwise, all _u_u_x(1C) requests are rejected with a
160: "PERMISSION DENIED" message.
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195: Printed 7/4/90 June 3
196:
197:
198:
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.