![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to USERFILE.5 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp|
Return to USERFILE.5 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp |
1.1 ! root 1: .\" Copyright (c) 1986 Regents of the University of California. ! 2: .\" All rights reserved. The Berkeley software License Agreement ! 3: .\" specifies the terms and conditions for redistribution. ! 4: .\" ! 5: .\" @(#)USERFILE.5 6.2 (Berkeley) 6/23/90 ! 6: .\" ! 7: .TH USERFILE 5 "June 23, 1990" ! 8: .UC 6 ! 9: .SH NAME ! 10: USERFILE \- \s-1UUCP\s0 pathname permissions file ! 11: .SH DESCRIPTION ! 12: The ! 13: .I USERFILE ! 14: file specifies the file system directory trees that are accessible to ! 15: local users and to remote systems via \s-1UUCP\s0. ! 16: .PP ! 17: Each line in ! 18: .I USERFILE ! 19: is of the form: ! 20: .PP ! 21: [\fIloginname\fP]\fB,\fP[\fIsystem\fP] [ \fBc\fP ] \fIpathname\fP \c ! 22: [\fIpathname\fP] [\fIpathname\fP] ! 23: .PP ! 24: The first two items are separated by a comma; any number of spaces or ! 25: tabs may separate the remaining items. ! 26: Lines beginning with a `#' character are comments. ! 27: A trailing `\e' indicates that the next line ! 28: is a continuation of the current line. ! 29: .PP ! 30: .I Loginname ! 31: is a login (from ! 32: .IR /etc/passwd ) ! 33: on the local machine. ! 34: .PP ! 35: .I System ! 36: is the name of a remote machine, the same name used in ! 37: .IR L.sys (5). ! 38: .PP ! 39: .I c ! 40: denotes the optional ! 41: .I callback ! 42: field. ! 43: If a \fBc\fP appears here, a remote machine that calls in will be told ! 44: that callback is requested, and the conversation will be terminated. ! 45: The local system will then immediately call the remote host back. ! 46: .PP ! 47: .I Pathname ! 48: is a pathname prefix that is permissible for this ! 49: .I login ! 50: and/or ! 51: .IR system . ! 52: .PP ! 53: When ! 54: .IR uucico (8C) ! 55: runs in master role or ! 56: .IR uucp (1C) ! 57: or ! 58: .IR uux (1C) ! 59: are run by local users, the permitted pathnames are those on the ! 60: first line with a ! 61: .I loginname ! 62: that matches the name of the user who executed the command. ! 63: If no such line exists, then the first line with a null (missing) ! 64: .I loginname ! 65: field is used. ! 66: (Beware: ! 67: .I uucico ! 68: is often run by the superuser or the \s-1UUCP\s0 administrator through ! 69: .IR cron (8).) ! 70: .PP ! 71: When ! 72: .I uucico ! 73: runs in slave role, the permitted pathnames are those on the ! 74: first line with a ! 75: .I system ! 76: field that matches the hostname of the remote machine. ! 77: If no such line exists, then the first line with a null (missing) ! 78: .I system ! 79: field is used. ! 80: .PP ! 81: .IR Uuxqt (8) ! 82: works differently; it knows neither a login name nor a hostname. ! 83: It accepts the pathnames on the first line that has a null ! 84: .I system ! 85: field. ! 86: (This is the same line that is used by ! 87: .I uucico ! 88: when it cannot match the remote machine's hostname.) ! 89: .PP ! 90: A line with both ! 91: .I loginname ! 92: and ! 93: .I system ! 94: null, for example ! 95: .IP ! 96: .B , /var/spool/uucppublic ! 97: .PP ! 98: can be used to conveniently specify the paths for both "no match" cases ! 99: if lines earlier in ! 100: .I USERFILE ! 101: did not define them. ! 102: (This differs from older Berkeley and all USG versions, where each case ! 103: must be individually specified. ! 104: If neither case is defined earlier, ! 105: a "null" line only defines the "unknown login" case.) ! 106: .PP ! 107: To correctly process ! 108: .I loginname ! 109: on systems that assign several logins per UID, ! 110: the following strategy is used to determine the current ! 111: .IR loginname : ! 112: .TP ! 113: 1) ! 114: If the process is attached to a terminal, a login entry exists in ! 115: .IR /var/run/utmp , ! 116: and the UID for the ! 117: .I utmp ! 118: name matches the current real UID, then ! 119: .IR loginname ! 120: is set to the ! 121: .I utmp ! 122: name. ! 123: .TP ! 124: 2) ! 125: If the ! 126: .B USER ! 127: environment variable is defined and the UID for this name matches ! 128: the current real UID, then ! 129: .IR loginname ! 130: is set to the name in ! 131: .BR USER . ! 132: .TP ! 133: 3) ! 134: If both of the above fail, call ! 135: .IR getpwuid (3) ! 136: to fetch the first name in ! 137: .I /etc/passwd ! 138: that matches the real UID. ! 139: .TP ! 140: 4) ! 141: If all of the above fail, the utility aborts. ! 142: .SH FILES ! 143: .ta \w'/usr/lib/uucp/UUAIDS/USERFILE 'u ! 144: .nf ! 145: /usr/lib/uucp/USERFILE ! 146: /usr/lib/uucp/UUAIDS/USERFILE USERFILE example ! 147: .fi ! 148: .SH SEE ALSO ! 149: uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C), uuxqt(8C) ! 150: .SH NOTES ! 151: The \s-1UUCP\s0 utilities ! 152: .RI ( uucico , ! 153: .IR uucp , ! 154: .IR uux , ! 155: and ! 156: .IR uuxqt ) ! 157: always have access to the \s-1UUCP\s0 spool files in ! 158: .IR /var/spool/uucp , ! 159: regardless of pathnames in ! 160: .IR USERFILE . ! 161: .PP ! 162: If ! 163: .B uucp ! 164: is listed in ! 165: .IR L.cmds (5), ! 166: then a remote system will execute ! 167: .I uucp ! 168: on the local system with the ! 169: .I USERFILE ! 170: privileges for its ! 171: .IR login , ! 172: not its hostname. ! 173: .PP ! 174: .I Uucico ! 175: freely switches between master and slave roles during the course of a ! 176: conversation, regardless of the role it was started with. ! 177: This affects how ! 178: .I USERFILE ! 179: is interpreted. ! 180: .SH WARNING ! 181: .I USERFILE ! 182: restricts access only on strings that the \s-1UUCP\s0 utilities identify ! 183: as being pathnames. ! 184: If the wrong holes are left in other \s-1UUCP\s0 control files (notably ! 185: .IR L.cmds ), ! 186: it can be easy for an intruder to open files anywhere in the file system. ! 187: Arguments to ! 188: .IR uucp (1C) ! 189: are safe, since it assumes all of its non-option arguments are files. ! 190: .IR Uux (1C) ! 191: cannot make such assumptions; hence, it is more dangerous. ! 192: .SH BUGS ! 193: The ! 194: .I "\s-1UUCP\s0 Implementation Description" ! 195: explicitly states that all remote login names must be listed in ! 196: .IR USERFILE . ! 197: This requirement is not enforced by Berkeley \s-1UUCP\s0, although it is ! 198: by USG \s-1UUCP\s0. ! 199: .PP ! 200: Early versions of 4.2BSD ! 201: .IR uuxqt (8) ! 202: erroneously check \s-1UUCP\s0 spool files against the ! 203: .I USERFILE ! 204: pathname permissions. ! 205: Hence, on these systems it is necessary to specify ! 206: .I /var/spool/uucp ! 207: as a valid path on the ! 208: .I USERFILE ! 209: line used by ! 210: .IR uuxqt . ! 211: Otherwise, all ! 212: .IR uux (1C) ! 213: requests are rejected with a "PERMISSION DENIED" message.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.