![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to USERFILE.5 CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp|
Return to USERFILE.5 CVS log | Up to [CSRG BSD Unix] / 43BSDReno / usr.bin / uucp |
1.1 root 1: .\" Copyright (c) 1986 Regents of the University of California.
2: .\" All rights reserved. The Berkeley software License Agreement
3: .\" specifies the terms and conditions for redistribution.
4: .\"
5: .\" @(#)USERFILE.5 6.2 (Berkeley) 6/23/90
6: .\"
7: .TH USERFILE 5 "June 23, 1990"
8: .UC 6
9: .SH NAME
10: USERFILE \- \s-1UUCP\s0 pathname permissions file
11: .SH DESCRIPTION
12: The
13: .I USERFILE
14: file specifies the file system directory trees that are accessible to
15: local users and to remote systems via \s-1UUCP\s0.
16: .PP
17: Each line in
18: .I USERFILE
19: is of the form:
20: .PP
21: [\fIloginname\fP]\fB,\fP[\fIsystem\fP] [ \fBc\fP ] \fIpathname\fP \c
22: [\fIpathname\fP] [\fIpathname\fP]
23: .PP
24: The first two items are separated by a comma; any number of spaces or
25: tabs may separate the remaining items.
26: Lines beginning with a `#' character are comments.
27: A trailing `\e' indicates that the next line
28: is a continuation of the current line.
29: .PP
30: .I Loginname
31: is a login (from
32: .IR /etc/passwd )
33: on the local machine.
34: .PP
35: .I System
36: is the name of a remote machine, the same name used in
37: .IR L.sys (5).
38: .PP
39: .I c
40: denotes the optional
41: .I callback
42: field.
43: If a \fBc\fP appears here, a remote machine that calls in will be told
44: that callback is requested, and the conversation will be terminated.
45: The local system will then immediately call the remote host back.
46: .PP
47: .I Pathname
48: is a pathname prefix that is permissible for this
49: .I login
50: and/or
51: .IR system .
52: .PP
53: When
54: .IR uucico (8C)
55: runs in master role or
56: .IR uucp (1C)
57: or
58: .IR uux (1C)
59: are run by local users, the permitted pathnames are those on the
60: first line with a
61: .I loginname
62: that matches the name of the user who executed the command.
63: If no such line exists, then the first line with a null (missing)
64: .I loginname
65: field is used.
66: (Beware:
67: .I uucico
68: is often run by the superuser or the \s-1UUCP\s0 administrator through
69: .IR cron (8).)
70: .PP
71: When
72: .I uucico
73: runs in slave role, the permitted pathnames are those on the
74: first line with a
75: .I system
76: field that matches the hostname of the remote machine.
77: If no such line exists, then the first line with a null (missing)
78: .I system
79: field is used.
80: .PP
81: .IR Uuxqt (8)
82: works differently; it knows neither a login name nor a hostname.
83: It accepts the pathnames on the first line that has a null
84: .I system
85: field.
86: (This is the same line that is used by
87: .I uucico
88: when it cannot match the remote machine's hostname.)
89: .PP
90: A line with both
91: .I loginname
92: and
93: .I system
94: null, for example
95: .IP
96: .B , /var/spool/uucppublic
97: .PP
98: can be used to conveniently specify the paths for both "no match" cases
99: if lines earlier in
100: .I USERFILE
101: did not define them.
102: (This differs from older Berkeley and all USG versions, where each case
103: must be individually specified.
104: If neither case is defined earlier,
105: a "null" line only defines the "unknown login" case.)
106: .PP
107: To correctly process
108: .I loginname
109: on systems that assign several logins per UID,
110: the following strategy is used to determine the current
111: .IR loginname :
112: .TP
113: 1)
114: If the process is attached to a terminal, a login entry exists in
115: .IR /var/run/utmp ,
116: and the UID for the
117: .I utmp
118: name matches the current real UID, then
119: .IR loginname
120: is set to the
121: .I utmp
122: name.
123: .TP
124: 2)
125: If the
126: .B USER
127: environment variable is defined and the UID for this name matches
128: the current real UID, then
129: .IR loginname
130: is set to the name in
131: .BR USER .
132: .TP
133: 3)
134: If both of the above fail, call
135: .IR getpwuid (3)
136: to fetch the first name in
137: .I /etc/passwd
138: that matches the real UID.
139: .TP
140: 4)
141: If all of the above fail, the utility aborts.
142: .SH FILES
143: .ta \w'/usr/lib/uucp/UUAIDS/USERFILE 'u
144: .nf
145: /usr/lib/uucp/USERFILE
146: /usr/lib/uucp/UUAIDS/USERFILE USERFILE example
147: .fi
148: .SH SEE ALSO
149: uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C), uuxqt(8C)
150: .SH NOTES
151: The \s-1UUCP\s0 utilities
152: .RI ( uucico ,
153: .IR uucp ,
154: .IR uux ,
155: and
156: .IR uuxqt )
157: always have access to the \s-1UUCP\s0 spool files in
158: .IR /var/spool/uucp ,
159: regardless of pathnames in
160: .IR USERFILE .
161: .PP
162: If
163: .B uucp
164: is listed in
165: .IR L.cmds (5),
166: then a remote system will execute
167: .I uucp
168: on the local system with the
169: .I USERFILE
170: privileges for its
171: .IR login ,
172: not its hostname.
173: .PP
174: .I Uucico
175: freely switches between master and slave roles during the course of a
176: conversation, regardless of the role it was started with.
177: This affects how
178: .I USERFILE
179: is interpreted.
180: .SH WARNING
181: .I USERFILE
182: restricts access only on strings that the \s-1UUCP\s0 utilities identify
183: as being pathnames.
184: If the wrong holes are left in other \s-1UUCP\s0 control files (notably
185: .IR L.cmds ),
186: it can be easy for an intruder to open files anywhere in the file system.
187: Arguments to
188: .IR uucp (1C)
189: are safe, since it assumes all of its non-option arguments are files.
190: .IR Uux (1C)
191: cannot make such assumptions; hence, it is more dangerous.
192: .SH BUGS
193: The
194: .I "\s-1UUCP\s0 Implementation Description"
195: explicitly states that all remote login names must be listed in
196: .IR USERFILE .
197: This requirement is not enforced by Berkeley \s-1UUCP\s0, although it is
198: by USG \s-1UUCP\s0.
199: .PP
200: Early versions of 4.2BSD
201: .IR uuxqt (8)
202: erroneously check \s-1UUCP\s0 spool files against the
203: .I USERFILE
204: pathname permissions.
205: Hence, on these systems it is necessary to specify
206: .I /var/spool/uucp
207: as a valid path on the
208: .I USERFILE
209: line used by
210: .IR uuxqt .
211: Otherwise, all
212: .IR uux (1C)
213: requests are rejected with a "PERMISSION DENIED" message.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.