![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to AppendixIV CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv10no / cmd / uucp / doc / admin|
Return to AppendixIV CVS log | Up to [Research Unix] / researchv10no / cmd / uucp / doc / admin |
1.1 ! root 1: .H 1 Introduction ! 2: The Permissions file replaces the USERFILE for uucp. ! 3: It's purpose is to specify the permission that remote sites ! 4: have with respect to login, file access, and command ! 5: execution. ! 6: Options provide for restricting the ability to request files and ! 7: the ability to receive files queued by the local site. ! 8: In addition, an option is available to specify the commands that a ! 9: remote site can execute on the local system. ! 10: .P ! 11: The next section gives three Permissions' file entries. ! 12: Taken together, they provide all the entries needed by most ! 13: sites running the uucp system. ! 14: Section three gives the basics of the syntax and semantics of the ! 15: Permissions file. ! 16: The remainder of the documents gives a detailed explanation of the ! 17: options available, their uses, and setting up the default values. ! 18: .H 1 " Starting Examples" ! 19: The first example is the model of an entry for the public login on ! 20: your system; ! 21: it represents the most restrictive access to your system. ! 22: .HU "Example 1" ! 23: .sp ! 24: .nf ! 25: LOGNAME=nuucp ! 26: .fi ! 27: .sp ! 28: It states that login "nuucp" has all the default permissions/restrictions: ! 29: .BL ! 30: .LI ! 31: The remote site can send files exclusively to the \fIuucp public\fR directory. ! 32: (usually /usr/spool/uucppublic) ! 33: .LI ! 34: The remote site can \fInot\fR request to receive any files. ! 35: .LI ! 36: \fINo\fR files that are queued for the remote site will be transferred ! 37: during the present session. ! 38: .LI ! 39: The only commands that can be executed are the defaults--usually ! 40: "rmail". ! 41: (See section 6 for details on how to set this default.) ! 42: .LE ! 43: .P ! 44: This entry alone is sufficient to start communications with remote sites, ! 45: permitting files to be transferred to the uucp public directory by request of ! 46: the remote site. ! 47: .HU "Example 2" ! 48: The next entry is for remote sites that log in, but have fewer restrictions. ! 49: The login and passwd corresponding to this entry should not be distributed ! 50: to the general public; ! 51: it is usually reserved for closely coupled systems where the Systems file ! 52: information can be tightly controlled. ! 53: .sp ! 54: .nf ! 55: LOGNAME=uucpz REQUEST=yes SENDFILES=yes \\ ! 56: READ=/ WRITE=/ ! 57: .fi ! 58: .sp ! 59: This entry provides the following permissions ! 60: when a remote site logs in as "uucpz": ! 61: .BL ! 62: Files can be requested from the local site (REQUEST option). ! 63: .LI ! 64: Files can be transferred to any directory or any file ! 65: that is writable by user "other"--that is ! 66: a file/directory that is writable by a local user with ! 67: neither owner nor group permissions. ! 68: (Option WRITE controls this permission.) ! 69: .LI ! 70: Any files readable by user "other" can be requested. ! 71: (Option READ controls this permission.) ! 72: .LI ! 73: Any requests queued by the local site will be executed during ! 74: the conversation; ! 75: these are requests by local users that are destined for the ! 76: site that is calling in. ! 77: (SENDFILES option). ! 78: .LI ! 79: The commands sent for execution on the local system by the remote ! 80: must be in the default set ( usually "rmail"). ! 81: .LE ! 82: .HU "Example 3" ! 83: Thus far, the examples showed entries that referred to remote sites ! 84: when they log in to the local system. ! 85: This example is an entry used when calling a remote site. ! 86: .sp ! 87: .nf ! 88: MACHINE=mhtsa:mhtsb:mhtsc:pwbcc \\ ! 89: REQUEST=yes READ=/ WRITE=/ ! 90: .fi ! 91: .sp ! 92: When calling any of the systems given in the MACHINE list, ! 93: the following permissions prevail: ! 94: .BL ! 95: .LI ! 96: The remote site can both request and send files (REQUEST option). ! 97: .LI ! 98: The source or destination of the files on the local system can ! 99: be anywhere in the file system. ! 100: .LI ! 101: The only commands that will be executed for the remote site ! 102: are those in the default list. ! 103: .LE ! 104: .P ! 105: Any site that is called that does not have its name in a MACHINE ! 106: entry will have the default permissions as stated in "example 1" ! 107: with the exception that files queued for that site will be sent (the SENDFILES ! 108: option only has meaning in a LOGNAME entry). ! 109: .P ! 110: It is possible to put these ! 111: three examples together to form a Permissions file that ! 112: can be used by a system with a public login for remote sites ! 113: and several closely coupled machines. ! 114: .H 1 Basics ! 115: Each \fIentry\fR is a logical line; ! 116: physical lines are terminated with a "\\" to indicate continuation. ! 117: Entries are made up of "white space" delimited \fIoptions\fR. ! 118: Each option is a name/value pair; ! 119: these are constructed by an option name followed by a "=" followed by ! 120: the value. ! 121: Note that \fIno\fR white space is allowed within an option assignment. ! 122: .P ! 123: Comment lines begin with '#'; ! 124: they occupy the entire line up to a newline character. ! 125: Blank lines are ignored (even within multi line entries). ! 126: .P ! 127: There are two types of entries: ! 128: .BL ! 129: .LI ! 130: LOGNAME entries specify permissions for remote sites ! 131: when they log in to the local machine. ! 132: .LI ! 133: MACHINE entries ! 134: specify permissions for sites that the local machine call. ! 135: .LE ! 136: .P ! 137: LOGNAME entries will contain a LOGNAME option. ! 138: MACHINE entries will contain a MACHINE option. ! 139: .H 1 "Some Rules" ! 140: \fIRULE\fR:--All login ids used by remote sites to login for uucp ! 141: \fImust\fR appear in one and only one LOGNAME entry. ! 142: .P ! 143: \fIRULE\fR:--Any site that is called whose name ! 144: \fIdoes not\fR appear in a ! 145: MACHINE entry in the Permissions file will have the following ! 146: default permissions/restrictions: ! 147: .BL ! 148: .LI ! 149: Local send and receive requests will be executed. ! 150: .LI ! 151: The remote can send files to the system's public uucp directory. ! 152: .LI ! 153: The commands sent by the remote for execution on the local machine ! 154: must be in the default set--usually "rmail" and "rnews". ! 155: .LE ! 156: .H 1 "Options" ! 157: This section give the details of each option, specifying how they are ! 158: used and their default values. ! 159: .HU "MACHINE" ! 160: The MACHINE entry specifies the permissions that take effect when ! 161: a remote site is called. ! 162: .sp ! 163: .nf ! 164: MACHINE=mhtsa ! 165: .fi ! 166: .sp ! 167: is the start of an entry that will specify the permissions associated ! 168: with machine "mhtsa". ! 169: The MACHINE option can contain a list of different system names, ! 170: each separated by a ":". ! 171: For example, ! 172: .sp ! 173: .nf ! 174: MACHINE=mhtsa:mhtsb:mhtsc ! 175: .fi ! 176: .sp ! 177: .HU "LOGNAME" ! 178: The LOGNAME option specifies a list of login ids of remote sites ! 179: that are able to log into the local system. ! 180: The option contains one or more names separated by a ":". ! 181: For example, ! 182: .sp ! 183: .nf ! 184: LOGNAME=nuucp ! 185: .sp ! 186: .or ! 187: LOGNAME=uucpz:uucyz ! 188: .fi ! 189: .sp ! 190: Names that appear in LOGNAME options can appear in only one such option. ! 191: .HU "REQUEST" ! 192: The REQUEST option can appear in either a LOGNAME entry or a MACHINE entry ! 193: and specifies whether the remote can make requests to receive local ! 194: files. ! 195: .sp ! 196: .nf ! 197: REQUEST=yes ! 198: .fi ! 199: .sp ! 200: specifies that the remote \fIcan\fR request files. ! 201: .sp ! 202: .nf ! 203: REQUEST=no ! 204: .fi ! 205: .sp ! 206: specifies that the remote \fIcan not\fR request files. ! 207: The latter is the default--it will be used if the REQUEST ! 208: option is not specified. ! 209: .HU "SENDFILES" ! 210: SENDFILES specifies whether the \fIcalled\fR site will execute locally ! 211: queued requests during the conversation. ! 212: The default is that locally queued ! 213: requests will not be executed during the call; ! 214: they will be done only when the remote is \fIcalled\fR by the local system. ! 215: (I don't care who you say you are, I'll send you queued files when ! 216: I call you.) ! 217: .P ! 218: Clearly, this option is only significant in LOGNAME entries, since ! 219: MACHINE entries apply when calls are made out to remote sites. ! 220: In fact, the option is ignored when a MACHINE entry is being used. ! 221: .sp ! 222: .nf ! 223: SENDFILES=yes ! 224: .fi ! 225: .sp ! 226: specifies that the locally queued requests will be executed when ! 227: the remote site logs in as one of the names in this entry's ! 228: LOGNAME option. ! 229: .P ! 230: The default setting for the SENDFILE option is ! 231: .sp ! 232: .nf ! 233: SENDFILES=call ! 234: .fi ! 235: .sp ! 236: meaning that queued files will be sent only when I call you. ! 237: This option can be specified for documentation purposes. ! 238: .HU "READ and WRITE" ! 239: The default for both the READ and WRITE options ! 240: is the uucp public directory. ! 241: The options ! 242: .sp ! 243: .nf ! 244: READ=/usr/spool/uucppublic \\ ! 245: WRITE=/usr/spool/uucppublic ! 246: .fi ! 247: .sp ! 248: are the defaults and may be specified for documentation purposes. ! 249: The options ! 250: .sp ! 251: .nf ! 252: READ=/ WRITE=/ ! 253: .fi ! 254: .sp ! 255: specify permission to access any file that can be accessed by a local ! 256: user with "other" permissions. ! 257: .P ! 258: The value of these entries is a colon separated list of path ! 259: names. ! 260: The READ option is for requesting files and the WRITE option for ! 261: depositing files. ! 262: One of the values must be the prefix ! 263: of any full path name of a file coming in or going out. ! 264: .P ! 265: To grant permission to deposit files in /usr/news ! 266: as well as the public directory, specify ! 267: .sp ! 268: .nf ! 269: WRITE=/usr/spool/uucppublic:/usr/news ! 270: .fi ! 271: .sp ! 272: in the entry. ! 273: .P ! 274: \fIRULE\fR:--If the READ or WRITE option is specified, all the ! 275: path names must be specified; these do not add to the default ! 276: list. ! 277: .HU "NOREAD and NOWRITE" ! 278: There are two other options in the file access class, ! 279: NOREAD and NOWRITE. ! 280: These will rarely be used; ! 281: they specify exceptions to the READ and WRITE options or defaults. ! 282: .sp ! 283: .nf ! 284: READ=/ NOREAD=/etc \\ ! 285: WRITE=/usr/spool/uucppublic ! 286: .fi ! 287: .sp ! 288: This example would permit reading any file except those in the /etc ! 289: directory (and its sub directories--remember these are prefixes) ! 290: and writing only to the default /usr/spool/uucppublic directory. ! 291: NOWRITE works the same way for sending files to the local system. ! 292: .HU "CALLBACK - Is That Really You?" ! 293: The CALLBACK option is used in LOGNAME entries to specify that ! 294: no transaction will take place, but the calling system, ! 295: as established during handshake, will be called back. ! 296: .sp ! 297: .nf ! 298: CALLBACK=yes ! 299: .fi ! 300: .sp ! 301: specifies this action. ! 302: The default is ! 303: .sp ! 304: .nf ! 305: CALLBACK=no ! 306: .fi ! 307: .sp ! 308: The CALLBACK option will rarely be used. ! 309: (Note that if two sites have this option set for each other, a conversation ! 310: will never get started.) ! 311: .HU "COMMANDS" ! 312: WARNING!! ! 313: \fI ! 314: The COMMANDS option can be hazardous to the security ! 315: of your system. ! 316: Use it with extreme care. ! 317: \fR ! 318: The VALIDATE option should be used in conjunction with the ! 319: COMMANDS option whenever potentially dangerous commands ! 320: like "cat" and "uucp" are specified. ! 321: Any command that reads or writes files is potentially ! 322: dangerous to local security when executed by the uucp ! 323: remote execution demon (uuxqt). ! 324: .P ! 325: The \fIuux\fR program will generate remote execution requests and queue ! 326: them to be transferred to the remote site. ! 327: Files and a command are sent to the target site. ! 328: The COMMANDS option can be used ! 329: in MACHINE entries to specify the commands that a remote ! 330: machine can execute. ! 331: .sp ! 332: .nf ! 333: COMMANDS=rmail:rnews ! 334: .fi ! 335: .sp ! 336: This line indicates the commands that can be executed by the ! 337: remote machine are either rmail or rnews exclusively. ! 338: (The default list is specified in the "parms.h" header file ! 339: during installation of uucp. ! 340: The defaults settings will be discussed later.) ! 341: The entry ! 342: .sp ! 343: .nf ! 344: MACHINE=owl:raven:hawk:dove \\ ! 345: COMMANDS=rmail:rnews:lp ! 346: .fi ! 347: .sp ! 348: overrides the COMMAND default such that the command list ! 349: for machines owl, raven, hawk, and dove now consists of ! 350: "rmail", "rnews" and "lp". ! 351: .HU "VALIDATE" ! 352: \fIRULE\fR:--If you don't trust a caller's identity, don't let that system ! 353: execute dangerous commands. ! 354: .sp ! 355: \fICOROLLARY\fR:--If you can't trust a site, don't give it ! 356: a privileged login and passwd. ! 357: .sp ! 358: \fBWARNING!\fR ! 359: Giving a site a special login, with file access and remote execution ! 360: capability, is like giving anyone on that system a normal login. ! 361: .P ! 362: Use the VALIDATE option in connection with the COMMANDS option ! 363: when specifying dangerous commands. ! 364: It is used in LOGNAME entries to provide \fIsome\fR verification ! 365: of the caller's identity. ! 366: However, an important aspect of this validation is that the ! 367: login/passwd associated with this entry be protected. ! 368: If an outsider gets that information, the validation is not valid! ! 369: .P ! 370: Now that the warnings are out of the way, here is an example: ! 371: .sp ! 372: .nf ! 373: LOGNAME=uucpfriend VALIDATE=eagle:owl:hawk ! 374: .fi ! 375: .sp ! 376: This entry specifies that if a remote logs in and says that it is ! 377: any of the specified birds, it must have logged in as "uucpfriend". ! 378: As can be seen, if an outsider gets the uucpfriend login/passwd, ! 379: masquerading is trivial. ! 380: .P ! 381: But what does this have to do with the COMMANDS option, ! 382: which only appears in MACHINE entries? ! 383: A short answer is that it connects the MACHINE entry that has the ! 384: COMMANDS option with a protected login entry that appears in ! 385: a LOGNAME option. ! 386: This connection is needed because the execution demon is not ! 387: running while the remote is logged in; ! 388: it is in fact, an asynchronous process with no knowledge of ! 389: what system sent the execution requests. ! 390: .P ! 391: Therefore, the real question is, how does the local site know who put the ! 392: execution files (X. files created by the uux command on the remote site)? ! 393: .P ! 394: Each remote site has its own "spool" directory, with write permission ! 395: only given to the uucp programs. ! 396: The execution files from the remote site are put in its spool directory. ! 397: Therefore, when the "uuxqt" demon program runs, it can use the ! 398: spool directory name to find the MACHINE entry in the Permissions ! 399: file and get the COMMANDS list, or if the machine name does not ! 400: appear in the Permissions file, the default list will be used. ! 401: Example ! 402: .sp ! 403: .nf ! 404: MACHINE=mhtsa:mhtsb:mhtsc REQUEST=yes \\ ! 405: COMMANDS=ALL \\ ! 406: READ=/ WRITE=/ ! 407: ! 408: LOGNAME=uucpz VALIDATE=mhtsa:mhtsb:mhtsc \\ ! 409: REQUEST=yes SENDFILES=yes \\ ! 410: READ=/ WRITE=/ ! 411: .fi ! 412: .sp ! 413: provides unlimited read, write, and command execution. ! 414: The ALL value in the commands option means that any command ! 415: can be executed! ! 416: \fBWARNING\fR: ! 417: Using the ALL value gives the remote site unlimited access to your ! 418: system. ! 419: In fact, files that are only readable or writable by user "uucp" ! 420: (like Systems) ! 421: can be accessed using commands like "ed". ! 422: .P ! 423: The assumption you make by the first entry above is that when you ! 424: call mhtsa, mhtsb or mhtsc, you really know who you are talking to. ! 425: Therefore, any files put into one of the "mhtsa", "mhtsb", or "mhtsc" ! 426: spool directories is put there by one of those sites. ! 427: If a remote site logs in and says they are one of these three systems, ! 428: their execution files will also be put in the privileged spool ! 429: directory. ! 430: You therefore have to validate that the site has the privileged ! 431: login "uucpz". ! 432: .HU "COMMANDS revisited" ! 433: The COMMANDS option specifies a list of commands that can be ! 434: executed by remote machines. ! 435: In addition to the names as specified above, they can be full path ! 436: names of commands, for example ! 437: .sp ! 438: .nf ! 439: COMMANDS=rmail:/usr/lbin/rnews:/usr/local/lp ! 440: .fi ! 441: .sp ! 442: specifies that command "rmail" uses the default path, ! 443: which is set up at uucp installation time--specified in the ! 444: parms.h file. ! 445: When the remote site specifies rnews or /usr/lbin/rnews for the ! 446: command to be executed, /usr/lbin/rnews will be executed ! 447: regardless of the default path. ! 448: Likewise, /usr/local/lp is the lp command that will be executed. ! 449: .P ! 450: Including the "ALL" value in the list means that any command from the ! 451: remote machine(s) specified in the entry will be executed. ! 452: If you use this value, you give the remote machine full access ! 453: to you machine! ! 454: .sp ! 455: .nf ! 456: COMMANDS=/usr/lbin/rnews:ALL:/usr/local/lp ! 457: .fi ! 458: .sp ! 459: This example illustrates two points. ! 460: The ALL value can appear anywhere in the string. ! 461: And, the path names specified for rnew and lp will be used ! 462: if the requested command does not contain the full path names ! 463: for rnews or lp. ! 464: .H 1 "Who Am I?" ! 465: When a remote calls, the called system responds with the local system ! 466: name; ! 467: this communicated in the \fIShere\fR message. ! 468: There are some situations when a system may want to say it is someone else. ! 469: First, for testing, this permits a system to call itself. ! 470: Also, a series of systems can be made to look like one to the outside world, ! 471: while retaining unique identities within a local network. ! 472: .sp ! 473: .nf ! 474: LOGNAME=uucptest MYNAME=testing ! 475: .fi ! 476: .sp ! 477: The local system will report its name as \fItesting\fR whenever ! 478: a remote logs in as uucptest. ! 479: .P ! 480: This facility can also be used when calling out: ! 481: .sp ! 482: .nf ! 483: MACHINE=testmach MYNAME=atest ! 484: .fi ! 485: .sp ! 486: Tells the machine, \fItestmach\fR, that machine \fIatest\fR is calling. ! 487: .H 1 "Public Directory" ! 488: The public directory, \fI/usr/spool/uucppublic\fR, provides a tree ! 489: for public access (by default, receiving files from sites.) ! 490: One may want to have different public directories based on ! 491: login ids. ! 492: .sp ! 493: .nf ! 494: LOGNAME=loginA PUBDIR=/usr/spool/uucppublic/loginA ! 495: ! 496: LOGNAME=loginB PUBDIR=/usr/spool/uucppublic/loginB ! 497: .fi ! 498: .sp ! 499: This can also be specified when remote machines are called: ! 500: .sp ! 501: .nf ! 502: MACHINE=machineA PUBDIR=/usr/spool/uucppublic/machineA ! 503: ! 504: MACHINE=machineB PUBDIR=/usr/spool/uucppublic/machineB ! 505: .fi ! 506: .sp ! 507: .H 1 "Default Settings" ! 508: The parms.h header file contains some default settings that affect ! 509: the Permissions file processing. ! 510: The PATH manifest defines the PATH environment variable that will be ! 511: set when remote commands are executed. ! 512: A typical line is ! 513: .sp ! 514: .nf ! 515: #define PATH "PATH=/bin:/usr/bin:/usr/lbin " /* */ ! 516: .fi ! 517: .sp ! 518: The default list of commands is defined by ! 519: .sp ! 520: .nf ! 521: #define DEFAULTCMDS "rmail" ! 522: .fi ! 523: .sp ! 524: Another example is ! 525: .sp ! 526: .nf ! 527: #define DEFAULTCMDS "rmail:rnews:xp:lp" ! 528: .fi ! 529: .sp ! 530: These take effect if no COMMANDS option is specified for the ! 531: machine that sent the remote execution. ! 532: .H 1 "MACHINE Entry For Other Systems" ! 533: An administrator may want to specify different option values for ! 534: the machines it calls that are not mentioned in specific MACHINE ! 535: entries. ! 536: This may occur when there are many machines calling in, and the command ! 537: set changes from time to time. ! 538: For these cases, it is not convenient to change the DEFAULTCMDS ! 539: as it would require a recompile. ! 540: The name "OTHER" for the machine name is used for this entry. ! 541: .sp ! 542: .nf ! 543: MACHINE=OTHER \\ ! 544: COMMANDS=rmail:rnews:/usr/lbin/Photo:/usr/lbin/xp ! 545: .fi ! 546: .sp ! 547: All other options available for the MACHINE entry may also be set ! 548: for the machines that are not mentioned in other MACHINE entries. ! 549: .H 1 "Combining MACHINE and LOGNAME Entries" ! 550: It is possible to combine MACHINE and LOGNAME entries into a single entry ! 551: where the common options are the same. ! 552: For example, these two entries ! 553: .sp ! 554: .nf ! 555: MACHINE=mhtsa:mhtsb:mhtsc REQUEST=yes \\ ! 556: READ=/ WRITE=/ ! 557: ! 558: LOGNAME=uucpz REQUEST=yes SENDFILES=yes \\ ! 559: READ=/ WRITE=/ ! 560: .fi ! 561: .sp ! 562: share the REQUEST, READ, and WRITE options. ! 563: They can be merged into one entry ! 564: .sp ! 565: .nf ! 566: MACHINE=mhtsa:mhtsb:mhtsc REQUEST=yes \\ ! 567: LOGNAME=uucpz SENDFILES=yes \\ ! 568: READ=/ WRITE=/ ! 569: .fi ! 570: .sp ! 571: that will take the place of the two entries.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.