![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to filemodes CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Research Unix] / researchv10no / cmd / uucp / doc / rtmdiff|
Return to filemodes CVS log | Up to [Research Unix] / researchv10no / cmd / uucp / doc / rtmdiff |
1.1 root 1: .Bh
2: File permissions
3: .PP
4: Files in
5: .I /usr/lib/uucp
6: should be protected
7: pretty much as always:
8: nothing should have general write permissions,
9: .I Systems
10: and all the
11: .I L.sys
12: files
13: should not have general read permissions.
14: Other data files
15: can probably be left readable,
16: depending on your level of paranoia:
17: for example,
18: some of the information in
19: .I Permissions
20: could be helpful
21: to breakin artists.
22: .PP
23: .I Uucico ,
24: .I uusched ,
25: .I uuxqt ,
26: .I uucp ,
27: .I uustat ,
28: and
29: .I uux
30: should be set-user-\s-1ID\s0
31: .I uucp
32: (or whatever is used locally
33: as the administrative login
34: for
35: .I uucp ).
36: They need not be
37: set-group-\s-1ID\s0.
38: None of the other programs
39: should have any set-\s-1ID\s0 bits.
40: .PP
41: Shell scripts
42: invoked by
43: .I cron
44: should run as user
45: .I uucp .
46: .PP
47: Neither the spool directory
48: .I /usr/spool/uucp
49: nor any of its subsidiary directories
50: need have general write permissions.
51: Command files
52: (\c
53: .B C. )
54: are made generally readable
55: but not writeable;
56: data files and execute files
57: (\c
58: .B D. ,
59: .B X. )
60: are kept inaccessible
61: except by
62: .I uucp .
63: Logfiles
64: (\c
65: .I .Log/\(**/\(** )
66: are not generally writeable.
67: For no sensible reason,
68: however,
69: the error logs in
70: .I .Admin
71: and the system status files in
72: .I .Status
73: are left in mode 0666.
74: .PP
75: All this is philosophically
76: very similar to the old
77: .I uucp ;
78: however,
79: installing the new system
80: is a marvelous opportunity
81: to get it wrong.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.