Limiting access with the Permissions file
If other machines will be dialing into your system, the
specifies the permissions that remote computers have
with respect to login, file access, and command
There are options that restrict the remote computer's
ability to request files and its ability to receive
files queued by the local site.
Other options specify the commands that a remote site
can execute on the local computer.
Each entry is a logical line with physical lines
terminated by a ``\'' to indicate continuation.
Entries are made up of options delimited by spaces.
Each option is a name-value pair in the following format:
Comment lines begin with a number sign (#) and they occupy the entire line up to a newline character. Blank lines are ignored (even within multi-line entries).
There are two types of Permissions file entries:
When using the Permissions file to restrict the level of access granted to remote computers:
This section describes each option, specifies how it is used, and lists its default values.
REQUEST=yesThe following string specifies that the remote computer cannot request files from your computer:
REQUEST=nowhich is the default value (it is used if the REQUEST option is not specified). The REQUEST option can appear in either a LOGNAME (remote calls you) entry or a MACHINE (you call remote) entry.
The following string specifies that your computer can send the work that is queued for the remote computer as long as the remote computer is logged in as one of the names in the LOGNAME option:
SENDFILES=yesThis string is mandatory if your computer is in a passive mode with respect to the remote computer.
The following string specifies that files queued in your computer be sent only when your computer calls the remote computer:
SENDFILES=callThe call value is the default for the SENDFILES option. This option is only significant in LOGNAME entries because MACHINE entries apply when calls are made out to remote computers. If this option is used with a MACHINE entry, it is ignored.
The default for both the READ and WRITE options is the uucppublic directory as shown in the following strings:
READ=/usr/spool/uucppublic WRITE=/usr/spool/uucppublicThe following strings specify permission to access any file that can be read or written by UUCP.
READ=/ WRITE=/The value of these entries is a colon-separated list of pathnames. The READ option is for requesting files, and the WRITE option for depositing files. One of the values must be the prefix of any full pathname of a file coming in or going out.
To grant permission to deposit files in /usr/tmp as well as the public directory, the following values would be used with the WRITE option:
WRITE=/usr/spool/uucppublic:/usr/tmpIt should be pointed out that if the READ and WRITE options are used, all pathnames must be specified because the pathnames are not added to the default list. For instance, if the /usr/news pathname was the only one specified in a WRITE option, permission to deposit files in the public directory would be denied.
You should be careful which directories you make accessible
for reading and writing by remote systems.
For example, you probably do not want remote computers to be able
to write over your /etc/passwd file so /etc
should not be open to writes.
READ=/ WRITE=/usr/spool/uucppublic NOREAD=/etc NOWRITE=/etcNOWRITE works in the same manner as the NOREAD option. The NOREAD and NOWRITE options can be used in both LOGNAME and MACHINE entries.
The following string specifies that your computer must call the remote computer back before any file transfers take place:
CALLBACK=yesThe default for the CALLBACK option is:
CALLBACK=noThe CALLBACK option is rarely used. If two sites have this option set for each other, a conversation never gets started.
The uux program generates remote execution requests and queues them to be transferred to the remote computer. Files and a command are sent to the target computer for remote execution. Note that COMMANDS is not used in a LOGNAME entry; COMMANDS in MACHINE entries define command permissions whether you call the remote system or it calls you.
The default command that a remote computer can execute on your computer is:
COMMANDS=rmailIf a command string is used in a MACHINE entry, the default commands are overridden. For instance, the following entry overrides the COMMAND default so that the computers owl, raven, hawk, and dove can now execute rmail, rnews, and lp on your computer:
MACHINE=owl:raven:hawk:dove \ COMMANDS=rmail:rnews:lpFull pathnames of commands can also be used. For example, the following command specifies that command rmail uses the default path:
COMMANDS=rmail:/usr/lbin/rnews:/usr/bin/lpThe default paths for your computer are /bin, /usr/bin, and /usr/lbin. When the remote machine specifies rnews or /usr/lbin/rnews for the command to be executed, /usr/lbin/rnews is executed regardless of the default path. Similarly, /usr/bin/lp is the lp command that is executed.
Including the ALL value in the list means that any command from the remote computer specified in the entry is executed. If you use this value, you give the remote computer full access to your computer. Be careful, this allows far more access than normal users have.
The following string illustrates two points:
Careful consideration should be given to providing a remote computer with a privileged login and password for UUCP transactions. Giving a remote computer a special login and password with file access and remote execution capability is like giving anyone on that computer a normal login and password on your computer. Therefore, if you cannot trust someone on the remote computer, do not provide that computer with a privileged login and password.
The following LOGNAME entry specifies that if one of the remote computers that claims to be eagle, owl, or hawk logs in on your computer, it must have used the login uucpfriend.
LOGNAME=uucpfriend VALIDATE=eagle:owl:hawkAs can be seen, if an outsider gets the uucpfriend login or password, masquerading is trivial.
VALIDATE increases security by linking the MACHINE entry (and COMMANDS option) with a LOGNAME entry associated with a privileged login. This link is needed because the execution daemon is not running while the remote machine is logged in. In fact, it is an asynchronous process with no knowledge of what machine sent the execution request. How does your system know where the execution files came from?
Each remote computer has its own spool directory on your computer. These spool directories have write permission given only to UUCP programs. The execution files from the remote computer are put in its spool directory after being transferred to your computer. When the uuxqt daemon runs, it can use the spool directory name to find the MACHINE entry in the Permissions file and get the COMMANDS list. If the computer name does not appear in the Permissions file, the default list is used.
The following example shows the relationship between the MACHINE and LOGNAME entries:
MACHINE=eagle:owl:hawk REQUEST=yes \ COMMANDS=rmail:/usr/local/bin/lc \ READ=/ WRITE=/The COMMANDS option line shows that remote mail and /usr/local/bin/lc can be executed by remote users.
LOGNAME=uucpz VALIDATE=eagle:owl:hawk \ REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/
In the MACHINE entry, you must make the assumption that when you want to call one of the computers listed, you are really calling eagle, owl, or hawk. Any files put into one of the eagle, owl, or hawk spool directories is put there by one of those computers. If a remote computer logs in and says that it is one of these three computers, its execution files are also put in the privileged spool directory. You should validate that the computer has the privileged login uucpz.
MACHINE=OTHER \ COMMANDS=rmail:/usr/local/bin/lcAll options that can be set for specific machines or logins can be used with the OTHER value, although the use of the VALIDATE option makes little sense.
LOGNAME=OTHER \ REQUEST=yes SENDFILES=yes \ READ=/usr/spool/uucppublic \ WRITE=/usr/spool/uucppublic
MACHINE=eagle:owl:hawk REQUEST=yes \ READ=/ WRITE=/These two entries can be merged as follows:
LOGNAME=uucpz REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/
MACHINE=eagle:owl:hawk REQUEST=yes \ LOGNAME=uucpz SENDFILES=yes \ READ=/ WRITE=/