UUCP Considerations

When using the Permissions file to restrict the level of access that is granted to remote computers, you should consider the following:

• All login IDs that are used by remote computers to log in for UUCP communications must appear in one and only one LOGNAME entry.

• Any site that is called with a name that does not appear in a MACHINE entry, has the following default permissions or restrictions:

  • Local send and receive requests are executed.

  • The remote computer can send files to your computer's /var/spool/uucppublic directory.

  • The commands that are sent by the remote computer for execution on your computer must be one of the default commands, usually rmail.

UUCP REQUEST Option

When a remote computer calls your computer and requests to receive a file, this request can be granted or denied. The REQUEST option specifies whether the remote computer can request to set up file transfers from your computer. The string REQUEST=yes specifies that the remote computer can request to transfer files from your computer. The string REQUEST=no specifies that the remote computer cannot request to receive files from your computer. REQUEST=no, the default value, is used if the REQUEST option is not specified. The REQUEST option can appear in either a LOGNAME entry (the remote computer calls you) or a MACHINE entry (you call remote computer).

UUCP SENDFILES Option

When a remote computer calls your computer and completes its work, it can attempt to retrieve work your computer has queued for it. The SENDFILES option specifies whether your computer can send the work that is queued for the remote computer.

The string SENDFILES=yes specifies that your computer can send the work that is queued for the remote computer if it is logged in as one of the names in the LOGNAME option. This string is mandatory if you have entered Never in the Time field of /etc/uucp/Systems. This designation sets up your local machine in passive mode, but it is not allowed to initiate a call to this particular remote computer. See UUCP /etc/uucp/Systems File for more information.

The string SENDFILES=call specifies that files that are queued in your computer are sent only when your computer calls the remote computer. The call value is the default for the SENDFILES option. This option is only significant in LOGNAME entries because MACHINE entries apply when calls are sent to remote computers. If the option is used with a MACHINE entry, it is ignored.

UUCP MYNAME Option

This option enables you to designate a unique UUCP node name for your computer in addition to its TCP/IP host name, as returned by the hostname command. For instance, if you have unknowingly given your host the same name as that of some other system, you can set the MYNAME option of the Permissions file. Suppose that you want your organization to be known as widget. If all your modems are connected to a machine with the host name gadget, you can have an entry in gadget's Permissions file that reads as follows:

service=uucico systems=Systems.cico:Systems   
  dialers=Dialers.cico:Dialers \ 
  devices=Devices.cico:Devices   
service=cu systems=Systems.cu:Systems \ 
  dialers=Dialers.cu:Dialers \   
  devices=Devices.cu:Devices

Now the system world can log in to the machine gadget as if it were logging in to widget. In order for machine world to know you also by the aliased name widget when you call it, you can have an entry that reads as follows:

MACHINE=world MYNAME=widget

You can also use the MYNAME option for testing purposes, as it allows your machine to call itself. However, because this option could be used to mask the real identity of a machine, you should use the VALIDATE option, as described in UUCP VALIDATE Option.

UUCP READ and WRITE Options

These options specify the various parts of the file system that uucico can read from or write to. You can designate READ and WRITE options with either MACHINE or LOGNAME entries.

The default for both the READ and WRITE options is the uucppublic directory, as shown in the following strings:

READ=/var/spool/uucppublic WRITE=/var/spool/uucppublic 

The strings READ=/ and WRITE=/ specify permission to access any file that can be accessed by a local user with Other permissions.

The value of these entries is a colon-separated list of path names. The READ option is for requesting files, and the WRITE option is for depositing files. One of the values must be the prefix of any full path name of a file entering or exiting. To grant permission to deposit files in /usr/news as well as the public directory, use the following values with the WRITE option:

WRITE=/var/spool/uucppublic:/usr/news 

If the READ and WRITE options are used, all path names must be specified because the path names are not added to the default list. For instance, if the /usr/news path name were the only path specified in a WRITE option, permission to deposit files in the public directory would be denied.

Be careful which directories you make accessible for reading and writing by remote systems. For example, the /etc directory contains many critical system files. Remote users should not have permission to deposit files in this directory.

UUCP NOREAD and NOWRITE Options

The NOREAD and NOWRITE options specify exceptions to the READ and WRITE options or defaults. The following entry permits reading any file except those files in the /etc directory (and its subdirectories--remember, these options are prefixes).

READ=/ NOREAD=/etc WRITE=/var/spool/uucppublic 

This entry permits writing only to the default /var/spool/uucppublic directory. NOWRITE works in the same manner as the NOREAD option. You can use the NOREAD and NOWRITE options in both LOGNAME and MACHINE entries.

UUCP CALLBACK Option

You can use the CALLBACK option in LOGNAME entries to specify that no transaction occurs until the calling system is called back. The reasons to set up CALLBACK are as follows:

• For security purposes - If you call back a machine, you can be sure it is the right machine.

• For accounting purposes - If you are doing long data transmissions, you can choose the machine that is billed for the longer call.

The string CALLBACK=yes specifies that your computer must call back the remote computer before any file transfers can occur.

The default for the CALLBACK option is CALLBACK=no. If you set CALLBACK to yes, the permissions that affect the rest of the conversation must be specified in the MACHINE entry that corresponds to the caller. Do not specify these permissions in the LOGNAME, or in the LOGNAME entry that the remote machine might have set for your host.

Note - If two sites have the CALLBACK option set for each other, a conversation never is started.

UUCP COMMANDS Option

Caution - The COMMANDS option can compromise the security of your system. Use it with extreme care.

You can use the COMMANDS option in MACHINE entries to specify the commands that a remote computer can execute on your machine. The uux program generates remote execution requests and queues them to be transferred to the remote computer. Files and commands are sent to the target computer for remote execution. This is an exception to the rule that MACHINE entries apply only when your system calls out.

Note that COMMANDS is not used in a LOGNAME entry. COMMANDS in MACHINE entries defines command permissions, whether you call the remote system or it calls you.

The string COMMANDS=rmail specifies the default commands that a remote computer can execute on your computer. If a command string is used in a MACHINE entry, the default commands are overridden. For instance, the following entry overrides the COMMAND default so that the computers that are named owl, raven, hawk, and dove can now execute rmail, rnews, and lp on your computer.

MACHINE=owl:raven:hawk:dove COMMANDS=rmail:rnews:lp 

In addition to the names as just specified,you can have full path names of commands. For example, the following entry specifies that command rmail uses the default search path.

COMMANDS=rmail:/usr/local/rnews:/usr/local/lp 

The default search path for UUCP is /bin and /usr/bin. When the remote computer specifies rnews or /usr/local/rnews for the command to be executed, /usr/local/rnews is executed regardless of the default path. Likewise, /usr/local/lp is the lp command that is executed.

Including the ALL value in the list means that any command from the remote computers that are specified in the entry is executed. If you use this value, you give the remote computers full access to your machine.

Caution - This value allows far more access than normal users have. You should use this value only when both machines are at the same site, are closely connected, and the users are trusted.

Here is the string with the ALL value added:

COMMANDS=/usr/local/rnews:ALL:/usr/local/lp 

This string illustrates two points:

• The ALL value can appear anywhere in the string.

• The path names that are specified for rnews and lp are used (instead of the default) if the requested command does not contain the full path names for rnews or lp.

You should use the VALIDATE option whenever you specify potentially dangerous commands, such as cat and uucp with the COMMANDS option. Any command that reads or writes files is potentially dangerous to local security when it is executed by the UUCP remote execution daemon (uuxqt).