|
|
For security reasons, most installations historically limited the list of commands that were executable on behalf of an incoming request from uux, permitting only the receipt of mail (see mail(1)).
An authentication mechanism has been built into uux that works with a key management system to authenticate requesting users and machines in a reliable way. This feature works in conjunction with the uuxqt(1Mbnu) command and the ID mapping feature. It allows a remote request to be executed reliably under a local identity. Remote execution permissions are defined in /etc/uucp/Config (see Config(4bnu)) and /etc/uucp/Permissions (see Permissions(4bnu)).
command is made up of one or more arguments and looks like a shell command line, except that the command and filenames may be prefixed with system_name!. If system_name is null then the local system is assummed.
File names may be one of:
gets the file1 and file2 files from the sys1 and sys2 machines, executes the diff(1) command on the two files and puts the output in file.diff in the local PUBDIR/dan/ directory. PUBDIR is a public directory defined in the uucp source. By default, PUBDIR is /var/spool/uucppublic.
Any special shell characters such as ``<'', ``>'', ``;'' or ``|'', should be quoted either by quoting the entire command, or by quoting the special characters as individual arguments.
uux attempts to get all appropriate files to the system where
they will be processed.
For files that are output files, the filename must be escaped using
parentheses.
For example, the command:
uux "sysa!cut -f 1 sysb!/usr/file > sysc!/usr/file"
gets /usr/file from system sysb and sends it to system sysa, executes cut(1) on that file, and sends the output to system sysc.
uux will notify you if the requested command on the remote system was disallowed. The response comes by remote mail from the remote machine. This notification can be turned off with the -n option.
Note that any commands that a user will be allowed to execute via uux need to be added to the /etc/uucp/Permissions file, along with the actual pathname of the command. If a pathname is not specified, the default path (/usr/bin) is searched. If a command has a symbolic link to another command, the link will not be followed by uux, and the user will get back an error message stating that they do not have permission to execute the command.
The use of the shell metacharacter ``'' will probably not do what you want it to do.
The shell tokens ``<<'' and ``>>'' are not implemented.
The execution of commands on remote systems takes place in an
execution directory known to the UUCP system.
All files required for the execution will be put into this
directory unless they already reside on that machine.
The filename (without the path or any machine
reference) must therefore be unique within the uux request.
The following command will not work:
uux "sysa!diff sysb!/home/dan/xyz sysc!/home/dan/xyz > !xyz.diff"
but the command
uux "sysa!diff sysa!/home/dan/xyz sysc!/home/dan/xyz > !xyz.diff"
will work (if diff is a permitted command).
Protected files and files that are in protected directories that are owned by the requester can be sent in commands using uux. However, if the requester is root, and the directory is not searchable by other, the request will fail.