|
|
Entries can begin with the following keywords:
Each entry in the Permissions file consists of a single logical line. Physical lines may be terminated by a backslash (\) to indicate that the entry continues on the next line. Multiple parameter declarations within a single entry must be delimited by white space. No white space is allowed within an individual parameter declaration. Comment lines begin with a hash sign (#) and occupy the entire line up to a newline character. Blank lines are ignored (even within multi-line entries).
The following parameters can be specified in the Permissions file:
REQUEST=yes
specifies that the remote computer
can request the transfer of files from your computer.
The declaration REQUEST=no
specifies that the remote computer
cannot request file transfers from your computer.
The REQUEST parameter can appear in either a LOGNAME entry or in a MACHINE entry. By default, the REQUEST parameter is set to ``no''.
The declaration SENDFILES=yes
specifies that your computer may send the work that
is queued for the remote computer as long as it logged in
as one of the names specified by the LOGNAME parameter.
The value ``yes'' is mandatory
if your computer is in a ``passive mode''
with respect to the remote computer.
The declaration SENDFILES=call
specifies that files queued in your computer
are sent only when your computer calls the remote computer.
The SENDFILES parameter is only significant in LOGNAME entries. If the parameter is used in a MACHINE entry, it is ignored. By default, SENDFILES is set to ``call''.
By default, PUBDIR is set to ``/var/spool/uucppublic''. We recommend that you do not change the default value; specifying a directory other than /var/spool/uucppublic may have an adverse affect on other system utilities.
The READ parameter requests files, and the WRITE parameter deposits files. One of the values must be a component of any full pathname of a file coming in or going out.
The value for the READ and WRITE parameters
is a colon-separated list of pathnames.
The declarations READ=/ WRITE=/
specify permission to access any file that can be
accessed by a local user whose access permissions are
set to other.
The READ and WRITE parameters can be used in both MACHINE and LOGNAME entries. By default, both the READ and WRITE parameters are set to the PUBDIR directory, which is equivalent to the following declarations:
READ=/var/spool/uucppublic WRITE=/var/spool/uucppublic
For example, the declarations
READ=/ NOREAD=/etc WRITE=/var/spool/uucppublicwould permit reading any file except those in the /etc directory (including its subdirectories) and permit writing only to the default /var/spool/uucppublic directory. NOWRITE works in the same manner as the NOREAD parameter.
The NOREAD and NOWRITE parameters can be used in both LOGNAME and MACHINE entries.
If the value of DIRECT is ``no'', files that are received are put into uucp's private spool directory, and then copied to the destination directory. If the value of DIRECT is ``yes'', files that are received are directly put into the destination directory. By default, DIRECT is set to ``no''.
From a security standpoint, if you call back a machine,
you can be fairly certain it is the machine it says it is.
If you are doing long data transmissions, you can choose the
machine that will be billed for the longer call.
The declaration CALLBACK=yes
specifies that your computer must call the remote
computer back before any file transfers will take place.
The default for the CALLBACK parameter is ``no''.
This parameter provides an override capability
for the global KEYS value specified in
the Config file
(see
Config(4bnu)).
At present,
cr1(1Mbnu)
is the only key management facility
available to BNU.
There is no default
key management facility.
To specify the cr1 key management facility,
the declaration KEYS=cr1
must exist.
This parameter provides an override capability for the global CRYPT value specified in the Config file (see Config(4bnu)). The default value is des. The value enigma may be used if the export-controlled Encryption Utilities Package is not available.
It provides an override capability
for the global AUTH value specified in
the Config file
(see
Config(4bnu)).
If either AUTH=yes
or AUTH=req
is declared,
no remote command request will be accepted without authentication.
When authenticated requests are executed, they are executed under the
mapped ID of the originator and all commands are allowed;
that is, the COMMANDS parameter is ignored.
Either of the declarations AUTH=opt
or AUTH=no
indicates that authentication is not required for remote
command execution.
In this case, commands are executed as in previous releases,
limited by the COMMANDS value.
Note that, if authentication is attempted but fails, the request is rejected, regardless of the value of AUTH.
COMMANDS is not relevant in LOGNAME entries.
In a MACHINE entry, COMMANDS defines command permissions that are in effect at all times, both when your computer calls the remote computer or when it calls you. By default, COMMANDS is set to ``rmail''.
Note that the COMMANDS parameter is used only for unauthenticated remote command execution requests. For information about authenticated remote command execution requests, see the descriptions of the KEYS and AUTH parameters.
VALIDATE is merely an added level of security on top of the COMMANDS parameter (though it is a more secure way to open command access than ALL). The use of the VALIDATE parameter requires that privileged computers have a unique login/password for uucp transactions. An important aspect of this validation is that the login/password associated with this entry be protected. If an outsider gets that information, that particular VALIDATE parameter can no longer be considered secure.
WRITE=/var/spool/uucppublic:/usr/newsIf the READ and WRITE parameters are used, all pathnames must be specified because the pathnames are not added to the default list. For instance, if the /usr/news pathname was the only one specified in a WRITE parameter, permission to deposit files in the public directory would be denied.
Be careful what directories you make accessible for reading and writing by remote systems. For example, you probably don't want remote computers to be able to write over your /etc/passwd file, so /etc should not be open to writes.
COMMANDS=rmail
specifies the default commands that a remote computer can
execute on your computer.
If a command name string is used in a MACHINE entry,
the default commands are overridden.
For instance, the entry:
MACHINE=owl:raven:hawk:dove \ COMMANDS=rmail:rnews:lpoverrides the COMMANDS default so that the computers owl, raven, hawk, and dove can now execute rmail, rnews, and lp on your computer.
In addition to the names as specified here, there can be full pathnames of commands. For example, the declaration:
COMMANDS=rmail:/usr/lbin/rnews:/usr/local/lpspecifies that the command rmail uses the default path. The default path for remote execution is /usr/bin. When the remote computer specifies rnews or /usr/lbin/rnews for the command to be executed, /usr/lbin/rnews will be executed regardless of the default path. Similarly, /usr/local/lp is the path of the lp command that will be executed.
The declaration:
COMMANDS=/usr/lbin/rnews:ALL:/usr/local/lpillustrates two points:
If commands are executed using the authenticated remote execution feature, the COMMANDS list is ignored and all commands are available to the authenticated user as if the user had logged in directly.
The VALIDATE parameter should be used with the COMMANDS parameter whenever potentially dangerous commands like cat and uucp are specified with the COMMANDS parameter. Any command that reads or writes files is potentially dangerous to local security when executed by the uucp remote execution daemon (uuxqt(1Mbnu)).
The LOGNAME entry
LOGNAME=uucpfriend VALIDATE=eagle:owl:hawkspecifies that if one of the remote computers that claims to be eagle, owl, or hawk logs into your computer, it must have used the login uucpfriend. If an outsider gets the uucpfriend login/password, masquerading is trivial.
The VALIDATE parameter links the MACHINE entry (and COMMANDS parameter) with a LOGNAME entry associated with a privileged login. This link is needed because the execution daemon is not running while the remote computer is logged in. In fact, it is an asynchronous process with no knowledge of what computer sent the execution request.
Each remote computer has its own spool directory on your computer. These spool directories have write permission given only to the UUCP family of programs. The execution files from the remote computer are put into its spool directory after being transferred to your computer. When the uuxqt daemon runs, it uses the spool directory name to find the MACHINE entry in the Permissions file and get the COMMANDS list, or it uses a default list if the computer name does not appear in the Permissions file.
The following example shows the relationship between the MACHINE and LOGNAME entries:
MACHINE=eagle:owl:hawk REQUEST=yes \ COMMANDS=rmail:/usr/lbin/rnews \ READ=/ WRITE=/The value of the COMMANDS parameter means that rmail and /usr/lbin/rnews can be executed by remote users.LOGNAME=uucpz VALIDATE=eagle:owl:hawk \ REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/
In the first entry, you must assume that when you want to call one of the computers listed, you are really calling eagle, owl, or hawk. Therefore, any file put into one of the eagle, owl, or hawk spool directories is put there by one of those computers. If a remote computer logs in and says that it is one of these three computers, its execution files will also be put in the privileged spool directory. You therefore have to validate that the computer has the privileged login uucpz.
MACHINE=OTHER \ COMMANDS=rmail:rnews:/usr/lbin/Photo:/usr/lbin/xpAll other parameters available for the MACHINE entry may also be set for the computers that are not mentioned in other MACHINE entries.
MACHINE=eagle:owl:hawk REQUEST=yes \ READ=/ WRITE=/and
LOGNAME=uucpz REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/share the same REQUEST, READ, and WRITE parameters. These two entries can be merged as follows:
MACHINE=eagle:owl:hawk REQUEST=yes \ LOGNAME=uucpz SENDFILES=yes \ READ=/ WRITE=/
Including the value ALL in the list for the COMMANDS parameter means that any command from the remote computer(s) specified in the entry will be executed. If you use this value, you give the remote computer full access to your computer. Be careful. This allows far more access than normal users have.
LOGNAME=nuucpwhich provides maximum security since it is equivalent to
LOGNAME=nuucp \ MACHINE=OTHER \ REQUEST=no \ SENDFILES=call \ READ=/var/spool/uucppublic \ WRITE=/var/spool/uucppublic \ AUTH=no \ COMMANDS=rmailNote that, since the KEYS parameter is not specified in the system-supplied Permissions file entry, no keys will be available to authenticate requests. Attempts will therefore fail. Only rmail will be available, as it was in previous releases.