Permissions - Contains information about the permissions
that remote computers have with respect to login, file
access, and command execution
/usr/lib/uucp/Permissions
The /usr/lib/uucp/Permissions file contains information
about the ways in which the remote computers listed in the
Systems file are allowed to carry out uucico and uuxqt
transactions with a local system.
Be aware that entries in a Permissions file do not affect
a remote system user with a valid login on the local computer.
Note that you must have root user authority to edit the
Permissions file, which is owned by the uucp login ID.
The Permissions file has two types of entries: LOGNAME
specifies the permissions that take effect when a remote
system logs in. These entries begin with LOGNAME. MACHINE
specifies permissions that take effect when your system
calls a remote system. These entries begin with MACHINE.
Both type of entries consist of option-value pairs. You
can have as many of these option-value pairs as you want
and can write entries for all or only some of the remote
sites.
Options [Toc] [Back]
Specifies whether the remote system can request to set up
file transfers from your system. The default is not to
allow such requests. This option can be used in either
LOGNAME or MACHINE entries.
Specifies whether your system can send the work queued for
the remote system when the remote system initiates the
call. The default is call; that is, the queued files are
sent only when the local system calls the remote system.
This option is used in LOGNAME entries. Specifies from
which directories uucico can read. The default is the
/usr/spool/uucppublic directory. This option can be used
in either LOGNAME or MACHINE entries. If multiple pathnames
are specified, separate them with a colon (:).
Specifies to which directories uucico can write. The
default is the /usr/spool/uucpublic directory. This option
can be used in either LOGNAME or MACHINE entries. If multiple
pathnames are specified, separate them with a colon
(:). Specify exceptions to the READ and WRITE options.
These options can be used in either LOGNAME or MACHINE
entries. If multiple pathnames are specified, separate
them with a colon (:). Specifies the commands that a
remote system can request to be executed on the local system.
The default is rmail command. If multiple commands
are specified, separate them with a colon(:). This option
is used in MACHINE entries. Specifies whether any transactions
can occur without the local system calling the
remote system. The default is no, that is, the local system
must initiate the call to the remote system before any
transactions are allowed. If both the remote and local
systems use CALLBACK, they will not be able to initiate
any jobs. This option can be used in LOGNAME entries.
Used to verify the calling system's identity. The values
for this option should be the system name or the names of
systems allowed to log in using the name specified by LOGNAME.
If a system other than those specified in VALIDATE
tries to use the name specified by LOGNAME, the connection
will be refused. If multiple systems are specified, separate
them with a colon (:). This option is used with the
LOGNAME entries.
Rules for Writing Permissions File Entries [Toc] [Back]
The following rules apply for writing Permissions file
entries: Each option-value pair has the following format:
option=value
Blank spaces are not allowed before or after the
equal sign. A blank space is used to separate
option-value pairs. If an option has one or more
values, the values are separated with a colon.
Comment lines begin with a number sign (#) and end
with a new line. The backslash (\) is used as a
continuation character to continue a line on to the
next line on the screen. Blank lines are ignored.
All login IDs used by remote systems must appear in
one and only one LOGNAME entry. If you do not want
to grant permissions to each system by name, the
entry MACHINE=OTHER will assign permissions to any
system not mentioned by name. You can combine
MACHINE and LOGNAME entries into a single entry if
the options are the same.
The following example allows remote system buck to log in
with login ID Luucp1. The VALIDATE option means that the
login ID uucp1 can only be used by remote system buck.
The REQUEST option means that remote system buck can
request files to be transferred from the local system.
The SENDFILES option means that any requests queued on the
local system for work on the remote system will be sent to
the remote system during the current session if allowed by
remote system buck. The READ and WRITE options mean that
remote system can read and write from and to any directory
that has proper permissions.
LOGNAME=uucp1 REQUEST=yes SENDFILES=yes \ VALIDATE=buck
READ=/ WRITE=/ MACHINE=buck \ REQUEST=yes COMMANDS=ALL
READ=/ WRITE=/ The following example has all the default
values of the options, which are as follows: REQUEST=no,
SENDFILES=call READ and WRITE=/usr/spool/uucppublic COMMANDS=rmail
CALLBACK=no
The remote system cannot ask to receive any queued
files containing work that users on the local system
have requested to be executed on the remote
system. The local system cannot send queued work to
the remote system when that system has completed
its current operations. Instead, the queued work
can be sent only when the local system contacts the
remote system. The remote system can send (write)
files to and transfer (read) files from only the
uucp public directory (/usr/spool/uucppublic/system_name)
on the local system. Users on the remote
system can execute only the default command (rmail)
on the local system.
LOGNAME=uucp2 MACHINE=buck:bigguy The following
example is similar to the first. However, this
entry allows the remote users of systems waldo and
buck to execute only the rmail and /usr/lbin/rnews
commands:
LOGNAME=uucp3 VALIDATE=waldo:buck REQUEST=yes \
SENDFILES=yes READ=/ WRITE=/ \ MACHINE=waldo:buck
REQUEST=yes \ COMMANDS=rmail:/usr/lbin/rnews READ=/
WRITE=\ The following example specifies that all
remote systems using the uucp4 login ID that are
not included in existing MACHINE entries can execute
the rmail (mail) and /usr/bin/lint commands on
the local system:
LOGNAME=uucp4 MACHINE=OTHER COMMANDS=rmail:/usr/bin/lint
The following example
shows how the MACHINE and LOGNAME entry can be combined
into one entry. The remote host is darla. The
remote system darla should use the login ID xuucp
to log in to local system. The rest of the options
have the same meaning as explained in the first
example.
MACHINE=darla LOGNAME=xuucp READ=/ WRITE=/ \
REQUEST=yes SENDFILES=yes
Contains all the configuration files for the UNIX-to-UNIX
Copy Program (UUCP), including the Devices file.
Describes accessible remote systems.
Files: Systems(4) delim off
Permissions(4)
[ Back ] |
