Commit | Line | Data |
---|---|---|
ad787160 C |
1 | .\" Copyright (c) 1986, 1993 |
2 | .\" The Regents of the University of California. All rights reserved. | |
55331617 | 3 | .\" |
ad787160 C |
4 | .\" This module is believed to contain source code proprietary to AT&T. |
5 | .\" Use and redistribution is subject to the Berkeley Software License | |
6 | .\" Agreement and your Software Agreement with AT&T (Western Electric). | |
f49909f5 | 7 | .\" |
ad787160 | 8 | .\" @(#)USERFILE.5 8.1 (Berkeley) 6/6/93 |
55331617 | 9 | .\" |
ad787160 | 10 | .TH USERFILE 5 "June 6, 1993" |
55331617 KM |
11 | .UC 6 |
12 | .SH NAME | |
13 | USERFILE \- \s-1UUCP\s0 pathname permissions file | |
14 | .SH DESCRIPTION | |
15 | The | |
16 | .I USERFILE | |
17 | file specifies the file system directory trees that are accessible to | |
18 | local users and to remote systems via \s-1UUCP\s0. | |
19 | .PP | |
20 | Each line in | |
21 | .I USERFILE | |
22 | is of the form: | |
23 | .PP | |
24 | [\fIloginname\fP]\fB,\fP[\fIsystem\fP] [ \fBc\fP ] \fIpathname\fP \c | |
25 | [\fIpathname\fP] [\fIpathname\fP] | |
26 | .PP | |
27 | The first two items are separated by a comma; any number of spaces or | |
28 | tabs may separate the remaining items. | |
29 | Lines beginning with a `#' character are comments. | |
30 | A trailing `\e' indicates that the next line | |
31 | is a continuation of the current line. | |
32 | .PP | |
33 | .I Loginname | |
34 | is a login (from | |
35 | .IR /etc/passwd ) | |
36 | on the local machine. | |
37 | .PP | |
38 | .I System | |
39 | is the name of a remote machine, the same name used in | |
40 | .IR L.sys (5). | |
41 | .PP | |
42 | .I c | |
43 | denotes the optional | |
44 | .I callback | |
45 | field. | |
46 | If a \fBc\fP appears here, a remote machine that calls in will be told | |
47 | that callback is requested, and the conversation will be terminated. | |
48 | The local system will then immediately call the remote host back. | |
49 | .PP | |
50 | .I Pathname | |
51 | is a pathname prefix that is permissible for this | |
52 | .I login | |
53 | and/or | |
54 | .IR system . | |
55 | .PP | |
56 | When | |
57 | .IR uucico (8C) | |
58 | runs in master role or | |
59 | .IR uucp (1C) | |
60 | or | |
61 | .IR uux (1C) | |
62 | are run by local users, the permitted pathnames are those on the | |
63 | first line with a | |
64 | .I loginname | |
65 | that matches the name of the user who executed the command. | |
66 | If no such line exists, then the first line with a null (missing) | |
67 | .I loginname | |
68 | field is used. | |
69 | (Beware: | |
70 | .I uucico | |
71 | is often run by the superuser or the \s-1UUCP\s0 administrator through | |
72 | .IR cron (8).) | |
73 | .PP | |
74 | When | |
75 | .I uucico | |
76 | runs in slave role, the permitted pathnames are those on the | |
77 | first line with a | |
78 | .I system | |
79 | field that matches the hostname of the remote machine. | |
80 | If no such line exists, then the first line with a null (missing) | |
81 | .I system | |
82 | field is used. | |
83 | .PP | |
84 | .IR Uuxqt (8) | |
85 | works differently; it knows neither a login name nor a hostname. | |
86 | It accepts the pathnames on the first line that has a null | |
87 | .I system | |
88 | field. | |
89 | (This is the same line that is used by | |
90 | .I uucico | |
91 | when it cannot match the remote machine's hostname.) | |
92 | .PP | |
93 | A line with both | |
94 | .I loginname | |
95 | and | |
96 | .I system | |
97 | null, for example | |
98 | .IP | |
dde9b027 | 99 | .B , /var/spool/uucppublic |
55331617 KM |
100 | .PP |
101 | can be used to conveniently specify the paths for both "no match" cases | |
102 | if lines earlier in | |
103 | .I USERFILE | |
104 | did not define them. | |
105 | (This differs from older Berkeley and all USG versions, where each case | |
106 | must be individually specified. | |
107 | If neither case is defined earlier, | |
108 | a "null" line only defines the "unknown login" case.) | |
109 | .PP | |
110 | To correctly process | |
111 | .I loginname | |
112 | on systems that assign several logins per UID, | |
113 | the following strategy is used to determine the current | |
114 | .IR loginname : | |
115 | .TP | |
116 | 1) | |
117 | If the process is attached to a terminal, a login entry exists in | |
dde9b027 | 118 | .IR /var/run/utmp , |
55331617 KM |
119 | and the UID for the |
120 | .I utmp | |
121 | name matches the current real UID, then | |
122 | .IR loginname | |
123 | is set to the | |
124 | .I utmp | |
125 | name. | |
126 | .TP | |
127 | 2) | |
128 | If the | |
129 | .B USER | |
130 | environment variable is defined and the UID for this name matches | |
131 | the current real UID, then | |
132 | .IR loginname | |
133 | is set to the name in | |
134 | .BR USER . | |
135 | .TP | |
136 | 3) | |
137 | If both of the above fail, call | |
138 | .IR getpwuid (3) | |
139 | to fetch the first name in | |
140 | .I /etc/passwd | |
141 | that matches the real UID. | |
142 | .TP | |
143 | 4) | |
144 | If all of the above fail, the utility aborts. | |
145 | .SH FILES | |
146 | .ta \w'/usr/lib/uucp/UUAIDS/USERFILE 'u | |
147 | .nf | |
148 | /usr/lib/uucp/USERFILE | |
149 | /usr/lib/uucp/UUAIDS/USERFILE USERFILE example | |
150 | .fi | |
151 | .SH SEE ALSO | |
152 | uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C), uuxqt(8C) | |
153 | .SH NOTES | |
154 | The \s-1UUCP\s0 utilities | |
155 | .RI ( uucico , | |
156 | .IR uucp , | |
157 | .IR uux , | |
158 | and | |
159 | .IR uuxqt ) | |
160 | always have access to the \s-1UUCP\s0 spool files in | |
dde9b027 | 161 | .IR /var/spool/uucp , |
55331617 KM |
162 | regardless of pathnames in |
163 | .IR USERFILE . | |
164 | .PP | |
165 | If | |
166 | .B uucp | |
167 | is listed in | |
168 | .IR L.cmds (5), | |
169 | then a remote system will execute | |
170 | .I uucp | |
171 | on the local system with the | |
172 | .I USERFILE | |
173 | privileges for its | |
174 | .IR login , | |
175 | not its hostname. | |
176 | .PP | |
177 | .I Uucico | |
178 | freely switches between master and slave roles during the course of a | |
179 | conversation, regardless of the role it was started with. | |
180 | This affects how | |
181 | .I USERFILE | |
182 | is interpreted. | |
183 | .SH WARNING | |
184 | .I USERFILE | |
185 | restricts access only on strings that the \s-1UUCP\s0 utilities identify | |
186 | as being pathnames. | |
187 | If the wrong holes are left in other \s-1UUCP\s0 control files (notably | |
188 | .IR L.cmds ), | |
189 | it can be easy for an intruder to open files anywhere in the file system. | |
190 | Arguments to | |
191 | .IR uucp (1C) | |
192 | are safe, since it assumes all of its non-option arguments are files. | |
193 | .IR Uux (1C) | |
194 | cannot make such assumptions; hence, it is more dangerous. | |
195 | .SH BUGS | |
196 | The | |
197 | .I "\s-1UUCP\s0 Implementation Description" | |
198 | explicitly states that all remote login names must be listed in | |
199 | .IR USERFILE . | |
200 | This requirement is not enforced by Berkeley \s-1UUCP\s0, although it is | |
201 | by USG \s-1UUCP\s0. | |
202 | .PP | |
203 | Early versions of 4.2BSD | |
204 | .IR uuxqt (8) | |
205 | erroneously check \s-1UUCP\s0 spool files against the | |
206 | .I USERFILE | |
207 | pathname permissions. | |
208 | Hence, on these systems it is necessary to specify | |
dde9b027 | 209 | .I /var/spool/uucp |
55331617 KM |
210 | as a valid path on the |
211 | .I USERFILE | |
212 | line used by | |
213 | .IR uuxqt . | |
214 | Otherwise, all | |
215 | .IR uux (1C) | |
216 | requests are rejected with a "PERMISSION DENIED" message. |