.\" Copyright (c) 1986, 1993
.\" The Regents of the University of California. All rights reserved.
.\" This module is believed to contain source code proprietary to AT&T.
.\" Use and redistribution is subject to the Berkeley Software License
.\" Agreement and your Software Agreement with AT&T (Western Electric).
.\" @(#)USERFILE.5 8.1 (Berkeley) 6/6/93
.TH USERFILE 5 "June 6, 1993"
USERFILE \- \s-1UUCP\s0 pathname permissions file
file specifies the file system directory trees that are accessible to
local users and to remote systems via \s-1UUCP\s0.
[\fIloginname\fP]\fB,\fP[\fIsystem\fP] [ \fBc\fP ] \fIpathname\fP \c
[\fIpathname\fP] [\fIpathname\fP]
The first two items are separated by a comma; any number of spaces or
tabs may separate the remaining items.
Lines beginning with a `#' character are comments.
A trailing `\e' indicates that the next line
is a continuation of the current line.
is the name of a remote machine, the same name used in
If a \fBc\fP appears here, a remote machine that calls in will be told
that callback is requested, and the conversation will be terminated.
The local system will then immediately call the remote host back.
is a pathname prefix that is permissible for this
are run by local users, the permitted pathnames are those on the
that matches the name of the user who executed the command.
If no such line exists, then the first line with a null (missing)
is often run by the superuser or the \s-1UUCP\s0 administrator through
runs in slave role, the permitted pathnames are those on the
field that matches the hostname of the remote machine.
If no such line exists, then the first line with a null (missing)
works differently; it knows neither a login name nor a hostname.
It accepts the pathnames on the first line that has a null
(This is the same line that is used by
when it cannot match the remote machine's hostname.)
.B , /var/spool/uucppublic
can be used to conveniently specify the paths for both "no match" cases
(This differs from older Berkeley and all USG versions, where each case
must be individually specified.
If neither case is defined earlier,
a "null" line only defines the "unknown login" case.)
on systems that assign several logins per UID,
the following strategy is used to determine the current
If the process is attached to a terminal, a login entry exists in
name matches the current real UID, then
environment variable is defined and the UID for this name matches
the current real UID, then
If both of the above fail, call
to fetch the first name in
that matches the real UID.
If all of the above fail, the utility aborts.
.ta \w'/usr/lib/uucp/UUAIDS/USERFILE 'u
/usr/lib/uucp/UUAIDS/USERFILE USERFILE example
uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C), uuxqt(8C)
The \s-1UUCP\s0 utilities
always have access to the \s-1UUCP\s0 spool files in
regardless of pathnames in
then a remote system will execute
on the local system with the
freely switches between master and slave roles during the course of a
conversation, regardless of the role it was started with.
restricts access only on strings that the \s-1UUCP\s0 utilities identify
If the wrong holes are left in other \s-1UUCP\s0 control files (notably
it can be easy for an intruder to open files anywhere in the file system.
are safe, since it assumes all of its non-option arguments are files.
cannot make such assumptions; hence, it is more dangerous.
.I "\s-1UUCP\s0 Implementation Description"
explicitly states that all remote login names must be listed in
This requirement is not enforced by Berkeley \s-1UUCP\s0, although it is
erroneously check \s-1UUCP\s0 spool files against the
Hence, on these systems it is necessary to specify
requests are rejected with a "PERMISSION DENIED" message.