The program /etc/uucp/genperm is recommended for creating a sample or default Permissions file from the Systems file.
Note that no white space is allowed within an option assignment.name=value
Comment lines begin with a number sign (#) and occupy the entire line up to a newline character. Blank lines are ignored (even within multi-line entries).
There are two types of Permissions file entries:
The string that follows specifies that the remote computer can request to transfer files from your computer:
REQUEST=yes
The following string specifies that the remote computer cannot request to receive files from your computer:
REQUEST=no
This is the default value. It will be used if the REQUEST option is not specified. The REQUEST option can appear in either a LOGNAME (remote calls you) entry or a MACHINE (you call remote) entry.
A note on security: When a remote computer calls you, you cannot verify its identity unless you have a unique login and password for that computer.
The string shown here specifies that your computer may send the work that is queued for the remote computer as long as it logged in as one of the names in the LOGNAME option:
SENDFILES=yes
This string is mandatory if your computer is in a "passive mode" with respect to the remote computer.
The string that follows specifies that files queued in your computer will be sent only when your computer calls the remote computer:
SENDFILES=call
The call value is the default for the SENDFILE option. This option is significant only in LOGNAME entries, because MACHINE entries apply when calls are made to remote computers. If the option is used with a MACHINE entry, it will be ignored.
The default for both the READ and WRITE options is the uucppublic directory, as shown in the following strings:
READ=/var/spool/uucppublic
WRITE=/var/spool/uucppublic
These strings specify permission to access any file that can be accessed by a local user with "other" permissions:
READ=/ WRITE=/
Because this suggestion may compromise security, use it only if required.
The value of these entries is a colon-separated list of pathnames. The READ option is for requesting files, and the WRITE option for depositing files. One of the values must be the prefix of any full pathname of a file coming in or going out. To grant permission to deposit files in /usr/news as well as in the public directory, the following values would be used with the WRITE option:
WRITE=/var/spool/uucppublic:/usr/news
Note that if you use the READ and WRITE options, you must specify all pathnames because the pathnames are not added to the default list. For instance, if the /usr/news pathname were the only one specified in a WRITE option, permission to deposit files in the public directory would be denied.
You should be careful which directories you make accessible for reading and writing by remote stations. For example, you probably wouldn't want remote computers to be able to write over your /etc/passwd file, so /etc shouldn't be open to writes.
READ=/ NOR EAD=/etc WRITE=/var/spool/uucppublic
NOWRITE works in the same manner as the NOREAD option. NOREAD and NOWRITE can be used in both LOGNAME and MACHINE entries.
The string that follows specifies that your computer must call the remote computer back before any file transfers will take place:
CALLBACK=yes
The default for the CALLBACK option is
CALLBACK=no
The CALLBACK option is very rarely used. Note that if two sites have this option set for each other, a conversation cannot be started.
The uux program generates remote execution requests and queues them to be transferred to the remote computer. Files and a command are sent to the target computer for remote execution.
The COMMANDS option can be used in MACHINE entries to specify the commands that a remote computer can execute on your computer. Note that COMMANDS is not used in a LOGNAME entry; COMMANDS in MACHINE entries defines command permissions, whether you call the remote station or it calls you.
This string indicates the default commands that a remote computer can execute on your computer:
COMMANDS=rmail
If a command string is used in a MACHINE entry, the default commands are overridden. For instance, in the following example, the entry overrides the COMMANDS default so that the computers eagle, owl, and hawk can now execute rmail and rnews on your computer:
MACHINE=eagle:owl:hawk REQUEST=yes
COMMANDS=rmail:/usr/bin/rnews
READ=/ WRITE=/
In addition to the names as specified above, there can be full pathnames of commands. For example, this line specifies that command rmail use the default path:
COMMANDS=rmail:/usr/bin/rnews:/usr/local/lp
The default paths for your computer are /bin /usr/sbin, /usr/bsd, and /usr/bin. When the remote computer specifies rnews or /usr/bin/rnews for the command to be executed, /usr/bin/rnews is executed, regardless of the default path. Likewise, /usr/local/lp is the lp command that is executed.
Note: Including the ALL value in the list means that any command from the remote computer(s) specified in the entry is executed. If you use this value, you give the remote computer full access to your computer. Be careful. This value allows far more access than normal users have.
This string illustrates the greater access:
COMMANDS=/usr/bin/rnews:ALL:/usr/local/lp
Two points about this string should be noted. The ALL value can appear anywhere in the string, and the pathnames specified for rnews and lp will be used (instead of the default) if the requested command does not contain the full pathnames for rnews or lp.
The VALIDATE option should be used with the COMMANDS option whenever potentially dangerous commands like cat and uucp are specified with the COMMANDS option. Any command that reads or writes files is potentially dangerous to local security when executed by the UUCP remote execution daemon (uuxqt).
Give careful consideration to providing a remote system with a privileged login and password for UUCP transactions. Giving another system these privileges is like giving anyone on that computer a normal login and password on your computer. Therefore, if you cannot trust everyone at the remote site, do not provide that system with a privileged login and password.
LOGNAME=uucpfriend VALIDATE=eagle:owl:hawk
As can be seen, if an outsider gets the uucpfriend login and password, marauding is trivial.
But what does this have to do with the COMMANDS option, which appears only in MACHINE entries? It links the MACHINE entry (and COMMANDS option) with a LOGNAME entry associated with a privileged login. This link is needed because the execution daemon is not running while the remote computer is logged in. In fact, it is an asynchronous process with no knowledge of what computer sent the execution request. Therefore, the real question is, how does your computer know where the execution files came from?
Each remote computer has its own "spool" directory on your computer. These spool directories have write permission given only to the UUCP programs. The execution files from the remote computer are put in its spool directory after being transferred to your computer. When the uuxqt daemon runs, it can use the spool directory name to find the MACHINE entry in the Permissions file and get the COMMANDS list or, if the computer name does not appear in the Permissions file, the default list is used.
The following example shows the relationship between the MACHINE and LOGNAME entries:
MACHINE=eagle:owl:hawk REQUEST=yes \
COMMANDS=rmail:/usr/bin/rnews \
READ=/ WRITE=/
LOGNAME=uucpz VALIDATE=eagle:owl:hawk \
REQUEST=yes SENDFILES=yes \
READ=/ WRITE=/
The value in the COMMANDS option means that remote mail and /usr/bin/rnews can be executed by remote users.
In the first entry, you must make the assumption that when you want to call one of the computers listed, you are really calling either eagle, owl, or hawk. Therefore, any files put into one of the eagle, owl, or hawk spool directories is put there by one of those computers. If a remote computer logs in and says that it is one of these three computers, its execution files will also be put in the privileged spool directory. You therefore have to validate that the computer has the privileged login uucpz.
MACHINE=OTHER \
COMMANDS=rmail:rnews:/usr/bin/Photo:/usr/bin/xp
All other options available for the MACHINE entry may also be set for the computers that are not mentioned in other MACHINE entries.
MACHINE=eagle:owl:hawk REQUEST=yes \
READ=/ WRITE=/
LOGNAME=uucpz REQUEST=yes SENDFILES=yes \
READ=/ WRITE=/
These two entries can be merged:
MACHINE=eagle:owl:hawk REQUEST=yes \
LOGNAME=uucpz SENDFILES=yes \
READ=/ WRITE=/