unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



Permissions(4)						       Permissions(4)



NAME

  Permissions -	Contains information about the permissions that	remote com-
  puters have with respect to login, file access, and command execution

SYNOPSIS

  /usr/lib/uucp/Permissions

DESCRIPTION

  The /usr/lib/uucp/Permissions	file contains information about	the ways in
  which	the remote computers listed in the Systems file	are allowed to carry
  out uucico and uuxqt transactions with a local system.

  Be aware that	entries	in a Permissions file do not affect a remote system
  user with a valid login on the local computer.

  Note that you	must have root user authority to edit the Permissions file,
  which	is owned by the	uucp login ID.

  The Permissions file has two types of	entries:

    +  LOGNAME specifies the permissions that take effect when a remote	sys-
       tem logs	in. These entries begin	with LOGNAME.

    +  MACHINE specifies permissions that take effect when your	system calls
       a remote	system.	These entries begin with MACHINE.

  Both type of entries consist of option-value pairs. You can have as many of
  these	option-value pairs as you want and can write entries for all or	only
  some of the remote sites.

  Options


  REQUEST
      Specifies	whether	the remote system can request to set up	file
      transfers	from your system. The default is not to	allow such requests.
      This option can be used in either	LOGNAME	or MACHINE entries.

  SENDFILES
      Specifies	whether	your system can	send the work queued for the remote
      system when the remote system initiates the call.	The default is call;
      that is, the queued files	are sent only when the local system calls the
      remote system. This option is used in LOGNAME entries.

  READ
      Specifies	from which directories uucico can read.	The default is the
      /usr/spool/uucppublic directory. This option can be used in either LOG-
      NAME or MACHINE entries. If multiple pathnames are specified, separate
      them with	a colon	(:).

  WRITE
      Specifies	to which directories uucico can	write. The default is the
      /usr/spool/uucpublic directory. This option can be used in either	LOG-
      NAME or MACHINE entries. If multiple pathnames are specified, separate
      them with	a colon	(:).

  NOREAD and NOWRITE
      Specify exceptions to the	READ and WRITE options.	These options can be
      used in either LOGNAME or	MACHINE	entries. If multiple pathnames are
      specified, separate them with a colon (:).

  COMMANDS
      Specifies	the commands that a remote system can request to be executed
      on the local system. The default is rmail	command. If multiple commands
      are specified, separate them with	a colon(:). This option	is used	in
      MACHINE entries.

  CALLBACK
      Specifies	whether	any transactions can occur without the local system
      calling the remote system. The default is	no, that is, the local system
      must initiate the	call to	the remote system before any transactions are
      allowed. If both the remote and local systems use	CALLBACK, they will
      not be able to initiate any jobs.	This option can	be used	in LOGNAME
      entries.

  VALIDATE
      Used to verify the calling system's identity. The	values for this
      option should be the system name or the names of systems allowed to log
      in using the name	specified by LOGNAME. If a system other	than those
      specified	in VALIDATE tries to use the name specified by LOGNAME,	the
      connection will be refused. If multiple systems are specified, separate
      them with	a colon	(:). This option is used with the LOGNAME entries.

  Rules	for Writing Permissions	File Entries

  The following	rules apply for	writing	Permissions file entries:

    +  Each option-value pair has the following	format:

       option=value

       Blank spaces are	not allowed before or after the	equal sign.

    +  A blank space is	used to	separate option-value pairs. If	an option has
       one or more values, the values are separated with a colon.

    +  Comment lines begin with	a number sign (#) and end with a new line.

    +  The backslash (\) is used as a continuation character to	continue a
       line on to the next line	on the screen.

    +  Blank lines are ignored.

    +  All login IDs used by remote systems must appear	in one and only	one
       LOGNAME entry.

    +  If you do not want to grant permissions to each system by name, the
       entry MACHINE=OTHER will	assign permissions to any system not men-
       tioned by name.

    +  You can combine MACHINE and LOGNAME entries into	a single entry if the
       options are the same.




EXAMPLES

   1.  The following example allows remote system buck to log in with login
       ID Luucp1. The VALIDATE option means that the login ID uucp1 can	only
       be used by remote system	buck.  The REQUEST option means	that remote
       system buck can request files to	be transferred from the	local system.
       The SENDFILES option means that any requests queued on the local	sys-
       tem for work on the remote system will be sent to the remote system
       during the current session if allowed by	remote system buck.  The READ
       and WRITE options mean that remote system can read and write from and
       to any directory	that has proper	permissions.

	    LOGNAME=uucp1 REQUEST=yes SENDFILES=yes \
	    VALIDATE=buck READ=/ WRITE=/ MACHINE=buck \
	    REQUEST=yes	COMMANDS=ALL READ=/ WRITE=/

   2.  The following example has all the default values	of the options,	which
       are as follows:

	 +  REQUEST=no,

	 +  SENDFILES=call

	 +  READ and WRITE=/usr/spool/uucppublic

	 +  COMMANDS=rmail

	 +  CALLBACK=no

       The remote system cannot	ask to receive any queued files	containing
       work that users on the local system have	requested to be	executed on
       the remote system. The local system cannot send queued work to the
       remote system when that system has completed its	current	operations.
       Instead,	the queued work	can be sent only when the local	system con-
       tacts the remote	system.	The remote system can send (write) files to
       and transfer (read) files from only the uucp public directory
       (/usr/spool/uucppublic/system_name) on the local	system.	 Users on the
       remote system can execute only the default command (rmail) on the
       local system.

	    LOGNAME=uucp2
	    MACHINE=buck:bigguy

   3.  The following example is	similar	to the first. However, this entry
       allows the remote users of systems waldo	and buck to execute only the
       rmail and /usr/lbin/rnews commands:

	    LOGNAME=uucp3 VALIDATE=waldo:buck REQUEST=yes \
	    SENDFILES=yes READ=/ WRITE=/ \
	    MACHINE=waldo:buck REQUEST=yes \
	    COMMANDS=rmail:/usr/lbin/rnews READ=/ WRITE=\

   4.  The following example specifies that all	remote systems using the
       uucp4 login ID that are not included in existing	MACHINE	entries	can
       execute the rmail (mail)	and /usr/bin/lint commands on the local	sys-
       tem:

	    LOGNAME=uucp4
	    MACHINE=OTHER COMMANDS=rmail:/usr/bin/lint

   5.  The following example shows how the MACHINE and LOGNAME entry can be
       combined	into one entry.	The remote host	is darla. The remote system
       darla should use	the login ID xuucp to log in to	local system. The
       rest of the options have	the same meaning as explained in the first
       example.

	    MACHINE=darla LOGNAME=xuucp	READ=/ WRITE=/ \
	    REQUEST=yes	SENDFILES=yes




FILES

  /usr/lib/uucp/*
	     Contains all the configuration files for the UNIX-to-UNIX Copy
	     Program (UUCP), including the Devices file.

  /usr/lib/uucp/Systems
	     Describes accessible remote systems.

RELATED	INFORMATION

  Files: Systems(4)