Internet Security Professional Reference:Using UUCP

-->

Permissions File

Now that the Device and Systems entries are configured and verified, the next step is to examine the security of the UUCP system. The normal user account protections are still in place with most UUCP accounts. One account that deviates from standard security is anonymous UUCP access, if you allow it. The login/password combination may differ from normal protection mechanisms. For this and other reasons, you should always configure your UUCP accounts to include passwords: This makes it harder for the bad guys to break into your system through UUCP. The standard issues surrounding passwords should still be considered, however.

The structure of the Permissions file enables you to control which authorizations are given to the remote system when that system calls you, and also which authorizations you have when you call a remote system. As an administrator, you may choose to use only the default values for each of the fields in the file. A sample Permissions file entry appears here:

LOGNAME=choreo    \
REQUEST=yes        \
SENDFILES=yes    \
READ=/            \
NOREAD=/etc        \
WRITE=/tmp:/usr/tmp:/usr/spool/uucppublic    \
CALLBACK=no        \
COMMANDS=ALL

The backslashes on each line indicate that the line continues as if it were all on one line. This example does not include all of the options, and this in a non-default entry. (Each option is explained shortly.) The default permissions associated with a login are shown as follows:

Default Permissions
READ=/usr/spool/uucppublic
WRITE=/usr/spool/uucppublic
REQUEST=no
SENDFILES=call
COMMANDS=rmail

Each entry must have either a LOGNAME or MACHINE option, or both. The LOGNAME option indicates that this entry is used when the system calls in and logs in using the logname specified. MACHINE entries are for when users on your system CALL the remote machine, and not for when the remote machine calls you: that is covered by LOGNAME. LOGNAME and MACHINE entries may be combined, but they don’t have to be. However, if you want complete control over systems that access your machine using UUCP, separate login ids and combined LOGNAME/MACHINE entries are necessary in the Permissions file. All of the keyword options that can be used are defined in table 3.5. The L in the CLASS column indicates that the option applies to LOGNAME entries. M is for MACHINE entries, and both means that the option is applicable to both.

**Table 3.5**
Permissions File Keyword Definitions

Option	Class	Definition

LOGNAME	L	Specifies the login ids for remote sites that access the local site. LOGNAME=thumper LOGNAME=thumper:wabbit

MACHINE	M	When the named machine calls your computer, this option specifies the conditions that are in effect. MACHINE=wabbit MACHINE=wabbit:bugs

REQUEST	M, L	This option determines whether the remote system can set up UUCP transfers from your computer system. Allowable values are “yes” or “no.” REQUEST=no REQUEST=yes

SENDFILES	L	The value of this option determines whether the called site can execute locally queued jobs during a session. A value of “yes” means that your system may send jobs queued for the remote site as long as it is logged in using one of the names specified in the LOGNAME field. The default value is “call,” which means that the queued files are sent only when the local system calls the remote system. SENDFILES=yes SENDFILES=call

READ	M, L	Names the directories that uucico can read from when requesting files. The default is to use /usr/spool/uucppublic. Multiple directories can be named by putting colons between directory names. READ=/tmp:/usr/tmp:/usr/spool/uucppublic READ=/

NOREAD	M, L	Names the directories that are to be excluded from the READ list. NOREAD=/etc

WRITE	M, L	Names the directories that uucico can write to for depositing files. As with READ, the default directory is/usr/spool/uucppublic. WRITE=/tmp:/usr/tmp:/usr/spool/uucppublic WRITE=/

NWRITE	M, L	Identifies the directories that are excluded in the WRITE list. NOWRITE=/etc:/bin:/usr/bin

CALLBACK	L	Setting this value to “yes” instructs the local system to call the calling system back before allowing any work to be done. This is a good feature for enhanced security. Just make sure you don’t set both systems to CALLBACK=yes, or nothing will get done. CALLBACK=no CALLBACK=yes

COMMANDS	M	Defines the commands that the remote system can execute locally. The defaults are different from system to system, and are defined in the source code for uuxqt. Multiple commands can be listed by separating each with a colon. The keyword ALL is allowable and permits the use of all commands. Keep in mind, however, that this is a security problem. Do not include uucp as a command, unless you will allow other users to route UUCP jobs through your machine. COMMANDS=rmail COMMANDS=rmail:rnews:uucp COMMANDS=ALL

VALIDATE	L	Helps validate the calling system when potentially dangerous commands are executed. The value is a list of system names that are permitted to use this logname. Multiple names may be used. VALIDATE=unilabs VALIDATE=unilabs:wabbit

MYNAME	M	Used to circumvent the name length restrictions that were discussed earlier. Note, however, that MYNAME is used only when the local machine calls out, and not when a remote machine calls in. MYNAME=testdrive

PUBDIR	M, L	Specifies the name of the directory used for the public UUCP directory. Typically this is /usr/spool/uucppublic. PUBIDR=/usr/ftp

Keep in mind the following rules when defining Permissions entries for systems:

• Blanks are not allowed before or after the equal sign in the assignment.

• Multiple option=value pairs can be combined on a single line, but they must be separated by a space.

• Each line is one entry, although the line can be continued onto the next line by using the backslash (\) as a continuation character.

• Comment lines start with a pound (#) symbol, and end with a newline.

• Remote system names may appear in one and only one LOGNAME entry.

Some sample Permissions entries are shown as follows:

#
# For ANONYMOUS LOGINS
#
    LOGNAME=nuucp

# With this entry, any machine that calls in and logs in using the
# login name nuucp will use this LOGNAME entry, which sets the
# default values for the remote machine.
#
# For dealing with wabbit - AT&T 7300
#
    LOGNAME=wabbit    \
    MACHINE=wabbit    \
    REQUEST=yes        \
    SENDFILES=yes    \
    READ=/            \
    NOREAD=/etc        \
    WRITE=/tmp:/usr/tmp:/usr/spool/uucppublic    \
    COMMANDS=ALL

# This entry is used when “wabbit” logs in to your machine, or when
# you call wabbit. In both cases, the permissions are extensive and
# very liberal. If you manage both machines, this shouldn’t be a
# problem. Notice that even though wabbit can read files from any
# directory, access to /etc/ has been explicitly blocked off to
# prevent the retrieval of the password file.

Table of Contents