|
Previous | Table of Contents | Next |
Unfortunately, the USERFILE is unnecessarily complicated. The system administrator usually has to spend many hours debugging relatively simple problems. In many cases, the only clue that there is a problem is a loss of security, which usually isnt visible until data has already been compromised on your system!
To maintain consistent security and avoid the headaches associated with debugging USERFILE, keep these suggestions in mind when using uucico:
The exact operation and use of USERFILE can differ greatly depending on the implementation of Version 2 UUCP you receive. For this reason, make sure you check the documentation shipped with your operating system.
The following descriptions are for some special USERFILE entries. If no username is specified in the entry, as in the following, any user on the system can request outbound transfers of any file on your system.
,xray /
If you dont want to use an entry like this, you will need an entry for EVERY user on your system.
To allow uuxqt file access while uucico is in Slave mode, an entry with no system name must exist in the USERFILE:
nuucp, /usr/spool/uucppublic
This entry is used even when uuxqt is started on your local system! Based on what has been presented thus far, you would think that this entry would mean that any system logging in with a username of nuucp will have access to ./usr/spool/uucppublic. Although this may seem intuitive, this isnt exactly true. When the local uucico is in Slave mode, only the system name is used to validate file transfers that are requests.
You can also grant individual users special access permissions for certain systems, and then combine the system name and user name entry in the USERFILE file, but you should also have that system call in with its own login name and password. Here is one example:
uu101,thumper /usr/spool/uucppublic/ /usr/tmp /u/src
It is not uncommon to see people set up entries that look like this:
nuucp, /usr/spool/uucppublic nuucp,thumper /usr/spool/uucppublic nuucp,bugs /usr/spool/uucppublic
There is a problem with this arrangement however. There is nothing to prevent someone from changing the name of his or her system and then calling your system. The reason why this is a problem is that uucico doesnt use the login name when in Slave mode. The best way to limit this danger is to set up individual UUCP login names for each system that will be calling you.
L.cmds
The next component in the issue of security is that of remote command execution, which is defined in the L.cmds file. Typically, the administrator will restrict commands that can be run by a remote system. The L.cmds file is used to limit commands from the remote system. If the command in question is not listed in this file, execution of it via uux is denied. Usually, L.cmds contains one command: rmail.
The L.cmds on most systems contain the following entries:
rmail /usr/lib/uucp/uucico
This setup indicates that both the rmail and uucico commands can be executed by uux. Be careful when adding commands to this file. Even innocuous commands such as cat can be dangerous to your system.
SQFILE
Finally, SQFILE is used to track conversations that have taken place between machines. This is an optional file, and if you want to use conversation counts, you must create it in /usr/lib/uucp. SQFILE must be owned by uucp, and have a file mode of 400. For this to work, SQFILE has an entry in it for each file that your system wants to have conversation checks with. The remote system must also be configured to use SQFILE.
When the file is created, edit it to include the names of the files you want to monitor, one system per line. After the first call, uucico adds the number of conversations, and the date and time of the last contact.
When one system calls another, uucico compares the SQFILE information on the two systems. If they dont agree, the login fails. The log files on the calling system will then add a message indicating an SEQ number problem. To correct this, the two system administrators must get together and correct the files manually.
Previous | Table of Contents | Next |