 |
Index for
Section 4 |
|
 |
Alphabetical
listing for P |
|
 |
Bottom of
page |
|
Permissions(4)
NAME
Permissions - Contains information about the permissions that remote
computers have with respect to login, file access, and command execution
SYNOPSIS
/usr/lib/uucp/Permissions
DESCRIPTION
The /usr/lib/uucp/Permissions file contains information about the ways in
which the remote computers listed in the Systems file are allowed to carry
out uucico and uuxqt transactions with a local system.
Be aware that entries in a Permissions file do not affect a remote system
user with a valid login on the local computer.
Note that you must have root user authority to edit the Permissions file,
which is owned by the uucp login ID.
The Permissions file has two types of entries:
· LOGNAME specifies the permissions that take effect when a remote
system logs in. These entries begin with LOGNAME.
· MACHINE specifies permissions that take effect when your system calls
a remote system. These entries begin with MACHINE.
Both type of entries consist of option-value pairs. You can have as many of
these option-value pairs as you want and can write entries for all or only
some of the remote sites.
Options
REQUEST
Specifies whether the remote system can request to set up file
transfers from your system. The default is not to allow such requests.
This option can be used in either LOGNAME or MACHINE entries.
SENDFILES
Specifies whether your system can send the work queued for the remote
system when the remote system initiates the call. The default is call;
that is, the queued files are sent only when the local system calls the
remote system. This option is used in LOGNAME entries.
READ
Specifies from which directories uucico can read. The default is the
/usr/spool/uucppublic directory. This option can be used in either
LOGNAME or MACHINE entries. If multiple pathnames are specified,
separate them with a colon (:).
WRITE
Specifies to which directories uucico can write. The default is the
/usr/spool/uucpublic directory. This option can be used in either
LOGNAME or MACHINE entries. If multiple pathnames are specified,
separate them with a colon (:).
NOREAD and NOWRITE
Specify exceptions to the READ and WRITE options. These options can be
used in either LOGNAME or MACHINE entries. If multiple pathnames are
specified, separate them with a colon (:).
COMMANDS
Specifies the commands that a remote system can request to be executed
on the local system. The default is rmail command. If multiple commands
are specified, separate them with a colon(:). This option is used in
MACHINE entries.
CALLBACK
Specifies whether any transactions can occur without the local system
calling the remote system. The default is no, that is, the local system
must initiate the call to the remote system before any transactions are
allowed. If both the remote and local systems use CALLBACK, they will
not be able to initiate any jobs. This option can be used in LOGNAME
entries.
VALIDATE
Used to verify the calling system's identity. The values for this
option should be the system name or the names of systems allowed to log
in using the name specified by LOGNAME. If a system other than those
specified in VALIDATE tries to use the name specified by LOGNAME, the
connection will be refused. If multiple systems are specified, separate
them with a colon (:). This option is used with the LOGNAME entries.
Rules for Writing Permissions File Entries
The following rules apply for writing Permissions file entries:
· Each option-value pair has the following format:
option=value
Blank spaces are not allowed before or after the equal sign.
· A blank space is used to separate option-value pairs. If an option has
one or more values, the values are separated with a colon.
· Comment lines begin with a number sign (#) and end with a new line.
· The backslash (\) is used as a continuation character to continue a
line on to the next line on the screen.
· Blank lines are ignored.
· All login IDs used by remote systems must appear in one and only one
LOGNAME entry.
· If you do not want to grant permissions to each system by name, the
entry MACHINE=OTHER will assign permissions to any system not
mentioned by name.
· You can combine MACHINE and LOGNAME entries into a single entry if the
options are the same.
EXAMPLES
1. The following example allows remote system buck to log in with login
ID Luucp1. The VALIDATE option means that the login ID uucp1 can only
be used by remote system buck. The REQUEST option means that remote
system buck can request files to be transferred from the local system.
The SENDFILES option means that any requests queued on the local
system for work on the remote system will be sent to the remote system
during the current session if allowed by remote system buck. The READ
and WRITE options mean that remote system can read and write from and
to any directory that has proper permissions.
LOGNAME=uucp1 REQUEST=yes SENDFILES=yes \
VALIDATE=buck READ=/ WRITE=/ MACHINE=buck \
REQUEST=yes COMMANDS=ALL READ=/ WRITE=/
2. The following example has all the default values of the options, which
are as follows:
· REQUEST=no,
· SENDFILES=call
· READ and WRITE=/usr/spool/uucppublic
· COMMANDS=rmail
· CALLBACK=no
The remote system cannot ask to receive any queued files containing
work that users on the local system have requested to be executed on
the remote system. The local system cannot send queued work to the
remote system when that system has completed its current operations.
Instead, the queued work can be sent only when the local system
contacts the remote system. The remote system can send (write) files
to and transfer (read) files from only the uucp public directory
(/usr/spool/uucppublic/system_name) on the local system. Users on the
remote system can execute only the default command (rmail) on the
local system.
LOGNAME=uucp2
MACHINE=buck:bigguy
3. The following example is similar to the first. However, this entry
allows the remote users of systems waldo and buck to execute only the
rmail and /usr/lbin/rnews commands:
LOGNAME=uucp3 VALIDATE=waldo:buck REQUEST=yes \
SENDFILES=yes READ=/ WRITE=/ \
MACHINE=waldo:buck REQUEST=yes \
COMMANDS=rmail:/usr/lbin/rnews READ=/ WRITE=\
4. The following example specifies that all remote systems using the
uucp4 login ID that are not included in existing MACHINE entries can
execute the rmail (mail) and /usr/bin/lint commands on the local
system:
LOGNAME=uucp4
MACHINE=OTHER COMMANDS=rmail:/usr/bin/lint
5. The following example shows how the MACHINE and LOGNAME entry can be
combined into one entry. The remote host is darla. The remote system
darla should use the login ID xuucp to log in to local system. The
rest of the options have the same meaning as explained in the first
example.
MACHINE=darla LOGNAME=xuucp READ=/ WRITE=/ \
REQUEST=yes SENDFILES=yes
FILES
/usr/lib/uucp/*
Contains all the configuration files for the UNIX-to-UNIX Copy
Program (UUCP), including the Devices file.
/usr/lib/uucp/Systems
Describes accessible remote systems.
RELATED INFORMATION
Files: Systems(4)
|
Index for
Section 4 |
|
|
Alphabetical
listing for P |
|
 |
Top of
page |
|