stuart@bms-at.UUCP (Stuart Gathman) (01/22/89)
After years of trying to use the userid field in /usr/lib/uucp/USERFILE,
I finally figured out what it is. It appears to be the userid of
the person initiating the request on the *remote* machine.
All this time I thought it was the uucp login assigned to the remote
machine. This seems incredible. The assumption seems to be that
all connected machines are trustworthy, and only users need be regarded
with suspicion. Any machine with any uucp password can masquerade as
any other machine.
Is this true? Is there any thing that can be done? (Other than
get HDB.) Is there any way to restrict a particular uucp login?
--
Stuart D. Gathman <stuart@bms-at.uucp>
<..!{vrdxhq|daitc}!bms-at!stuart>csg@pyramid.pyramid.com (Carl S. Gutekunst) (01/25/89)
In article <151@bms-at.UUCP> stuart@bms-at.UUCP (Stuart Gathman) writes: >After years of trying to use the userid field in /usr/lib/uucp/USERFILE, >I finally figured out what it is. It appears to be the userid of >the person initiating the request on the *remote* machine.... >Is this true? No, it's not. The userid field is always relative to the local machine. But it is much more complex than you probably suspect. Save yourself a lot of sweat and either lay your hands on a copy of the 4.3BSD man page for USERFILE (I can mail it to you if you want), or buy a copy of Tim O'Reilly's book _Managing_UUCP_and_Usenet_. Both have accurate descriptions of how USERFILE works. <csg>