narayan@tandem.UUCP (Narayan Mohanram) (06/02/88)
I have the HD UUCP from uport, but there is not documentation for setting up the Permssions file. Can somebody out there with a working copy of the permssions file for uucp, and news post a sample line. Thanks in advance. Narayan Mohanram
learn@igloo.UUCP (william vajk) (06/05/88)
In article <374@tandem.UUCP>, narayan@tandem.UUCP (Narayan Mohanram) writes: > I have the HD UUCP from uport, but there is not documentation for > setting up the Permssions file. Can somebody out there with a > working copy of the permssions file for uucp, and news post > a sample line. Strange, my copy had all sorts of docs, however.... Be very careful of permitting r and w to / as you have given the other system some strong permissions. Use tabs to set the spacing. MACHINE=OTHER \ COMMANDS=akcslink:rmail:rnews:Cakcslink LOGNAME=nuucp \ REQUEST=yes SENDFILES=yes MACHINE=chinet \ REQUEST=yes SENDFILES=yes LOGNAME=a-nodename \ REQUEST=yes SENDFILES=yes \ READ=/ WRITE=/ Good luck. Bill Vajk learn@igloo
bear@kuling.UUCP (Bjorn Sjoholm) (06/10/88)
In article <374@tandem.UUCP> narayan@tandem.UUCP (Narayan Mohanram) writes: >I have the HD UUCP from uport, but there is not documentation for >setting up the Permssions file. True, they don't supply much documentation for UUCP. > Can somebody out there with a >working copy of the permssions file for uucp, and news post >a sample line. Sure, here is ours (with host-names substituted!). We communicate with 3 hosts. 'host1' call us and we call them. They log in as 'Uhost1' 'host2' and 'host3' don't call us up, we call them. We are able to exchange news with all three hosts, we permit file-transfers to and from all three hosts, but only from /tmp and /usr/spool/uucppublic. Here is the file, hope it helps. /Bjorn # Entry for Host1 LOGNAME=Uhost1 MACHINE=host1 VALIDATE=host1 \ READ=/tmp:/usr/spool/uucppublic WRITE=/tmp:/usr/spool/uucppublic \ COMMANDS=rmail:rnews:uucp \ SENDFILES=yes REQUEST=yes # Host2 & Host3 MACHINE=host2:host3 \ READ=/tmp:/usr/spool/uucppublic WRITE=/tmp:/usr/spool/uucppublic \ COMMANDS=rmail:rnews:uucp \ REQUEST=yes -- Bjorn Sjoholm, UUCP: bear@stab.se (...!uunet!enea!stab!bear) Computer Science, ARPA: enea!stab!bear@uunet.uu.net University of Uppsala, Sweden Phone: +46 18 155097
bill@carpet.WLK.COM (Bill Kennedy) (06/14/88)
In article <721@kuling.UUCP> bear@stab.se (Bjorn Sjoholm) writes: >In article <374@tandem.UUCP> narayan@tandem.UUCP (Narayan Mohanram) writes: >>I have the HD UUCP from uport, but there is not documentation for >>setting up the Permssions file. [ most deleted, just adding on, Bjorn's last Permissions entry retained... ] ># Host2 & Host3 >MACHINE=host2:host3 \ > READ=/tmp:/usr/spool/uucppublic WRITE=/tmp:/usr/spool/uucppublic \ > COMMANDS=rmail:rnews:uucp \ > REQUEST=yes There is another dandy feature that you can put in, it's the MYNAME directive. This allows you to assume another identity for the session with the machine you are talking to. What? Why do that? This machine (name is "carpet") is a luggable that I take with me on the road. My main system's name is "ssbn". From time to time I need to do something with one of ssbn's neighbors and I don't want to ask the SA to have separate identical accounts for carpet and ssbn. With MYNAME=ssbn in carpet's Permissions file, each machine behaves as though ssbn was calling. There is another practical use for MYNAME. You can permit controlled access to your system for many systems by having them use MYNAME. You give them all a single log in ID and password and tell them to MYNAME=whatever in their Permissions. In your own Permissions file you put a single entry for all of them, LOGNAME=passwdname VALIDATE=whatever and the specific access you wish to allow. I use this to keep an archive for a rather large mailing list. I have no idea how many different sites use it. They all use the same log in ID/password and MYNAME to the same Permissions entry. I give them fairly generous READ permissions and fairly strict WRITE and COMMANDS permissions. MYNAME is also very handy if you need to help debug some other site's uucp connection. Your system can masquerade as the other site and you can help both of them figure out what is going wrong. I am fairly sure that MYNAME can be one thing in the MACHINE (we are calling them) and another in the LOGNAME (they are calling us) entries but I have not tried to be another name when called, only when calling. Two more inputs, a feature and a caution. There is a utility provided called uucheck. If you use uucheck with the -v option it will analyze your Permissions file and tell you, in clear text, how it will be used by uucico. It will also tell you if you made an obvious (to it :-) mistake. You should not use a changed Permissions file until you have sent it through uucheck. Finally, if you have duplicate MACHINE or LOGNAME entries in Permissions only the first one will be used. This can get pretty confusing if you want one form for one "nuucp" and another for another. In the above style I have LOGNAME=nuucp VALIDATE=site1:site2:site3:...:siten with a single set of permissions. When that doesn't do what I want, I assign another log in ID (maybe the same or no password) and make another Permissions entry for it. Sorry for the length but Permissions is a very undocumented part of HDB and one of the most useful features in it. The new edition of the Nutshell book on managing uucp is very helpful (they call HDB BNU). -- Bill Kennedy Internet: bill@ssbn.WLK.COM Usenet: { killer | att-cb | ihnp4!tness7 }!ssbn!bill
mg@gritty.UUCP (mitch geier) (06/14/88)
Since I have seen so many questions on the Permissions file and on security floating around in this news group I will tell you all what microport recomended to me which helped alot get the book: UNIX system security by: Patric H. Wood & Stephen G. Kochan Published by: hayden Mitch Geier {...}!rutgers!gritty!mg CECG Inc.