USERFILE(8)USERFILE(8)NAMEUSERFILE - UUCP pathname permissions file
DESCRIPTION
The USERFILE file specifies the file system directory
trees that are accessible to local users and to remote
systems via UUCP.
Each line in USERFILE is of the form:
[loginname],[system] [ c ] pathname [pathname] [pathname]
The first two items are separated by a comma; any number
of spaces or tabs may separate the remaining items. Lines
beginning with a `#' character are comments. A trailing
`\' indicates that the next line is a continuation of the
current line.
Loginname is a login (from /etc/passwd) on the local
machine.
System is the name of a remote machine, the same name used
in L.sys(5).
c denotes the optional callback field. If a c appears
here, a remote machine that calls in will be told that
callback is requested, and the conversation will be
terminated. The local system will then immediately call
the remote host back.
Pathname is a pathname prefix that is permissible for this
login and/or system.
When uucico(8) runs in master role or uucp(1) or uux(1)
are run by local users, the permitted pathnames are those
on the first line with a loginname that matches the name
of the user who executed the command. If no such line
exists, then the first line with a null (missing)
loginname field is used. (Beware: uucico is often run by
the superuser or the UUCP administrator through cron(8).)
When uucico runs in slave role, the permitted pathnames
are those on the first line with a system field that
matches the hostname of the remote machine. If no such
line exists, then the first line with a null (missing)
system field is used.
Uuxqt(8) works differently; it knows neither a login name
nor a hostname. It accepts the pathnames on the first
line that has a null system field. (This is the same line
that is used by uucico when it cannot match the remote
machine's hostname.)
A line with both loginname and system null, for example
UUCP 1
USERFILE(8)USERFILE(8)
, /var/spool/uucppublic
can be used to conveniently specify the paths for both "no
match" cases if lines earlier in USERFILE did not define
them. (This differs from older Berkeley and all USG
versions, where each case must be individually specified.
If neither case is defined earlier, a "null" line only
defines the "unknown login" case.)
To correctly process loginname on systems that assign
several logins per UID, the following strategy is used to
determine the current loginname:
1) If the process is attached to a terminal, a login
entry exists in /etc/utmp, and the UID for the utmp
name matches the current real UID, then loginname
is set to the utmp name.
2) If the USER environment variable is defined and the
UID for this name matches the current real UID,
then loginname is set to the name in USER.
3) If both of the above fail, call getpwuid(3) to
fetch the first name in /etc/passwd that matches
the real UID.
4) If all of the above fail, the utility aborts.
FILES
/etc/uucp/USERFILE
SEE ALSOuucp(1), uux(1), L.cmds(5), L.sys(5), uucico(8), uuxqt(8)NOTES
The UUCP utilities (uucico, uucp, uux, and uuxqt) always
have access to the UUCP spool files in /var/spool/uucp,
regardless of pathnames in USERFILE.
If uucp is listed in L.cmds(5), then a remote system will
execute uucp on the local system with the USERFILE
privileges for its login, not its hostname.
Uucico freely switches between master and slave roles
during the course of a conversation, regardless of the
role it was started with. This affects how USERFILE is
interpreted.
WARNINGUSERFILE restricts access only on strings that the UUCP
utilities identify as being pathnames. If the wrong holes
are left in other UUCP control files (notably L.cmds), it
can be easy for an intruder to open files anywhere in the
file system. Arguments to uucp(1) are safe, since it
UUCP 2
USERFILE(8)USERFILE(8)
assumes all of its non-option arguments are files. Uux(1)
cannot make such assumptions; hence, it is more dangerous.
BUGS
The Installation and Operation of UUCP explicitly states
that all remote login names must be listed in USERFILE.
This requirement is not enforced by Berkeley UUCP,
although it is by USG UUCP.
Early versions of 4.2BSD uuxqt(8) erroneously check UUCP
spool files against the USERFILE pathname permissions.
Hence, on these systems it is necessary to specify
/var/spool/uucp as a valid path on the USERFILE line used
by uuxqt. Otherwise, all uux(1) requests are rejected
with a "PERMISSION DENIED" message.
UUCP 3