UUCP is quite a flexible system. With that flexibility comes a need to carefully control access to its features to prevent abuse, whether it be intentional or accidental. The primary features of concern to the UUCP administrator are remote command execution, file transfer, and forwarding. Taylor UUCP provides a means of limiting the freedom that remote UUCP hosts have in exercising each of these features. With careful selection of permissions, the UUCP administrator can ensure that the host’s security is preserved.
UUCP’s task is to copy files from one system to another and to request execution of certain commands on remote hosts. Of course, you as an administrator would want to control what rights you grant other systems—allowing them to execute any command they choose on your system is definitely not a good idea.
By default, the only commands Taylor UUCP allows other systems to execute on
your machine are rmail and rnews, which
are commonly used to exchange email and Usenet News over UUCP. To change the
set of commands for a particular system, you can use the
commands keyword in the
sys file. Similarly, you may want to limit the search
path to just those directories containing the allowed commands. You can
change the search path allowed for a remote host with the
command-path statement. For instance,
you may want to allow system
pablo to execute the
bsmtp command in addition to rmail
system pablo ... commands rmail rnews bsmtp
Taylor UUCP also allows you to fine-tune file transfers in great
detail. At one extreme, you can disable transfers to and from a
particular system. Just set
no, and the remote system will not be able
to either retrieve files from your system or send it any
files. Similarly, you can prohibit your users from transferring files
to or from a system by setting
no. By default, users on both the local
and the remote system are allowed to upload and download files.
In addition, you can configure the directories that files may be
copied to and from. Usually you will want to restrict access from
remote systems to a single directory hierarchy, but still allow your
users to send files from their home directory. Commonly, remote users are
allowed to receive files only from the public UUCP directory
/var/spool/uucppublic. This is the traditional
place to make files publicly available, very much like FTP servers on
Taylor UUCP provides four different commands to configure the directories for sending and receiving files. They are: local-send, which specifies the list of directories a user may ask UUCP to send files from; local-receive, which gives the list of directories a user may ask to receive files to; and remote-send and remote-receive, which do the analogous for requests from a foreign system. Consider the following example:
system pablo ... local-send /home ~ local-receive /home ~/receive remote-send ~ !~/incoming !~/receive remote-receive ~/incoming
The local-send command allows
users on your host to send any files below
and from the public UUCP directory to pablo. The local-receive
command allows them to
receive files either to the world-writable
receive directory in the
uucppublic, or any world-writable directory below
/home. The remote-send
directive allows pablo to request files from
/var/spool/uucppublic, except for files from the
directories. This is signaled to uucico by
preceding the directory names with exclamation marks. Finally, the
last line allows pablo to
upload files to incoming.
A major problem with file transfers using UUCP is that it receives files only to directories that are world-writable. This may tempt some users to set up traps for other users. However, there’s no way to escape this problem outside of disabling UUCP file transfers altogether.
UUCP provides a mechanism to have other systems execute file transfers on your behalf. For instance, suppose your system has uucp access to a system called seci, but not to another system called uchile. This allows you to make seci retrieve a file from uchile for you and send it to your system. The following command would achieve this:
uucp -r seci!uchile!~/find-ls.gz ~/uchile.files.gz
This technique of passing a job through several systems is called forwarding. On your own UUCP system, you would want to limit the forwarding service to a few hosts you trust not to run up a horrendous phone bill by making you download the latest X11R6 source release for them.
By default, Taylor UUCP prohibits forwarding altogether. To enable
forwarding for a particular system, you can use the
forward command. This command specifies a
list of sites the system may request you to forward jobs to and
from. For instance, the UUCP administrator of seci would have to add the following
lines to the
sys file to allow
pablo to request files from uchile:
#################### # pablo system pablo ... forward uchile #################### # uchile system uchile ... forward-to pablo
forward-to entry for
uchile is necessary so that any files
returned by it are actually passed on to
pablo. Otherwise UUCP would drop them.
This entry uses a variation of the
forward command that permits
uchile to send files only to
seci, not the other way round.
To permit forwarding to any system, use the special keyword
ANY (capital letters required).