Controlling Access to UUCP Features
UUCP is quite a flexible system. With that flexibility comes a need to carefully control access to its features to prevent abuse, whether it be intentional or accidental. The primary features of concern to the UUCP administrator are remote command execution, file transfer, and forwarding. Taylor UUCP provides a means of limiting the freedom that remote UUCP hosts have in exercising each of these features. With careful selection of permissions, the UUCP administrator can ensure that the host’s security is preserved.
Command Execution
UUCP’s task is to copy files from one system to another and to request execution of certain commands on remote hosts. Of course, you as an administrator would want to control what rights you grant other systems—allowing them to execute any command they choose on your system is definitely not a good idea.
By default, the only commands Taylor UUCP allows other systems to execute on
your machine are rmail and rnews, which
are commonly used to exchange email and Usenet News over UUCP. To change the
set of commands for a particular system, you can use the
commands
keyword in the
sys
file. Similarly, you may want to limit the search
path to just those directories containing the allowed commands. You can
change the search path allowed for a remote host with the
command-path
statement. For instance,
you may want to allow system
pablo to execute the
bsmtp command in addition to rmail
and rnews:[99]
system pablo ... ...
Get Linux Network Administrator's Guide, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.