Security and the Permissions file

Consider the following security issues when using the Permissions file.

The /etc/uucp/Permissions file determines:

  • Remote login user names for logging in to the local system
  • Approved commands and privileges for remote systems logging in to the local system.

The /etc/uucp/Permissions file contains two types of entries:

Item Description
LOGNAME Defines login names and the privileges associated with them. LOGNAME entries take effect when a remote system calls the local system and attempts to log in.
MACHINE Defines machine names and the privileges associated with them. MACHINE entries take effect when the remote system attempts to carry out commands on the local system.

Options in the Permissions file enable you to establish various levels of security for each remote system. For example, if many remote systems share one login ID on the local system, use the VALIDATE option to require each remote system to use a unique login ID. The SENDFILES, REQUEST, and CALLBACK options specify which system has control, keeping the local system in control of transactions if necessary.

The READ, WRITE, NOREAD, and NOWRITE options define access to specific directories on the local system. These options also control where on your system remote users can place data. The COMMANDS option limits the number of commands users on remote systems can execute on the local system. The COMMANDS=ALL option allows total privileges to systems closely associated with your system.

Attention: The COMMANDS=ALL option can seriously jeopardize the security of your system.