The Permissions file
- Which systems can establish a uucico connection
- The areas in the file system that a remote system can read or write from
- The commands that the remote system can run on the local system
- If the local system will process its waiting work when contacted by another system
- An alias for the local system
- A different public directory
LOGNAME=userid [MACHINE=system] option=value [option=value] …
or MACHINE=system [LOGNAME=userid] option=value [option=value] …
where option is
one of the options and value is one or more values
that you want to set for that option. Options and values are case-sensitive.
When specifying multiple values for an option, separate the values
with a colon (:). Here is a sample entry: MACHINE=ME READ=/ WRITE=/ COMMANDS=ALL
MACHINE=site1:site2:SITE3 \
READ=/ \
WRITE=/ \
COMMANDS=uucp:cat:ls
LOGNAME=NUUCP \
READ=/ \
WRITE=/ \
SENDFILES=yes \
DEBUG=9 \
VALIDATE=site1:site2:SITE3
The Permissions file can also contain blank lines (which are ignored) and comment lines. To indicate that a line is a comment line, use a number sign (#) as the first character in the line.
LOGNAME
option or
the MACHINE
option, or both. Both options are used
to identify an entry that applies to a remote system when it is processing
its file transfer requests. The difference between them is based
on which system initiates the connection: LOGNAME=userid
entries apply to a remote system when it initiates the connection by logging onto your system as userid.MACHINE=system
entries apply to a remote system when your system initiates the call to system.
If your system initiates the connection, your system first processes
any queued file transfer requests that it has. When this is complete,
the remote system can indicate that it has file transfer requests
queued on its system that it would like to process. If the correct
permissions are set, control switches to the remote system which then
processes its file transfer requests. At this point, the MACHINE
entry
options are used for the remote system.
If your system does not need to differentiate Permissions options
based on which system initiates the call, then LOGNAME
and MACHINE
can
appear in the same entry.
LOGNAME
and MACHINE
options: - LOGNAME
- Indicates the user IDs that remote systems can use when logging on to your system. For z/OS systems, these names must be specified in uppercase unless USERIDALIASTABLE is used to define lowercase or mixed-case aliases. See USERIDALIASTABLE for more information about defining user aliases.
- MACHINE
- Specified as
MACHINE=system
, this indicates the remote systems that your system can call using the other options specified in this entry. The system name specified here must also be specified as a system in the systems file. If you set this option toOTHER
, the options specified apply to any remote system not specified by aMACHINE
option in another entry. For remote systems, these names are typically uppercase. Contact the remote system's UUCP administrator to make sure that the names are uppercase.Permissions for uux commands (which are executed by uuxqt) are based on
MACHINE
entries regardless of which system initiates the call.
LOGNAME
or MACHINE
entries,
or with both. Options are marked with an (L) or an (M) to indicate
that they are intended for LOGNAME
or MACHINE
entries
or for both (L,M). An option used in an entry for which it is not
intended will be ignored. - READ
- (L,M) Indicates which directories uucico can read. By default, this is the home directory of user uucp (/usr/spool/uucppublic). Remember that uucico runs with the effective UID of UUCP, so you must permit the uucp user or uucpg group to read from these directories.
- WRITE
- (L,M) Indicates which directories uucico can write to. By default, this is /usr/spool/uucppublic, the home directory of user uucp. Remember that uucico runs with the effective UID of UUCP, so you must permit the uucp user or uucpg group to write to these directories.
- NOREAD
- (L,M) Indicates that files in the specified directories cannot
be read. If a directory is specified by both
READ
andNOREAD
, files in that directory cannot be read. The public directory can always be read (even if specified onNOREAD
). - NOWRITE
- (L,M) Indicates that files in the specified directories cannot
be written to. If a directory is specified by both
WRITE
andNOWRITE
, files in that directory cannot be written to. The public directory can always be written to (even if specified onNOWRITE
). - PUBDIR
- (L,M) Indicates the public directory. By default, this is the
home directory of user uucp (/usr/spool/uucppublic). If you are going to change PUBDIR on your system, you need to have an additional
MACHINE
entry for your local site. Consider this example:
When uucp processes this command it looks for auucp remote_site!/file1 local_site!˜/file1
MACHINE=local_site
entry to find the value forPUBDIR
. - DEBUG
- (L,M) Indicates the verbosity of the debugging information. Set this to a number between 0 and 9. Level 0 provides terse debug messages while level 9 provides verbose output. This output is stored in /usr/spool/uucp/LOGFILE to aid you in debugging communications problems when remote systems call you.
- REQUEST
- (L,M) Indicates whether requests made by remote systems to transfer
data from your system are allowed. This option can be used to protect
data on your system from being read by remote systems.
- If set to
yes
, remote systems can read data from those directories it is authorized to read from. - If set to
no
, a remote system can write data to your system, but cannot read data irrespective of the value of the READ option. This is the default.
- If set to
- SENDFILES
- (L) Indicates if your system will process its own queued file
transfer requests after the remote system has initiated the connection
and completed its file transfer requests. The SENDFILES option allows
the local system to control when its queued file transfer requests
are processed.
- If this option is set to
yes
, your system will process its queued requests after the remote system has completed processing its own. - If this option is set to
call
, your system will only process its own file transfer requests when it initiates the connection with the remote system. This is the default.
- If this option is set to
- VALIDATE
- (L) Names the remote systems that can login to your system using
the user IDs given by
LOGNAME
. If another system attempts to login using this user ID, uucico refuses the connection. - COMMANDS
- (M) Indicates the commands that the remote system can execute
on your system. By default, the uucp command is not permitted, which means that by default your local system is a terminal, or leaf-node, connection. To allow a remote system to transfer files through your local system, specify uucp for the
COMMANDS
option.- To specify more than one command, separate the command names with
a colon (:). For example,
COMMANDS=uucp:ls
. - To prohibit all commands, do not use the
COMMANDS
option. - To allow access to all commands, set this option to
ALL
.
- To specify more than one command, separate the command names with
a colon (:). For example,
- MYNAME
- (M) Tells the remote system that the name of your local system is the specified value rather than the name given by uname -n.
LOGNAME=uwest MACHINE=west READ=/ WRITE=/ \
COMMANDS=uucp:mail NOREAD=/usr/private \
NOWRITE=/usr/private SENDFILES=yes REQUEST=yes \
VALIDATE=west
LOGNAME=nuucp MACHINE=OTHER REQUEST=yes \
SENDFILES=call
The first entry in this file specifies
the options that are in effect when a remote system logs in as uwest.
Because of the VALIDATE=west
option, the only remote
system that can use this user ID is West. When West calls North and
logs in as uwest, it can read from and write to all directories
except the ones starting with /usr/private and
can execute the commands uucp and mail on
North's system. This entry also includes the MACHINE=west
option,
meaning the options given also apply when North has called West and
control has been transferred to North's uucico utility.
Because REQUEST=yes
and SENDFILES=yes
,
either system can request or send working files.The second entry specifies the options in effect when a remote
system logs in with the NUUCP user ID. Because MACHINE=OTHER
,
these options will also apply when North has called any remote system
except west (which has its own entry) and control has been transferred
to North's uucico. Files can only be read from or
written to the /usr/spool/uucppublic directory
(no READ or WRITE options to change the default). Either system can
request files from the other, but working files are only transferred
from north when it calls the remote system.