USERFILE(5)                                                        USERFILE(5)


NAME
       USERFILE - UUCP pathname permissions file

DESCRIPTION
       The  USERFILE  file  specifies the file system directory trees that are
       accessible to local users and to remote systems via UUCP.

       Each line in USERFILE is of the form:

       [loginname],[system] [ c ] pathname [pathname] [pathname]

       The first two items are separated by a comma; any number of  spaces  or
       tabs  may  separate  the  remaining  items.  Lines beginning with a ‘#’
       character are comments.  A trailing ‘\’ indicates that the next line is
       a continuation of the current line.

       Loginname is a login (from /etc/passwd) on the local machine.

       System is the name of a remote machine, the same name used in L.sys(5).

       c denotes the optional callback field.  If a c appears here,  a  remote
       machine  that calls in will be told that callback is requested, and the
       conversation will be terminated.  The local system  will  then  immedi‐
       ately call the remote host back.

       Pathname is a pathname prefix that is permissible for this login and/or
       system.

       When uucico(8C) runs in master role or uucp(1C) or uux(1C) are  run  by
       local users, the permitted pathnames are those on the first line with a
       loginname that matches the name of the user who executed  the  command.
       If  no  such  line  exists,  then  the first line with a null (missing)
       loginname field is used.  (Beware: uucico is often run by the superuser
       or the UUCP administrator through cron(8).)

       When  uucico  runs  in slave role, the permitted pathnames are those on
       the first line with a system field that matches  the  hostname  of  the
       remote  machine.   If  no  such line exists, then the first line with a
       null (missing) system field is used.

       Uuxqt(8) works differently; it knows neither a login name nor  a  host‐
       name.   It accepts the pathnames on the first line that has a null sys
       tem field.  (This is the same line that is used by uucico when it  can‐
       not match the remote machine’s hostname.)

       A line with both loginname and system null, for example

              , /usr/spool/uucppublic

       can be used to conveniently specify the paths for both "no match" cases
       if lines earlier in USERFILE did not define them.  (This  differs  from
       older  Berkeley and all USG versions, where each case must be individu‐
       ally specified.  If neither case is defined earlier, a "null" line only
       defines the "unknown login" case.)

       To  correctly  process  loginname on systems that assign several logins
       per UID, the following strategy is used to determine the current login
       name:

       1)     If  the  process is attached to a terminal, a login entry exists
              in /etc/utmp, and the UID for the utmp name matches the  current
              real UID, then loginname is set to the utmp name.

       2)     If the USER environment variable is defined and the UID for this
              name matches the current real UID, then loginname is set to  the
              name in USER.

       3)     If  both  of the above fail, call getpwuid(3) to fetch the first
              name in /etc/passwd that matches the real UID.

       4)     If all of the above fail, the utility aborts.

FILES
       /usr/lib/uucp/USERFILE
       /usr/lib/uucp/UUAIDS/USERFILE   USERFILE example

SEE ALSO
       uucp(1C), uux(1C), L.cmds(5), L.sys(5), uucico(8C), uuxqt(8C)

NOTES
       The UUCP utilities (uucico, uucp, uux, and uuxqt) always have access to
       the  UUCP  spool  files  in /usr/spool/uucp, regardless of pathnames in
       USERFILE.

       If uucp is listed in L.cmds(5), then a remote system will execute  uucp
       on the local system with the USERFILE privileges for its login, not its
       hostname.

       Uucico freely switches between master and slave roles during the course
       of  a  conversation,  regardless of the role it was started with.  This
       affects how USERFILE is interpreted.

WARNING
       USERFILE restricts access only on strings that the UUCP utilities iden‐
       tify  as  being  pathnames.   If the wrong holes are left in other UUCP
       control files (notably L.cmds), it can be easy for an intruder to  open
       files  anywhere  in  the  file system.  Arguments to uucp(1C) are safe,
       since it assumes all of its non-option arguments  are  files.   Uux(1C)
       cannot make such assumptions; hence, it is more dangerous.

BUGS
       The  UUCP  Implementation Description explicitly states that all remote
       login names must be  listed  in  USERFILE.   This  requirement  is  not
       enforced by Berkeley UUCP, although it is by USG UUCP.

       Early  versions  of  4.2BSD uuxqt(8) erroneously check UUCP spool files
       against the USERFILE pathname permissions.  Hence, on these systems  it
       is necessary to specify /usr/spool/uucp as a valid path on the USERFILE
       line used by uuxqt.  Otherwise, all uux(1C) requests are rejected  with
       a "PERMISSION DENIED" message.


4.3 Berkeley Distribution       April 24, 1986                     USERFILE(5)
 
Generated: 2016-12-26
Generated by man2html V0.25
page hit count: 721
Valid CSS Valid XHTML 1.0 Strict