lsg27.htm

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<P>where MACHINE identifies the remote machine's name, LOGNAME is the name the users of the remote machine use to log in (or you use to log in to their system), COMMANDS are the commands they can execute on your local system, READ is the list of directories from which they can read files, WRITE is the list of directories where they can write files, SENDFILES means that they can send files (yes or no), and REQUEST means that they can request files from your system (yes or no). Notice the slashes at the end of the first four lines. These slashes are a typical UUCP convention to indicate that this code is a single long line broken up for readability.



<BR>



<P>A complete entry for the remote system wizard shows that it is allowed to both send and receive files, but only from the /usr/spool/uucppublic directory, and it can only execute mail and uucp commands (the later transfers files):



<BR>



<PRE>



<FONT COLOR="#000080">MACHINE=wizard LOGNAME=uucp1 \



 COMMANDS=rmail: uucp \



 READ=/usr/spool/uucppublic: \



 WRITE=/usr/spool/uucppublic: \



 SENDFILES=yes REQUEST=yes</FONT></PRE>



<P>To prevent the remote system from sending files, change SENDFILES to no. To prevent the remote system from requesting files, change REQUEST to no.



<BR>



<BR>



<A NAME="E68E152"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>Understanding UUCP Connection</B><B>s</B></FONT></CENTER></H3>



<BR>



<P>When UUCP connects to a remote machine, it follows a particular series of steps. You can better understand the configuration files UUCP uses and the processes that are involved by following through a typical session. UUCP uses uucico (UUCP Call In/Call Out) to handle the process of connecting and sending information. You can start a UUCP connection with the uucico command followed by the remote system name:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">uucico -s arthur</FONT></PRE>



<P>When uucico starts, it examines the /usr/lib/uucp/sys file (Taylor UUCP) or the /usr/lib/uucp/Systems file (HDB UUCP) to see whether the remote system name exists there. When it finds the proper remote system name, uucico reads the rest of the entries for that system, including the port to be used. From there, uucico uses /usr/lib/uucp/port and /usr/lib/uucp/dial (Taylor UUCP) or /usr/lib/uucp/Devices and /usr/lib/uucp/Dialers (HDB UUCP) to start the modem connection (assuming it is a modem used to establish the session, of course). When the modem is in use, uucico creates a lock on it so that no other application can use it (the lock is a file starting with LCK.. and followed by the device name, such as LCK..cua0).



<BR>



<P>After the chat scripts for setting up and dialing the modem have been executed and the remote system is connected, uucico uses the chat script in the /usr/lib/uucp/sys file or the /usr/lib/uucp/Systems file to log in to the remote system. After the the local system is logged into the remote system, the remote machine starts up its copy of uucico, and the two uucico processes establish handshaking. After the handshaking has been established, uucico goes ahead and handles any transfers that are queued. When finished with the session, the local machine checks that the remote has nothing further to send, and then breaks the connection. Finally, uucico terminates.



<BR>



<BR>



<A NAME="E69E168"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Direct Connections</B></FONT></CENTER></H4>



<BR>



<P>If your two machines are directly connected(no modems involved in the connection), through a serial port for example, you can use UUCP as a simple network protocol for file transfer. The only changes to the configuration files mentioned earlier are in the port specification. Instead of using a modem device, you specify a direct connection. For example, in the /usr/lib/uucp/sys file (Taylor UUCP), you would have an entry like the following:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">port direct1</FONT></PRE>



<P>A matching entry in the /usr/lib/uucp/port file would look like the following:



<BR>



<PRE>



<FONT COLOR="#000080">port direct1



type direct



speed 38400



device /dev/cua1</FONT></PRE>



<P>These entries specify the the port that uses the direct connection and the speed of the connection. The entries in the HDB UUCP version are similar, using the /usr/lib/uucp/Systems and /usr/lib/uucp/Devices files.



<BR>



<BR>



<A NAME="E69E169"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Login Scripts</B></FONT></CENTER></H4>



<BR>



<P>The login scripts that form part of the /usr/lib/uucp/sys or /usr/lib/uucp/Systems file can be the most difficult part of a UUCP connection to get correct. If the machine you are logging into is a typical UNIX system, you usually only have to worry about the login and password prompts. Other systems may require some special handling to gain access. For this reason, the login script is worth a quick look.



<BR>



<P>Generally, the layout of the login script is in a pattern-action pair, with the pattern coming from the remote machine and the action from the local machine. The simple login scripts shown earlier serve as an example:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">login: merlin password: secret1</FONT></PRE>



<P>In this case, the local system waits until it sees the string login: coming from the remote system, sends merlin, waits for password:, and then sends secret1. You can simplify the script a little by cutting out extra letters from the remote system, because all you really need are the last couple of characters and the colon. You could write the script as follows:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">gin: merlin word: secret1</FONT></PRE>



<P>This type of script has a good use. If the remote system sends Login: instead of login:, the shortened script works and the longer script doesn't.



<BR>



<P>One useful feature of the uucicio login script is its capability to wait for the remote machine to reset itself (or start a getty process, more likely). To implement this feature, you use a hyphen and the word BREAK in the script to tell uucico to send a break sequence if the remote site doesn't respond in a timely manner. Look at the following sample script:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">ogin:-BREAK-ogin: merlin sword: secret1</FONT></PRE>



<P>In this case, if the remote machine doesn't respond with a ogin: prompt after a short period of time, the local machine sends a break sequence and waits for the prompt again.



<BR>



<P>You can use a few special characters in the login script. The most important ones for most UUCP purposes are the following:



<BR>







<TABLE  BORDERCOLOR=#000040 BORDER=1 CELLSPACING=2 WIDTH="100%" CELLPADDING=2 >



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\c



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Suppress sending carriage return (send only)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\d



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Delay one second (send only)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\p



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Pause for a fraction of a second (send only)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\t



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Send a tab (send and receive)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\r



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Send a carriage return (send and receive)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\s



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Send a space (send and receive)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\n



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Send a newline (send and receive)</FONT>



<TR>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



\\



</FONT>



<TD VALIGN=top  BGCOLOR=#80FFFF ><FONT COLOR=#000080>



Send a backslash (send and receive)</FONT>



</TABLE><P>Sometimes you need to use one or more of the characters to get the remote machine to respond to a modem login. For example, the script



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">\n\r\p ogin: merlin word: secret1</FONT></PRE>



<P>sends a carriage return-line feed pair before starting to match characters. This action is usually enough to get the remote machine to start a getty on the port.



<BR>



<BR>



<A NAME="E69E170"></A>



<H4 ALIGN=CENTER>



<CENTER>



<FONT SIZE=4 COLOR="#FF0000"><B>Access Times</B></FONT></CENTER></H4>



<BR>



<P>Both Taylor and HDB UUCP versions let you specify a time to call the remote systems. Although the previous examples show Any (meaning the system can be called at any time, day or night), you may want to restrict calls to certain times or to certain days of the week. The reason for limiting calls may be at your end (costs, for example) or at the remote (limited access times during the day, for example).



<BR>



<P>To specify particular days of the week to allow calls, use a two-character abbreviation of the day (Mo, Tu, We, Th, Fr, Sa, Su), Wk for weekdays (Monday through Friday), Any (for any time), or Never (for not allowed to connect). You can use any combination of the days. The times for connecting are specified as a range in 24-hour format when a time span is required. If no time is given, the systems assume that anytime during the day is allowed.



<BR>



<P>Dates and times are run together without spaces; commas separate subsequent entries. Examples of restricted access times are as follows:



<BR>



<PRE>



<FONT COLOR="#000080">Wk1800-0730



MoWeFi



Wk2300-2400, SaSu</FONT></PRE>



<P>The first example allows connection only on weekdays between 6:00 PM and 7:30 AM. The second example allows connection any time on Monday, Wednesday, and Friday. The last example allows connections only between 11:00 PM and midnight on weekdays and any time on weekends. You can build up any time and date specifications you want. These guidelines apply to both Taylor and HDB UUCP versions.



<BR>



<BR>



<A NAME="E68E153"></A>



<H3 ALIGN=CENTER>



<CENTER>



<FONT SIZE=5 COLOR="#FF0000"><B>UUCP Security</B></FONT></CENTER></H3>



<BR>



<P>The permissions of the UUCP configuration files must be properly set to enable UUCP to function properly, as well as to provide better security for the system. The files should all be owned by uucp, and uucp should be the group on most systems that have that group in the /etc/group file. You can set the ownerships either by making all the file changes explained previously while logged in as uucp or by setting the changes as root and then issuing the commands



<BR>



<PRE>



<FONT COLOR="#000080">chown uucp *



chgrp uucp *</FONT></PRE>



<P>when you are in the /usr/lib/uucp directory. As a security precaution, set a strong password for the uucp login if one exists on your system. Some versions of Linux do not supply a password by default, leaving the system wide open for anyone who can type uucp at the login prompt!



<BR>



<P>Set the file permissions very tightly, preferably to read-write-execute only for the owner (uucp). Blank the group and other permissions&#151; a read access can give valuable login information, as well as passwords, to someone. When UUCP logs into a remote system, it requires a password and login. The /usr/lib/uucp/sys and /usr/lib/uucp/Systems files contain this information. To protect them from unauthorized snooping, set file ownerships and permissions as mentioned.



<BR>



<P>If you have several systems connecting into yours, they can all use the same uucp login and password, or you can assign new logins and passwords as you need them. All you need to do is create a new /etc/passwd entry for each login (with a different login name from uucp, such as uucp1, uucp_arthur, and so on) and a unique password. The remote system can then use that login to access your system. When you create the new UUCP user in the /etc/passwd directory, force the user to use uucico only to prevent access to other areas of your system. For example, the following uucp1 login forces uucico as the startup command:



<BR>



<BR>



<PRE>



<FONT COLOR="#000080">uucp1::100:1:UUCP Login for Arthur:/usr/spool/uucppublic:/usr/lib/uucp/uucico</FONT></PRE>



<P>The home directory is set to the uucppublic directory, and uucico is the only startup program that can be run. Using different logins for remote machines also allows you to grant different access permissions for each system, preventing unwanted access.



<BR>



<P>Carefully control the commands that remote systems can execute on your local machine through the permissions fields of the local access file. Monitor these fields carefully to prevent abuse and unauthorized access. In a similar manner, if you are allowing forwarding of files through your system, control who is allowed to forward files and where the files are forwarded to.



<BR>