693-695.html

linux-unix130.linux.and.unix.ebooks130 linux and unix ebookslinuxLearning Linux - Collection of 12 E

<HTML>
<HEAD>
<TITLE>Linux Unleashed, Third Edition:UUCP</TITLE>
<SCRIPT>
<!--
function displayWindow(url, width, height) {
        var Win = window.open(url,"displayWindow",'width=' + width +
',height=' + height + ',resizable=1,scrollbars=yes');
}
//-->
</SCRIPT>
</HEAD>

 -->


<!--ISBN=0672313723//-->
<!--TITLE=Linux Unleashed, Third Edition//-->
<!--AUTHOR=Tim Parker//-->
<!--PUBLISHER=Macmillan Computer Publishing//-->
<!--IMPRINT=Sams//-->
<!--CHAPTER=39//-->
<!--PAGES=693-695//-->
<!--UNASSIGNED1//-->
<!--UNASSIGNED2//-->

<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="691-693.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="695-696.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>
<P><BR></P>
<H3><A NAME="Heading9"></A><FONT COLOR="#000077">UUCP Security</FONT></H3>
<P>The permissions of the UUCP configuration files must be carefully set to allow UUCP to function properly, as well as to allow better security for the system. Simply stated, the files should all be owned by <TT>uucp</TT>, and the group should be <TT>uucp</TT> on most systems that have that group in the <TT>/etc/group</TT> file. The ownerships can be set either by making all the file changes while logged in as <TT>uucp</TT> or by setting the changes as <TT>root,</TT> and then issuing the following commands when you are in the <TT>/usr/lib/uucp</TT> directory:</P>
<!-- CODE SNIP //-->
<PRE>
chown uucp *
chgrp uucp *
</PRE>
<!-- END CODE SNIP //-->
<P>As a security precaution, you should set a strong password for the <TT>uucp</TT> login if there is one on your system. Some versions of Linux do not supply a password by default, leaving the system wide open for anyone who can type <TT>uucp</TT> at the login prompt!</P>
<P>The file permissions should be set very tightly, preferably to read-write (and execute for directories) only for the owner (<TT>uucp</TT>). The group and other permissions should be blanked because a read access can give valuable login information, as well as passwords to someone.</P>
<P>When UUCP logs in to a remote system, it requires a password and login. This information is contained in the <TT>/usr/lib/uucp/sys</TT> or <TT>/usr/lib/uucp/Systems</TT> files and should be protected to prevent unauthorized snooping by setting file ownerships and permissions as mentioned.</P>
<P>If you have several systems connecting into yours, they can all use the same <TT>uucp</TT> login and password, or you can assign new logins and passwords as you need them. All you need to do is create a new <TT>/etc/passwd</TT> entry for each login (with a different login name from <TT>uucp</TT>, such as <TT>uucp1</TT>, <TT>uucp_arthur</TT>, and so forth) and a unique <TT>passwd</TT>. The remote system can then use that login to access your system. When you create new UUCP users in the <TT>/etc/passwd</TT>, force them to use <TT>uucico</TT> only to prevent access to other areas of your system. For example, the login <TT>uucp1</TT>, shown here, forces <TT>uucico</TT> as the <TT>startup</TT> command:</P>
<!-- CODE SNIP //-->
<PRE>
uucp1::123:52:UUCP Login for Arthur:/usr/spool/uucppublic:/usr/lib/uucp/
uucico
</PRE>
<!-- END CODE SNIP //-->
<P>The home directory is set to the <TT>uucppublic</TT> directory, and <TT>uucico</TT> is the only startup program that can be run. Using different logins for remote machines also allows you to grant different access permissions for each system, preventing unwanted access.</P>
<P>You should also carefully control the commands that remote systems can execute on your local machine. This is done through the permissions fields of the local access file and should be monitored carefully to prevent abuse and unauthorized access. In a similar manner, if you are allowing forwarding of files through your system, you should control who is allowed to forward and where they are forwarded to.</P>
<P>Most important of all is to ensure that whoever accesses your system on a regular basis is someone you want access to be granted to. Don&#146;t leave your system wide open for anyone to enter because you are guaranteeing yourself disaster. Carefully watch logins and make sure file permissions and ownerships are properly set at all times.</P>
<H3><A NAME="Heading10"></A><FONT COLOR="#000077">Using UUCP</FONT></H3>
<P>Once you have configured UUCP, you can use it to transfer files and email. In order to use UUCP, you have to know the addressing syntax which is different from what you may know from the Internet. The UUCP address syntax is
</P>
<!-- CODE SNIP //-->
<PRE>
machine!target
</PRE>
<!-- END CODE SNIP //-->
<P><I>machine</I> is the remote machine name and <I>target</I> is the name of the user or file that you are trying to get to. For example, to send mail to the user <TT>yvonne</TT> on machine <TT>arthur</TT>, use the <TT>mail</TT> command with the following destination username</P>
<!-- CODE SNIP //-->
<PRE>
mail arthur!yvonne
</PRE>
<!-- END CODE SNIP //-->
<P>UUCP lets you move through several machines to get to a target. This can help save on telephone bills or make a much wider network available to you from a small number of connections. Suppose you want to send mail to a user called <TT>bill</TT> on a system called <TT>warlock</TT>, which isn&#146;t in your configuration files but can be connected to through <TT>arthur</TT>. If you have permission to send mail through the system <TT>arthur</TT> (called a <I>hop</I>), you can send the mail with this command:</P>
<!-- CODE SNIP //-->
<PRE>
mail arthur!warlock!bill
</PRE>
<!-- END CODE SNIP //-->
<P><BR></P>
<CENTER>
<TABLE BORDER>
<TR>
<TD><A HREF="691-693.html">Previous</A></TD>
<TD><A HREF="../ewtoc.html">Table of Contents</A></TD>
<TD><A HREF="695-696.html">Next</A></TD>
</TR>
</TABLE>
</CENTER>


</td>
</tr>
</table>
<!-- begin footer information -->



</body></html>