1USERFILE(5) File Formats Manual USERFILE(5)
2
3
4
6 USERFILE - UUCP pathname permissions file
7
9 The USERFILE file specifies the file system directory trees that are
10 accessible to local users and to remote systems via UUCP.
11
12 Each line in USERFILE is of the form:
13
14 [loginname],[system] [ c ] pathname [pathname] [pathname]
15
16 The first two items are separated by a comma; any number of spaces or
17 tabs may separate the remaining items. Lines beginning with a `#'
18 character are comments. A trailing `\' indicates that the next line is
19 a continuation of the current line.
20
21 Loginname is a login (from /etc/passwd) on the local machine.
22
23 System is the name of a remote machine, the same name used in L.sys(5).
24
25 c denotes the optional callback field. If a c appears here, a remote
26 machine that calls in will be told that callback is requested, and the
27 conversation will be terminated. The local system will then immedi‐
28 ately call the remote host back.
29
30 Pathname is a pathname prefix that is permissible for this login and/or
31 system.
32
33 When uucico(8) runs in master role or uucp(1) or uux(1) are run by
34 local users, the permitted pathnames are those on the first line with a
35 loginname that matches the name of the user who executed the command.
36 If no such line exists, then the first line with a null (missing)
37 loginname field is used. (Beware: uucico is often run by the superuser
38 or the UUCP administrator through cron(8).)
39
40 When uucico runs in slave role, the permitted pathnames are those on
41 the first line with a system field that matches the hostname of the
42 remote machine. If no such line exists, then the first line with a
43 null (missing) system field is used.
44
45 Uuxqt(8) works differently; it knows neither a login name nor a host‐
46 name. It accepts the pathnames on the first line that has a null sys‐
47 tem field. (This is the same line that is used by uucico when it can‐
48 not match the remote machine's hostname.)
49
50 A line with both loginname and system null, for example
51
52 , /usr/spool/uucppublic
53
54 can be used to conveniently specify the paths for both "no match" cases
55 if lines earlier in USERFILE did not define them. (This differs from
56 older Berkeley and all USG versions, where each case must be individu‐
57 ally specified. If neither case is defined earlier, a "null" line only
58 defines the "unknown login" case.)
59
60 To correctly process loginname on systems that assign several logins
61 per UID, the following strategy is used to determine the current login‐
62 name:
63
64 1) If the process is attached to a terminal, a login entry exists
65 in /var/run/utmp, and the UID for the utmp name matches the cur‐
66 rent real UID, then loginname is set to the utmp name.
67
68 2) If the USER environment variable is defined and the UID for this
69 name matches the current real UID, then loginname is set to the
70 name in USER.
71
72 3) If both of the above fail, call getpwuid(3) to fetch the first
73 name in /etc/passwd that matches the real UID.
74
75 4) If all of the above fail, the utility aborts.
76
78 /etc/uucp/USERFILE
79 /etc/uucp/UUAIDS/USERFILE USERFILE example
80
82 uucp(1), uux(1), L.cmds(5), L.sys(5), uucico(8), uuxqt(8)
83
85 The UUCP utilities (uucico, uucp, uux, and uuxqt) always have access to
86 the UUCP spool files in /usr/spool/uucp, regardless of pathnames in
87 USERFILE.
88
89 If uucp is listed in L.cmds(5), then a remote system will execute uucp
90 on the local system with the USERFILE privileges for its login, not its
91 hostname.
92
93 Uucico freely switches between master and slave roles during the course
94 of a conversation, regardless of the role it was started with. This
95 affects how USERFILE is interpreted.
96
98 USERFILE restricts access only on strings that the UUCP utilities iden‐
99 tify as being pathnames. If the wrong holes are left in other UUCP
100 control files (notably L.cmds), it can be easy for an intruder to open
101 files anywhere in the file system. Arguments to uucp(1) are safe,
102 since it assumes all of its non-option arguments are files. Uux(1)
103 cannot make such assumptions; hence, it is more dangerous.
104
106 The UUCP Implementation Description explicitly states that all remote
107 login names must be listed in USERFILE. This requirement is not
108 enforced by Berkeley UUCP, although it is by USG UUCP.
109
110 Early versions of 4.2BSD uuxqt(8) erroneously check UUCP spool files
111 against the USERFILE pathname permissions. Hence, on these systems it
112 is necessary to specify /usr/spool/uucp as a valid path on the USERFILE
113 line used by uuxqt. Otherwise, all uux(1) requests are rejected with a
114 "PERMISSION DENIED" message.
115
116
117
1184.3 Berkeley Distribution November 27, 1996 USERFILE(5)