1USERFILE(5)                   File Formats Manual                  USERFILE(5)


6       USERFILE - UUCP pathname permissions file


9       The  USERFILE  file  specifies the file system directory trees that are
10       accessible to local users and to remote systems via UUCP.
12       Each line in USERFILE is of the form:
14       [loginname],[system] [ c ] pathname [pathname] [pathname]
16       The first two items are separated by a comma; any number of  spaces  or
17       tabs  may  separate  the  remaining  items.  Lines beginning with a `#'
18       character are comments.  A trailing `\' indicates that the next line is
19       a continuation of the current line.
21       Loginname is a login (from /etc/passwd) on the local machine.
23       System is the name of a remote machine, the same name used in L.sys(5).
25       c  denotes  the optional callback field.  If a c appears here, a remote
26       machine that calls in will be told that callback is requested, and  the
27       conversation  will  be  terminated.  The local system will then immedi‐
28       ately call the remote host back.
30       Pathname is a pathname prefix that is permissible for this login and/or
31       system.
33       When  uucico(8)  runs  in  master  role or uucp(1) or uux(1) are run by
34       local users, the permitted pathnames are those on the first line with a
35       loginname  that  matches the name of the user who executed the command.
36       If no such line exists, then the  first  line  with  a  null  (missing)
37       loginname field is used.  (Beware: uucico is often run by the superuser
38       or the UUCP administrator through cron(8).)
40       When uucico runs in slave role, the permitted pathnames  are  those  on
41       the  first  line  with  a system field that matches the hostname of the
42       remote machine.  If no such line exists, then the  first  line  with  a
43       null (missing) system field is used.
45       Uuxqt(8)  works  differently; it knows neither a login name nor a host‐
46       name.  It accepts the pathnames on the first line that has a null  sys‐
47       tem  field.  (This is the same line that is used by uucico when it can‐
48       not match the remote machine's hostname.)
50       A line with both loginname and system null, for example
52              , /usr/spool/uucppublic
54       can be used to conveniently specify the paths for both "no match" cases
55       if  lines  earlier in USERFILE did not define them.  (This differs from
56       older Berkeley and all USG versions, where each case must be  individu‐
57       ally specified.  If neither case is defined earlier, a "null" line only
58       defines the "unknown login" case.)
60       To correctly process loginname on systems that  assign  several  logins
61       per UID, the following strategy is used to determine the current login‐
62       name:
64       1)     If the process is attached to a terminal, a login  entry  exists
65              in /var/run/utmp, and the UID for the utmp name matches the cur‐
66              rent real UID, then loginname is set to the utmp name.
68       2)     If the USER environment variable is defined and the UID for this
69              name  matches the current real UID, then loginname is set to the
70              name in USER.
72       3)     If both of the above fail, call getpwuid(3) to fetch  the  first
73              name in /etc/passwd that matches the real UID.
75       4)     If all of the above fail, the utility aborts.


78       /etc/uucp/USERFILE
79       /etc/uucp/UUAIDS/USERFILE   USERFILE example


82       uucp(1), uux(1), L.cmds(5), L.sys(5), uucico(8), uuxqt(8)


85       The UUCP utilities (uucico, uucp, uux, and uuxqt) always have access to
86       the UUCP spool files in /usr/spool/uucp,  regardless  of  pathnames  in
87       USERFILE.
89       If  uucp is listed in L.cmds(5), then a remote system will execute uucp
90       on the local system with the USERFILE privileges for its login, not its
91       hostname.
93       Uucico freely switches between master and slave roles during the course
94       of a conversation, regardless of the role it was  started  with.   This
95       affects how USERFILE is interpreted.


98       USERFILE restricts access only on strings that the UUCP utilities iden‐
99       tify as being pathnames.  If the wrong holes are  left  in  other  UUCP
100       control  files (notably L.cmds), it can be easy for an intruder to open
101       files anywhere in the file system.   Arguments  to  uucp(1)  are  safe,
102       since  it  assumes  all  of its non-option arguments are files.  Uux(1)
103       cannot make such assumptions; hence, it is more dangerous.


106       The UUCP Implementation Description explicitly states that  all  remote
107       login  names  must  be  listed  in  USERFILE.   This requirement is not
108       enforced by Berkeley UUCP, although it is by USG UUCP.
110       Early versions of 4.2BSD uuxqt(8) erroneously check  UUCP  spool  files
111       against  the USERFILE pathname permissions.  Hence, on these systems it
112       is necessary to specify /usr/spool/uucp as a valid path on the USERFILE
113       line used by uuxqt.  Otherwise, all uux(1) requests are rejected with a
114       "PERMISSION DENIED" message.
1184.3 Berkeley Distribution      November 27, 1996                   USERFILE(5)