System Administration Guide: Network Services

UUCP Security and Maintenance

After you have set up UUCP, maintenance is straightforward. This section explains ongoing UUCP tasks that relate to security, maintenance, and troubleshooting.

Setting Up UUCP Security

The default /etc/uucp/Permissions file provides the maximum amount of security for your UUCP links. The default Permissions file contains no entries.

You can set additional parameters for each remote machine to define the following:

Ways that the remote machine can receive files from your machine
Directories for which the remote machine has read and write permission
Commands that the remote machine can use for remote execution

A typical Permissions entry follows:

MACHINE=datsun LOGNAME=Udatsun VALIDATE=datsun 
COMMANDS=rmail REQUEST=yes SENDFILES=yes

This entry allows files to be sent and be received to and from the “normal” UUCP directories, not from anywhere in the system. The entry also causes the UUCP user name to be validated at login time.

Regular UUCP Maintenance

UUCP does not require much maintenance. However, you must ensure that the crontab file is in place, as described in the section How to Start UUCP. Your concern should be the growth of mail files and the public directory.

Email for UUCP

All email messages that are generated by the UUCP programs and scripts are sent to the user ID uucp. If you do not log in frequently as that user, you might not realize that mail is accumulating and consuming disk space. To solve this problem, create an alias in /etc/mail/aliases and redirect that email either to root or to yourself and others who are responsible for maintaining UUCP. Remember to run the newaliases command after modifying the aliases file.

UUCP Public Directory

The directory /var/spool/uucppublic is the one place in every system to which UUCP by default is able to copy files. Every user has permission to change to /var/spool/uucppublic and read and write files in the directory. However, the directory's sticky bit is set, so the directory's mode is 01777. As a result, users cannot remove files that have been copied to it and that belong to uucp. Only you, as UUCP administrator logged in as root or uucp, can remove files from this directory. To prevent the uncontrolled accumulation of files in this directory, you should ensure that you remove files from it periodically.

If this maintenance is inconvenient for users, encourage them to use uuto and uupick rather than removing the sticky bit, which is set for security reasons. See the uuto(1C) man page for instructions for using uuto and uupick. You can also restrict the mode of the directory to only one group of people. If you do not want to risk someone filling your disk, you can even deny UUCP access to it.