UUCP Security and Maintenance
After you have set up UUCP, maintenance is straightforward. This section explains ongoing UUCP tasks with regard to security, maintenance, and troubleshooting.
Setting Up UUCP Security
The default /etc/uucp/Permissions file provides the maximum amount of security for your UUCP links. The default Permissions file contains no entries.
You can set additional parameters for each remote machine to define:
-
Ways the remote machine can receive files from your machine
-
Directories for which the remote machine has read and write permission
-
Commands the remote machine can use for remote execution
A typical Permissions entry is:
MACHINE=datsun LOGNAME=Udatsun VALIDATE=datsun COMMANDS=rmail REQUEST=yes SENDFILES=yes |
This entry allows files to be sent and received (to and from the "normal" UUCP directories, not from anywhere in the system) and causes the UUCP user name to be validated at login time.
Regular UUCP Maintenance
UUCP does not require much maintenance. Apart from making sure that the crontab file is in place, as described in the section "How to Start UUCP", all you have to worry about is the growth of mail files and the public directory.
Email for UUCP
All email messages generated by the UUCP programs and scripts go to the user ID uucp. If you do not log in frequently as that user, you might not realize that mail is accumulating (and consuming disk space). To solve this, make an alias in /etc/mail/aliases and redirect that email either to root or to yourself and others responsible for maintaining UUCP. Remember to run the newaliases command after modifying the aliases file.
UUCP Public Directory
The directory /var/spool/uucppublic is the one place in every system to which UUCP by default is able to copy files. Every user has permission to change to /var/spool/uucppublic and read and write files in it. However, its sticky bit is set, so its mode is 01777. As a result, users cannot remove files that have been copied to it and that belong to uucp. Only you, as UUCP administrator logged in as root or uucp, can remove files from this directory. To prevent the uncontrolled accumulation of files in this directory, you should make sure to clean it up periodically.
If this is inconvenient for users, encourage them to use uuto and uupick rather than removing the sticky bit, which is set for security reasons. (See the uuto(1C) man page for instructions for using uuto and uupick.) You can also restrict the mode of the directory to only one group of people. If you do not want to run the risk of someone filling your disk, you can even deny UUCP access to it.
- © 2010, Oracle Corporation and/or its affiliates