Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!julius.cs.uiuc.edu!apple!portal!cup.portal.com!thad From: thad@cup.portal.com (Thad P Floryan) Newsgroups: comp.unix.aux Subject: Re: UUCP on A/UX Message-ID: <35428@cup.portal.com> Date: 31 Oct 90 08:02:38 GMT References: <3654@idunno.Princeton.EDU> <1990Oct30.194230.5378@blackbox.lonestar.org> <1990Oct31.023133.10127@servalan.uucp> Organization: The Portal System (TM) Lines: 118 rmtodd@servalan.uucp (Richard Todd) in <1990Oct31.023133.10127@servalan.uucp> writes: That'd be a really neat trick, since A/UX UUCP doesn't *have* a Permissions file ... That said, I'd definitely suspect some problem with the permissions setup and config file somewhere. Make sure that the L.sys file is readable by UUCP (and no one else) and has the proper system name in it and that the USERFILE looks reasonable ... >An excellent reference for managing UUCP is found in "Managing uucp and >Usenet" (O'Reilly, T, and Todino, G.; 1990 O'Reilly and Associates). Agreed. Don't even think of administering a UUCP setup without a copy of this book. True. I don't want to sound smug, but it really took all of about 2 minutes to setup A/UX UUCP's config files. As a starter (assuming you've all the system entries in L.sys (and/or Systems), your /usr/lib/uucp/USERFILE should look something like: , / uucp, / nuucp, / root, / From that point, you can (using the info in the O'Reilly book) proceed to establish more stringent security if desired. I've uucp'd to/from A/UX using both V2 and HDB uucp without any problems. Hmmm, someone references a 1990 edition of the O'Reilly book. The older edition(s) lack a LOT of setup for HDB (e.g. multiple Systems files and other services, use of CLOCAL, etc.) but that doesn't affect UUCP operation under A/UX. If you're really security conscious, you can also enable dialup password protection (yeah, it works in A/UX 2.0) using a management program that was posted to Usenet a year or so ago. AT&T flatly refuses to document this feature and, at the SVR4 developers' conference, indicated again their refusal to "officially" support the feature even though it's been in /bin/login for a l-o-n-g while (do a "strings" on it to see the hints and clues :-). Surprising (to me), I only had to recompile the program on A/UX and everything worked right off. To give you an idea of what I mean, following is an excerpt from dpasswd's README; the program itself is available (source, natch!) at osu-cis (aka cheops.cis.ohio-state.edu, IP 128.146.8.62) and I've tested it with SVR2, SVR3.* and SVR4. The program is by Lenny Tropiano and was initially on the 3B1/UNIXPC (for those wondering why the tty line numbers are so high (up to 255 supported) and what /dev/ph0 and /dev/ph1 are (built-in phone lines for the built-in modem)): `` For those who are unsure what I'm talking about, here's a brief explanation. /bin/login will look in a file called /etc/dialups for tty devices that are to be declared as "dialups". The format of the file is /dev/tty names terminated by newline. If the login tty is found in /etc/dialups, it will then go to /etc/d_passwd, and look for your "login-default shell" in there. The format of this file is: login_default_shell_path:encrypted_passwd: If your shell is there, it will then prompt you for "Dialup Password:" after you enter your initial password correctly. If you enter the dialup password incorrectly, you will be denied login. What you can do with this, is allow everything but /bin/sh, and /bin/ksh to get in without a secondary passwords. (This will prevent having to give people with uucp logins another password -- you can give them one, if you so desire with login shell /usr/lib/uucp/uucico). Sample files are as follows: /etc/dialups: ------------- /dev/tty000 /dev/ph1 /etc/d_passwd: -------------- /bin/sh:xeH0weIpa941Q: /bin/ksh:UeH0wlIpW0gyQ: Usage: dpasswd [-v] [-d] -p program -t terminal -v turn verbose on -d delete restriction -p program add (or delete) restriction for program (use full pathname) -t terminal add (or delete) restriction for terminal (don't use "/dev/") eg. # dpasswd -t tty001 -p /bin/sh # dpasswd -t /dev/ph1 # dpasswd -p /bin/ksh # dpasswd -v -t tty001 dpasswd: Dialup terminal restriction added for /dev/tty001. # dpasswd -v -t tty001 dpasswd: Terminal /dev/tty001 already found in /etc/dialups. # dpasswd -v -t ph1 -p /bin/ksh New Dialup Password: Retype Dialup Password: dpasswd: Dialup terminal restriction added for /dev/ph1. dpasswd: Dialup program restriction added for /bin/ksh. # dpasswd -v -d -t ph1 -p /bin/ksh dpasswd: Dialup terminal restriction removed for /dev/ph1. dpasswd: Dialup program restriction removed for /bin/ksh. Appropriate diagnostics will be given for all cases (hopefully). '' Thad Floryan [ thad@cup.portal.com (OR) ..!sun!portal!cup.portal.com!thad ]