Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cbosgd!ucbvax!hplabs!pyramid!csg From: csg@pyramid.UUCP (Carl S. Gutekunst) Newsgroups: net.unix,net.unix-wizards,net.bugs.uucp Subject: Re: multiple uucp logins sharing uids and hard links to ttys Message-ID: <564@pyramid.UUCP> Date: Fri, 8-Aug-86 21:06:05 EDT Article-I.D.: pyramid.564 Posted: Fri Aug 8 21:06:05 1986 Date-Received: Sun, 10-Aug-86 05:30:21 EDT References: <248@decvax.UUCP> Reply-To: csg@pyramid.UUCP (Carl S. Gutekunst) Organization: Pyramid Technology Corp., Mountain View, CA Lines: 44 Xref: watmath net.unix:8856 net.unix-wizards:19131 net.bugs.uucp:777 In article <248@decvax.UUCP> marc@decvax.UUCP (Marc Teitelbaum) writes: >I've seen a lot on the net recently about both uucp login uids and >links to tty devices. Some correct observations, and some incorrect. >Anyway, heres what i know about this topic. If you think i've missed >something please send me mail first before posting to everyone. Thanks, Marc; I was wondering how Ultrix handles this. I don't think you missed a thing; I just wanted to add a couple of details for other systems: - To determine the user name, 4.2bsd UUCP uses a two-step process that sounds identical to Ultrix. It also verifies the UID of the login name returned by getlogin() with a call to getpwnam(), a check that should never fail. 4.2bsd uucico does *no* login verification, so linked devices and multiple names per UID will not affect it. However, uucp, uux, and uucico (in master role) *do* verify names against the USERFILE for pathname permissions. So you won't see RLOGIN, but you may see "Access to path/file denied" when you weren't expecting it. - 4.3bsd uses the following *three* step process: Call getlogin(); if getlogin returns NULL, retrieve the USER environment variable; if this is also NULL, call getpwuid(). The return values from getlogin() and getenv("USER") are verified by calling getpwnam(); this makes more sense since it's easy to put bogus values in the environment. Like 4.2bsd, 4.3bsd does not do login verification; instead it verifies the remote hostname (or nodename, for you SV people :-)) against L.sys. (This is called "NOSTRANGERS" mode, and was borrowed conceptually from HoneyDanBer.) The uucp, uux, and uucico master role checks still apply. - SVR2 (VAX Version) uucico does login verification, but uses only getpwent() to find the user name. (System V has the getlogin() call, so there's no reason why UUCP couldn't use it. But it doesn't.) It's thus unaffected by linked devices. It does mean, though, that when you have several names per UID, it checks USERFILE for the first one in /etc/passwd. - HoneyDanBer (SVR2.4 (3B version) and SVR3) finds the user name the same way that 4.2bsd does. It verifies the login against the Permissions file, and sends "RLOGIN" when the name cannot be found. It's thus the most similar to Ultrix of the UUCPs I've described here. In addition, HDB will validate the remote hostname if the /usr/lib/uucp/remote.unkown file exists and is executable ("NOSTRANGERS" mode).