Книга: Linux Network Administrator Guide, Second Edition

Providing UUCP Accounts

Providing UUCP Accounts

To begin with, you have to set up user accounts that let remote sites log into your system and establish a UUCP connection. Generally, you will provide a separate login name to each system that polls you. When setting up an account for system pablo, you might give it the username Upablo. There is no enforced policy on login names; they can be just about anything, but it will be convenient for you if the login name is easily related to the remote host name.

For systems that dial in through the serial port, you usually have to add these accounts to the system password file /etc/passwd. It is good practice to put all UUCP logins in a special group, such as uuguest. The account's home directory should be set to the public spool directory /var/spool/uucppublic; its login shell must be uucico.

To serve UUCP systems that connect to your site over TCP, you have to set up inetd to handle incoming connections on the uucp port by adding the following line to /etc/inetd.conf:[101]

uucp stream tcp nowait root /usr/sbin/tcpd /usr/lib/uucp/uucico -l

The -l option makes uucico perform its own login authorization. It prompts for a login name and a password just like the standard login program, but relies on its private password database instead of /etc/passwd. This private password file is named /etc/uucp/passwd and contains pairs of login names and passwords:

Upablo  IslaNegra
Ulorca  co'rdoba

This file must be owned by uucp and have permissions of 600.

Does this database sound like such a good idea that you would like to use it on normal serial logins, too? Well, in some cases you can. What you need is a getty program that you can tell to invoke uucico instead of /bin/login for your UUCP users.[102] The invocation of uucico would look like this:

/usr/lib/uucp/uucico -l -u user

The -u option tells it to use the specified user name rather than prompting for it.[103]

To protect your UUCP users from callers who might give a false system name and snarf all their mail, you should add called-login commands to each system entry in the sys file. This is described in the next section.

Оглавление книги


Генерация: 0.047. Запросов К БД/Cache: 0 / 0
поделиться
Вверх Вниз