Next: Protecting Yourself Against Swindlers Up: Setting up your System Previous: Setting up getty

Providing UUCP Accounts

Next, you have to set up user accounts that let remote sites log into your system and establish a UUCP connection. Generally, you will provide a separate login name to each system that polls you. When setting up an account for system pablo, you would probably give it Upablo as the user name.

For systems that dial in through the serial port, you usually have to add these accounts to the system password file, /etc/passwd. A good practice is to put all UUCP logins in a special group such as uuguest. The account's home directory should be set to the public spool directory /var/spool/uucppublic; its login shell must be uucico.

If you have the shadow password suite installed, you can do this with the useradd command:

           # useradd -d /var/spool/uucppublic -G uuguest -s /usr/lib/uucp/uucic
If you don't use the shadow password suite, you probably have to edit /etc/passwd by hand, adding a line like that shown below, where 5000 and 150 are the numerical uid and gid assigned to user Upablo and group uuguest, respectively.
           Upablo:x:5000:150:UUCP Account:/var/spool/uucppublic:/usr/lib/uucp/u
After installing the account, you have to activate it by setting its password with the passwd command.

To serve UUCP systems that connect to your site over TCP, you have to set up inetd to handle incoming connections on the uucp port. You do this by adding the following line to /etc/inetd.conf:gif

           uucp   stream  tcp   nowait  root  /usr/sbin/tcpd  /usr/lib/uucp/uuc
The -l option makes uucico perform its own login authorization. It will prompt for a login name and a password just like the standard login program, but will rely on its private password database instead of /etc/passwd. This private password file is named /usr/lib/uucp/passwd and contains pairs of login names and passwords:
           Upablo  IslaNegra
           Ulorca  co'rdoba
Of course, this file must be owned by uucp and have permissions of 600.

If this database sounds like such a good idea you would like to use on normal serial logins, too, you will be disappointed to hear that this isn't possible at the moment without major contortions. First off, you need Taylor UUCP-1.05 for this, because it allows getty to pass the login name of the calling user to uucico using the -u option.gif Then, you have to trick the getty you are using into invoking uucico instead of the usual /bin/login. With getty_ps, you can do this by setting the LOGIN option in the configuration file. However, this disables interactive logins altogether. mgetty, on the other hand, has a nice feature that allows you to invoke different login commands based on the name the user provided. For instance, you can tell mgetty to use uucico for all users that provide a login name beginning with a capital U, but let everyone else be handled by the standard login command.

To protect your UUCP users from callers giving a false system name and snarfing all their mail, you should add called-login commands to each system entry in the sys file. This is described in section-gif above.

Next: Protecting Yourself Against Swindlers Up: Setting up your System Previous: Setting up getty

Andrew Anderson
Thu Mar 7 23:22:06 EST 1996