UUCP Security and Maintenance
After you have set up UUCP, maintenance is straightforward. This section explains ongoing UUCP
tasks that relate to security, maintenance, and troubleshooting.
Setting Up UUCP Security
The default /etc/uucp/Permissions file provides the maximum amount of security for your UUCP
links. The default Permissions file contains no entries.
You can set additional parameters for each remote machine to define the following:
Ways that the remote machine can receive files from your machine
Directories for which the remote machine has read and write permission
Commands that the remote machine can use for remote execution
A typical Permissions entry follows:
MACHINE=datsun LOGNAME=Udatsun VALIDATE=datsun
COMMANDS=rmail REQUEST=yes SENDFILES=yes
This entry allows files to be sent and be received to and from
the “normal” UUCP directories, not from anywhere in the system. The entry also causes the
UUCP user name to be validated at login time.
Regular UUCP Maintenance
UUCP does not require much maintenance. However, you must ensure that the crontab file is
in place, as described in the section How to Start UUCP. Your concern should be the
growth of mail files and the public directory.
Email for UUCP
All email messages that are generated by the UUCP programs and scripts are sent
to the user ID uucp. If you do not log in frequently as
that user, you might not realize that mail is accumulating and consuming disk space.
To solve this problem, create an alias in /etc/mail/aliases and redirect that email either
to root or to yourself and others who are responsible for maintaining UUCP. Remember
to run the newaliases command after modifying the aliases file.
UUCP Public Directory
The directory /var/spool/uucppublic is the one place in every system to which UUCP
by default is able to copy files. Every user has permission to change to
/var/spool/uucppublic and read and write files in the directory. However, the directory's sticky bit
is set, so the directory's mode is 01777. As a result, users cannot remove
files that have been copied to it and that belong to uucp. Only
you, as UUCP administrator logged in as root or uucp, can remove files from
this directory. To prevent the uncontrolled accumulation of files in this directory, you should ensure
that you remove files from it periodically.
If this maintenance is inconvenient for users, encourage them to use uuto and uupick
rather than removing the sticky bit, which is set for security reasons. See the
uuto(1C) man page for instructions for using uuto and uupick. You can also restrict
the mode of the directory to only one group of people. If you do
not want to risk someone filling your disk, you can even deny UUCP access