By default, the only commands Taylor UUCP allows other systems to execute on your machine are rmail and rnews, which are commonly used to exchange email and Usenet News over UUCP. To change the set of commands for a particular system, you can use the commands keyword in the sys file. Similarly, you may want to limit the search path to just those directories containing the allowed commands. You can change the search path allowed for a remote host with the command-path statement. For instance, you may want to allow system pablo to execute the bsmtp command in addition to rmail and rnews:[99]

system          pablo

...

commands        rmail rnews bsmtp

Taylor UUCP also allows you to fine-tune file transfers in great detail. At one extreme, you can disable transfers to and from a particular system. Just set request to no, and the remote system will not be able to either retrieve files from your system or send it any files. Similarly, you can prohibit your users from transferring files to or from a system by setting transfer to no. By default, users on both the local and the remote system are allowed to upload and download files.

In addition, you can configure the directories that files may be copied to and from. Usually you will want to restrict access from remote systems to a single directory hierarchy, but still allow your users to send files from their home directory. Commonly, remote users are allowed to receive files only from the public UUCP directory /var/spool/uucppublic. This is the traditional place to make files publicly available, very much like FTP servers on the Internet.[100]

Taylor UUCP provides four different commands to configure the directories for sending and receiving files. They are: local-send, which specifies the list of directories a user may ask UUCP to send files from; local-receive, which gives the list of directories a user may ask to receive files to; and remote-send and remote-receive, which do the analogous for requests from a foreign system. Consider the following example:

system          pablo

...

local-send      /home ~

local-receive   /home ~/receive

remote-send     ~ !~/incoming !~/receive

remote-receive  ~/incoming

The local-send command allows users on your host to send any files below /home and from the public UUCP directory to pablo. The local-receive command allows them to receive files either to the world-writable receive directory in the uucppublic, or any world-writable directory below /home. The remote-send directive allows pablo to request files from /var/spool/uucppublic, except for files from the incoming and receive directories. This is signaled to uucico by preceding the directory names with exclamation marks. Finally, the last line allows pablo to upload files to incoming.

A major problem with file transfers using UUCP is that it receives files only to directories that are world-writable. This may tempt some users to set up traps for other users. However, there's no way to escape this problem outside of disabling UUCP file transfers altogether.

UUCP provides a mechanism to have other systems execute file transfers on your behalf. For instance, suppose your system has uucp access to a system called seci, but not to another system called uchile. This allows you to make seci retrieve a file from uchile for you and send it to your system. The following command would achieve this:

$ uucp -r seci!uchile!~/find-ls.gz ~/uchile.files.gz

This technique of passing a job through several systems is called forwarding. On your own UUCP system, you would want to limit the forwarding service to a few hosts you trust not to run up a horrendous phone bill by making you download the latest X11R6 source release for them.

By default, Taylor UUCP prohibits forwarding altogether. To enable forwarding for a particular system, you can use the forward command. This command specifies a list of sites the system may request you to forward jobs to and from. For instance, the UUCP administrator of seci would have to add the following lines to the sys file to allow pablo to request files from uchile:

####################

# pablo

system          pablo

...

forward         uchile

####################

# uchile

system          uchile

...

forward-to      pablo

The forward-to entry for uchile is necessary so that any files returned by it are actually passed on to pablo. Otherwise UUCP would drop them. This entry uses a variation of the forward command that permits uchile to send files only to pablo through seci, not the other way round.

To permit forwarding to any system, use the special keyword ANY (capital letters required).

If you want to set up your site for dialing in, you have to permit logins on your serial port and customize some system files to provide UUCP accounts, which we will cover in this section.

To begin with, you have to set up user accounts that let remote sites log into your system and establish a UUCP connection. Generally, you will provide a separate login name to each system that polls you. When setting up an account for system pablo, you might give it the username Upablo. There is no enforced policy on login names; they can be just about anything, but it will be convenient for you if the login name is easily related to the remote host name.

For systems that dial in through the serial port, you usually have to add these accounts to the system password file /etc/passwd. It is good practice to put all UUCP logins in a special group, such as uuguest. The account's home directory should be set to the public spool directory /var/spool/uucppublic; its login shell must be uucico.

To serve UUCP systems that connect to your site over TCP, you have to set up inetd to handle incoming connections on the uucp port by adding the following line to /etc/inetd.conf:[101]

uucp stream tcp nowait root /usr/sbin/tcpd /usr/lib/uucp/uucico -l

The -l option makes uucico perform its own login authorization. It prompts for a login name and a password just like the standard login program, but relies on its private password database instead of /etc/passwd. This private password file is named /etc/uucp/passwd and contains pairs of login names and passwords: