From owner-freebsd-current Mon Oct 1 11:52:58 2001 Delivered-To: freebsd-current@freebsd.org Received: from zircon.seattle.wa.us (sense-sea-CovadSub-0-228.oz.net [216.39.147.228]) by hub.freebsd.org (Postfix) with SMTP id A2E2537B40D for ; Mon, 1 Oct 2001 11:52:52 -0700 (PDT) Received: (qmail 39075 invoked by uid 1001); 1 Oct 2001 18:53:18 -0000 From: Joe Kelsey MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15288.48029.798593.908820@zircon.zircon.seattle.wa.us> Date: Mon, 1 Oct 2001 11:53:17 -0700 To: current@FreeBSD.ORG Subject: Re: uucp user shell and home directory In-Reply-To: <200110011826.f91IQk8f015078@atg.aciworldwide.com> References: <200110011800.f91I0u053253@khavrinen.lcs.mit.edu> <200110011826.f91IQk8f015078@atg.aciworldwide.com> X-Mailer: VM 6.92 under Emacs 20.7.1 Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Lyndon Nerenberg writes: > >>>>> "Garrett" == Garrett Wollman writes: > > Garrett> I remember, back in the mists of ancient time, it was > Garrett> common practice to provide ``anonymous UUCP'' service > Garrett> along the lines of anonymous FTP in (what was at that > Garrett> time) ARPANET. > > Yup, I used to run one of those (ncc). osu-cis was probably the > grandaddy of the anonymous UUCP sites. The convention seemed to be to > use the login 'nuucp' for anonymous passwordless access. (And I > wouldn't call it common -- there were only a handful sites that > provided this type of service.) The convention was to use ``uucp'' as the default anonymous login service. Some people had the mistaken impression that there was some sort of "hole" in the uucp system which was caused by using uucp as a default login for uucp service. No such hole existed in modern uucico processes, although there were bugs in early uucico (7th Edition vintage) which may be the reason that these rumors started. Of course, it didn't hurt the spread of these rumors that most BSD sites were stuck in the 7th Edition heritage and never actually caught up to the modern HoneyDanBer uucp. With the HoneyDanBer uucp, there were no security holes in uucico and it was completely safe to use uucp as an anonymous login service. However, most university sites mistakenly perpetuated the nuucp service, mostly for administrative reasons. That said, for max security it is always useful to have each site have its own login, up to a point. Some large uucp sites used to use common logins simply because there was so little security risk (especially with HoneyDanBer variety). Certainly, anonymous uucp is more secure than anonymous ftp. /Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message