Olaf Kirch - Linux Network Administrator Guide, Second Edition

Здесь есть возможность читать онлайн «Olaf Kirch - Linux Network Administrator Guide, Second Edition» весь текст электронной книги совершенно бесплатно (целиком полную версию без сокращений). В некоторых случаях можно слушать аудио, скачать через торрент в формате fb2 и присутствует краткое содержание. Год выпуска: 2000, ISBN: 2000, Жанр: ОС и Сети, на английском языке. Описание произведения, (предисловие) а так же отзывы посетителей доступны на портале библиотеки ЛибКат.

Linux Network Administrator Guide, Second Edition: краткое содержание, описание и аннотация

Предлагаем к чтению аннотацию, описание, краткое содержание или предисловие (зависит от того, что написал сам автор книги «Linux Network Administrator Guide, Second Edition»). Если вы не нашли необходимую информацию о книге — напишите в комментариях, мы постараемся отыскать её.

This book was written to provide a single reference for network administration in a Linux environment. Beginners and experienced users alike should find the information they need to cover nearly all important administration activities required to manage a Linux network configuration. The possible range of topics to cover is nearly limitless, so of course it has been impossible to include everything there is to say on all subjects. We've tried to cover the most important and common ones. We've found that beginners to Linux networking, even those with no prior exposure to Unix-like operating systems, have found this book good enough to help them successfully get their Linux network configurations up and running and get them ready to learn more.
There are many books and other sources of information from which you can learn any of the topics covered in this book (with the possible exception of some of the truly Linux-specific features, such as the new Linux firewall interface, which is not well documented elsewhere) in greater depth. We've provided a bibliography for you to use when you are ready to explore more.

Linux Network Administrator Guide, Second Edition — читать онлайн бесплатно полную книгу (весь текст) целиком

Ниже представлен текст книги, разбитый по страницам. Система сохранения места последней прочитанной страницы, позволяет с удобством читать онлайн бесплатно книгу «Linux Network Administrator Guide, Second Edition», без необходимости каждый раз заново искать на чём Вы остановились. Поставьте закладку, и сможете в любой момент перейти на страницу, на которой закончили чтение.

Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

In sys , you would specify a system to be called via TCP like this:

system gmu

address news.groucho.edu

time Any

port tcp-conn

chat ogin: vstout word: clouseau

The address command gives the IP address of the host or its fully qualified domain name. The corresponding port entry would read:

port tcp-conn

type tcp

service 540

The entry states that a TCP connection should be used when a sys entry references tcp-conn , and that uucico should attempt to connect to the TCP network port 540 on the remote host. This is the default port number of the UUCP service. Instead of the port number, you may also give a symbolic port name to the service command. The port number corresponding to this name will be looked up in /etc/services . The common name for the UUCP service is uucpd .

Using a Direct Connection

Assume you use a direct line to connect your system vstout to tiny . Much like in the modem case, you have to write a system entry in the sys file. The port command identifies the serial port tiny is hooked up to:

system tiny

time Any

port direct1

speed 38400

chat ogin: cathcart word: catch22

In the port file, you have to describe the serial port for the direct connection. A dialer entry is not needed because there's no need for dialing:

port direct1

type direct

speed 38400

device /dev/ttyS1

Controlling Access to UUCP Features

UUCP is quite a flexible system. With that flexibility comes a need to carefully control access to its features to prevent abuse, whether it be intentional or accidental. The primary features of concern to the UUCP administrator are remote command execution, file transfer, and forwarding. Taylor UUCP provides a means of limiting the freedom that remote UUCP hosts have in exercising each of these features. With careful selection of permissions, the UUCP administrator can ensure that the host's security is preserved.

Command Execution

UUCP's task is to copy files from one system to another and to request execution of certain commands on remote hosts. Of course, you as an administrator would want to control what rights you grant other systems - allowing them to execute any command they choose on your system is definitely not a good idea.

By default, the only commands Taylor UUCP allows other systems to execute on your machine are rmail and rnews, which are commonly used to exchange email and Usenet News over UUCP. To change the set of commands for a particular system, you can use the commands keyword in the sys file. Similarly, you may want to limit the search path to just those directories containing the allowed commands. You can change the search path allowed for a remote host with the command-path statement. For instance, you may want to allow system pablo to execute the bsmtp command in addition to rmail and rnews: [99] bsmtp is used to deliver mail with batched SMTP.

system pablo

...

commands rmail rnews bsmtp

File Transfers

Taylor UUCP also allows you to fine-tune file transfers in great detail. At one extreme, you can disable transfers to and from a particular system. Just set request to no , and the remote system will not be able to either retrieve files from your system or send it any files. Similarly, you can prohibit your users from transferring files to or from a system by setting transfer to no . By default, users on both the local and the remote system are allowed to upload and download files.

In addition, you can configure the directories that files may be copied to and from. Usually you will want to restrict access from remote systems to a single directory hierarchy, but still allow your users to send files from their home directory. Commonly, remote users are allowed to receive files only from the public UUCP directory /var/spool/uucppublic . This is the traditional place to make files publicly available, very much like FTP servers on the Internet. [100] You may use a tilde (~) character to refer to the UUCP public directory, but only in UUCP configuration files; outside it usually translates to the user's home directory.

Taylor UUCP provides four different commands to configure the directories for sending and receiving files. They are: local-send, which specifies the list of directories a user may ask UUCP to send files from; local-receive, which gives the list of directories a user may ask to receive files to; and remote-send and remote-receive, which do the analogous for requests from a foreign system. Consider the following example:

system pablo

...

local-send /home ~

local-receive /home ~/receive

remote-send ~ !~/incoming !~/receive

remote-receive ~/incoming

The local-send command allows users on your host to send any files below /home and from the public UUCP directory to pablo . The local-receive command allows them to receive files either to the world-writable receive directory in the uucppublic , or any world-writable directory below /home . The remote-send directive allows pablo to request files from /var/spool/uucppublic , except for files from the incoming and receive directories. This is signaled to uucico by preceding the directory names with exclamation marks. Finally, the last line allows pablo to upload files to incoming .

A major problem with file transfers using UUCP is that it receives files only to directories that are world-writable. This may tempt some users to set up traps for other users. However, there's no way to escape this problem outside of disabling UUCP file transfers altogether.

Forwarding

UUCP provides a mechanism to have other systems execute file transfers on your behalf. For instance, suppose your system has uucp access to a system called seci , but not to another system called uchile . This allows you to make seci retrieve a file from uchile for you and send it to your system. The following command would achieve this:

$ uucp -r seci!uchile!~/find-ls.gz ~/uchile.files.gz

This technique of passing a job through several systems is called forwarding . On your own UUCP system, you would want to limit the forwarding service to a few hosts you trust not to run up a horrendous phone bill by making you download the latest X11R6 source release for them.

By default, Taylor UUCP prohibits forwarding altogether. To enable forwarding for a particular system, you can use the forward command. This command specifies a list of sites the system may request you to forward jobs to and from. For instance, the UUCP administrator of seci would have to add the following lines to the sys file to allow pablo to request files from uchile :

####################

# pablo

system pablo

...

forward uchile

####################

# uchile

system uchile

...

forward-to pablo

Читать дальше
Тёмная тема
Сбросить

Интервал:

Закладка:

Сделать

Похожие книги на «Linux Network Administrator Guide, Second Edition»

Представляем Вашему вниманию похожие книги на «Linux Network Administrator Guide, Second Edition» списком для выбора. Мы отобрали схожую по названию и смыслу литературу в надежде предоставить читателям больше вариантов отыскать новые, интересные, ещё непрочитанные произведения.


Отзывы о книге «Linux Network Administrator Guide, Second Edition»

Обсуждение, отзывы о книге «Linux Network Administrator Guide, Second Edition» и просто собственные мнения читателей. Оставьте ваши комментарии, напишите, что Вы думаете о произведении, его смысле или главных героях. Укажите что конкретно понравилось, а что нет, и почему Вы так считаете.

x