NIO CommKit Host Interface Installation and System Administration Manual
3-30
Control Tables (from AT&T 255-110-127)
srvtab
CAUTION: The *n form of user ID mapping should not be used in conjunction with originating
group wild cards unless those wild cards are sufficiently specific to limit access to
trusted, commonly administered systems.
* pupu - root /opt/dk/bin/pupu pupu:from:%f
The specification of root on the above server table entry allows any user on
any system in the network to read or write any file on the called host.
Although this entry does not directly provide a super user shell to the
requester, it does allow any requester to replace any file (including /etc/
passwd) on the called system. The & user ID mapping specification should
be used for pupu requests so that users are forced to authorize with a login
and password before transferring files.
Directory Mode for /etc/opt/dk/srvtab
Server tables that result in reasonably secure host systems generally require
fully specified access specifications with limited use of wild cards. Since the
server table is searched sequentially from the beginning each time an incom-
ing call is validated, this added security is not without cost. A directory
server table format is used to greatly increase call validation performance
when a large server table is required.
The server control file (default: /etc/opt/dk/srvtab) is either a concatenation
of all the control files into a single file, or a directory of server control files
(there is one for each service provided). Each server table file contains
entries for a single service and the file names are the names of the services.
For example, a server table directory might contain files with the following
names:
- authorize do pupu rx whoami
* dkload login rl uucp
Each of the above files with the exception fo the file * represents a specific
service. When an incoming call request is validated, the server program rec-
ognizes that the server table is a directory and attempts to open a file in that
directory with a name that matches the requested service (for example, the
server would try to open the file /etc/opt/dk/srvtab/pupu for the file transfer
service and the file /etc/opt/dk/srvtab/- for the null service). If it opens, the
server scans that file for a matching line according to the rules outlined in the