
		  Supplemental notes for installing UNaXcess


This is UNaXcess, in this incarnation (V0.4.5) a BBS for Unix systems.
V1.x is intended to be a business shell with a conferencing system, electronic
mail, and system administration utilities in it (along with WP, spreadsheet,
and database access).

This directory contains the UNaXcess Distribution.  There is no User's Guide
at present, and it is only known to work on V7 and AT&T System III and System
V, although extensive testing has been done under Xenix 3.0.  Berkeley
Unix should work.

The shar file should have created a number of files in this directory, and
a subdirectory called ``Utilities'' containing even more files.  Inspect the
Makefile (it SHOULD work as it is on any system, but you never know), then
type ``make SYSTEM=system all'', where system is one of:  BSD (4.2 and 4.3
only), SYS3 (real AT&T System III only), SYS5 (ditto), XENIX3 (also Unisoft
3.x), XENIX5 (possibly also Unisoft 5.x), and V7 (catchall).  If it doesn't
work, let me know; I'd like this thing to be reasonably compatible.  (Someday
they'll get a #include file on all systems to say which OS variant they're
using...)

If you wish to install UNaXcess without using root privileges, place the
string ``-DNOAUTOPATH='"/unaxcess/home/directory"''' in the Makefile, on the
CFLAGS line.  WARNING! ! !  USING UNAXCESS WITHOUT SET-UID MAKES SECURITY
ARRANGEMENTS IMPOSSIBLE.

To install UNaXcess, type ``sh Utilities/install.sh'' while in the source
directory. You will be asked various questions and be placed in the editor to
compose a bulletin.

After installation, you should edit the NewMessage file as specified by the
installation script.  It should say anything you want new users to know before
registering as UNaXcess users.

You should also run UnaXcess as the sysop and type ``user new'' to edit the
newuser setup.  The parameter to be set is the access level granted.  As
distributed, this is USER access level.  For business applications, this
should be SYSTEM (allowing shell access).  For certain applications, it should
be set to GUEST (users can only post to the GUEST conference).  Note that
there are 6 access levels:

	NONE		- de-activated logins or un-validated logins
	MAKEUSER	- runs the user maker before entering
	GUEST		- can read anything (except Restricted conferences),
			  only add to GUEST
	FILES		- can access the File Section
	SYSTEM		- can use the C command (shell access), also
			  can use a system editor to edit messages
	FAIRWITNESS	- all but a sysop.  The only limitation is that
			  only the Sysop (who is a fairwitness) can make
			  or break other fairwitnesses.

-----------------------
Some notes:

The configuration file is stored in the home directory of the UNaXcess system
and is named ``ua-config''.  It contains lines of the format:

			    variable	value

The defaults are contained in param.c, not that you should change them (that's
what the config file is for).  The variables are:

	readonly	boolean	Indicates whether Read-Only conferences are
				valid.  Read-Only conferences begin with
				the characters ``r-''.

	x-rated		boolean	Indicates whether X-Rated (restricted)
				conferences are valid.  X-Rated conferences
				begin with the characters ``x-''.

	editor		string	The path of the editor to use in creating
				messages.  The editor ``ua-edit'' is the
				built-in editor.  This editor is used only
				if the user has SYSTEM access or greater;
				otherwise, the built-in editor is used.

	shell		string	The path of the shell to use when the C
				command is invoked.  The C command is not
				valid for users whose access is less than
				SYSTEM level.  (Note:  there is no reason
				that this must be a shell.  The original
				version of the File Section was a separate
				program accessed by the C command.)

	read-env	boolean	Indicates whether the user's environment
				should be read to indicate the shell and
				editor.

	bbs-user	string	UNaXcess will permit a user whose Unix login
				name is the same as his UA login name to log
				in from the shell without specifying his name
				or password.  The ``bbs-user'' is exempt from
				this; it is intended to prevent breaches in
				security by invoking a shell (C command) and
				running ua from the shell.

	time-limit	number	This is the time limit for UNaXcess in minutes.
				If this is zero, no time-out occurs.  A warning
				is given five minutes before a logout; if the
				user is in the shell or editor when his time
				runs out, exiting the shell or editor will
				log him out.

	sysop		string	The name of the UNaXcess sysop is configurable.
				Special-purpose systems may indicate a more
				descriptive name (i.e. DUNGEON MASTER for a
				fantasy gaming BBS).

	private-msgs	boolean	Indicates whether private messages may be
				created.

	logging		boolean	Indicates whether a session log should be kept
				in Logfile.  This allows you to track security
				problems, people who misuse the system, or
				(heaven forbid) bugs.  However, the log gets
				big rather quickly, so you may wish to leave
				this off.

	banner		string	This string contains the name of a file whose
				contents are printed when a user runs UNaXcess,
				before the login message.  If the string is
				empty, a default banner is used.

	login-msg	string	This string is printed as the login prompt.
				If it is empty, a default string is used.
				You might want to change this if you disallow
				GUEST or NEW logins, or change their names.

	pauses		number	This is 2 for no pauses, 1 for user-specified
				pausing, and 0 for forced pausing.  A cheap
				built-in pager is used.

	login-tries	number	If this is not 0, it specifies the number of
				login attempts permitted before UNaXcess exits.

	bbs-directory	string	The directory where the UNaXcess file can be
				found.  The home of the owner of UNaXcess is
				used to find the ua-config file (or the
				NOAUTOPATH directory if you have defined it);
				after this, the directory is changed to the
				bbs-directory and files are expected to be
				found there. The default is the directory used
				to find the ua-config file.

	ascii-upload	string	These are the command strings to be passed to
	ascii-download		/bin/sh via system() to perform the specified
	xmodem-upload		action.  The defaults are:  a cat string for
	xmodem-download		ascii, umodem -[sr]b for XModem, and C-Kermit
	kermit-upload		command strings for Kermit.  The string ``%s''
	kermit-download		will be replaced with the file's path; if no
				``%s'' is specified, the pathname will be
				appended to the command, preceded by a space.
				If the string is empty, UNaXcess will assume
				that no capacity exists for the action.

A string is specified in double quotes:  "/bin/sh".  Actually, the quotes can
be left off, but in this case the string cannot contain spaces or tabs.  A
boolean is indicated as YES or NO (Y or N will do, and case doesn't matter).
A number is simply a number, but is limited to 0-255.  Strings may contain
escapes (\n \r \t \b \f \e \nnn \a) (\a is bell).  Comments are indicated by
#; they do NOT have to be at the beginning of a line.

---

The up/download (UDL) module uses a log file for uploads, and a directory for
downloads.  Both files are created by the install script; "upload-log" is
empty, and "directory" contains one line:

	GENERAL file branch; <date> by <sysop name>: General up/downloads

This is the basic format of a directory entry.  The word "branch" is reserved,
and indicates that this is the directory entry for the branch itself; files
in this branch have the word "branch" replaced by the file name.  There is
no way to automatically create or delete files or branches; it has to be done
from the shell.  (On the other hand, if the branch has a (UNIX) directory in
the "uploads" directory, uploads will be logged there in such a way that the
log entry may be simply copied from the upload-log to the directory.)

Note that each branch is represented by a UNIX directory in the "library"
directory.  The name should be lowercase, although user input of the name
and the name listed in the "directory" file are case-independent.  If uploads
are to be permitted, a directory of the same name should be created in the
"upload" directory.

---

UNaXcess depends on being setuid to its owner, not only for permissions in
the BBS, but also to insure that the home directory (containing the message
database and config file) can be located.  (You can avoid this by using
NOAUTOPATH, as discussed above.)  If NOAUTOPATH is not defined, a program
``mkconf'' is used to create conferences; it is essentially a (non-AT&T)
reimplementation of /bin/mkdir, except that it does not check the effective
UID of the invoker.  This is necessary because of the way Unix handles set-
uid.  If NOAUTOPATH is defined, mkdir is used.  Please note that mkconf MUST
be setuid to work, and if the ``ua'' executable is setuid, mkconf MUST be
used or conference creation will be impossible.

---

UNaXcess is Copyright (C) 1986 by Brandon S. Allbery.  Permission is hereby
granted to copy and freely distribute this code. You may charge only a
reasonable handling/copying fee for distribution of this code; you may not
sell it or include it in a commercial package for resale.

++Brandon Allbery
(P.S.  Unix is a trademark of AT&T.)

---------------

A few more comments on this distribution:

John P. Nelson couldn't figure out why I rewrote mkdir for UNaXcess.  The
reason is the way setuid programs are execed.  If UNaXcess is setuid to its
owner, a call to mkdir will result in, not the UNaXcess owner's permissions,
but the USER'S permissions being used.  This should NEVER be a valid
access permission for UNaXcess files (if it is, you've got a security
problem).  Therefore, mkconf -- which does not check permissions.  Not the
safest way to do things, except that it should not be runnable by a uid not
that of the owner of UA.  BSD4.2 has the *best* way to do it:  mkdir() system
call.  I have put this in if BSD is #defined, and install.sh checks to see if
/usr/include/sys/socket.h exists and if so does NOT install mkconf.  If you
are in 4.2BSD and have a superuser create the UNaXcess owner's login for you,
you can run install without being root (but you have to be su'd to the owner
of the BBS).

The first distribution wouldn't run on Xenix or on 3B's because _doprnt()
wasn't available.  The v*printf() routines wouldn't have helped in this case.
So in this version, msg() is a (non-AT&T) printf().  The only formats
supported are of the form:

		%[-][width[.ext]]fmt (i.e. no USG extensions).

The hyphen indicates left-justified, vs. right (default).  Width specifies the
number of character positions to use; if it has a leading zero in a numeric
format, leading zeroes are not suppressed.  The only format characters
supported are:

		%c
		%d
		%D
		%ld
		%s

all of which work as in printf().

It seems that BSD sscanf() is broken:  if %[span] does not match at least one
character, it fails.  (Or maybe USG is broken, since it succeeds in that
case.  I guess it depends on how you feel at the time...)  So the password
file manipulation routines have been changed to correctly parse this, as well
as handle another potential problem:  the password structure uses short's, and
sscanf()'s with the %hd format so it works on 32-bit machines, but not all
machines support %hd.  If anyone has had problems getting the password file
handling to work right, this is probably the reason.

-------------

Additional notes (7/18/86):

The elusive userindex bug has finally been caught.  Most configuration
problems have also been dealt with; it should be much smoother on
installation.

UNaXcess plans for expansion (expect these in coming releases):

	- Unix mail support
	- Bidirectional news support, without the uanews kludge
	  (Both of these will require SYSTEM access.)
	- Message forwarding to remote machines via mail.
	- A system adminitration program

++Brandon
