HylaFAX The world's most advanced open source fax server

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [hylafax-users] Understanding users & permission with hylafax.



On Wed, 12 Jun 2002 19:20:44 +0200, Antonio Gennarini <antonio@sunstone.it>
wrote:

>hylafax. First of all I would like to know if by default faxadduser
>writes only to hosts.hfaxd?
yes

>Lets say I want all my clients (192.168.0.*) of my local network to be able to send
>jobs to the server (192.168.0.1) only if they login with username
>The hosts.hfaxd should be like this??
>fax_admin:::Fg8I35Gev6oSs
>fax_user::Kh23J32nd8k3
>127.0.0.1
192\.168\.0\.      <==== LOSE THIS, otherwise they can fax without login

>This hosts.hfaxd file I have lets me kill jobs only through Richard
>Lippmann ftp method I found in the ML archievs. If I try 'faxrm -a 12''
>I get a 530 auth error saying no valid passwd. Why does it work via ftp
>and not through plain shell faxrm command?
I've just tried it, and it seems to work fine here.
Do you have an user in /etc/passwd called fax_admin?
If not, that's the reason, because faxm uses the uid you are running under
as  login name to HylaFAX.

>The 192\.168\.0\. (or 192.168.0.*) line should grant access also to localhost (hylafax
>server achine) but doesn't seem so..... Only if I put 127.0.0.1 can I get access. That's
>funny. 
If you think about it you'll find it's useful more than funny :-)
Why to bind to 192 if you can bind to 127 for local submissions?
127.0.0.1 will mean "local connection" for every network config, with or
without network card.

>machine thus relaying them maybe with international calls. Would a
>firewall rule be enough enabling connections to port 4559 only if they
>come from 192.168.0.*? And what happens if someone logs in form internet
>with IP 192.168.0.1? Is hylafax secure by this point of view?
So your internet firewall allows connections originating from private
addresses coming from the public interface? :)
Yes, just block 4559; however, if your fax server has a private ip, it will
be very difficult (impossible unless you explicitly do something) for it to
be reached from the internet.

-- 
giulioo@pobox.com

____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null




Project hosted by iFAX Solutions