HylaFAX The world's
most advanced open source fax server
|
|
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
Re: [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
On 2002.08.01 15:23 Chris SJF wrote:
> I read a post that said; after someone had asked for a "global" admin
> user capable of deleting anyone's jobs:
> 'Not trying to say that this is a bad idea, but how is this any easier
> than:
> $ su -c "faxrm 137" faxinguser"'
>
> Well, the problem with this is the user must have a shell account. If
> they don't, it doesn't work.
then use 'faxrm -a', just delete the sendq/q file, or telnet in and say
JDELE.
> Faxrm will silently fail. For security reasons I have users without
> shells ( i.e. /bin/false) they can access daemons,etc, but have no way
> to get a shell.
then use 'faxrm -a'
> So you can't use su under these circumstances. However, I did try adding
> root as an admin user with: faxadduser -a gggg -p gggg root , with no
> joy. Infact, any user added this way couldn't "faxrm" any other users
> job, either with "faxrm -a .." or telneting to the server.
A user cannot delete their own job?
Well, order of matching in etc/hosts.hfaxd is important, and matching by
IP often defeats administrative authentication.
> I did, frankly get a little peeved about it. I'm using 4.1.2. I wonder
> if this has been fixed in a later version?
Is it broken? faxrm is a client program. It communicates to hfaxd.
hfaxd doesn't know that you're root. If you don't authenticate it can't
give you administrative rights. If you don't like authentication with
faxrm, that's fine; you don't have to use faxrm as I've said already.
> Does anyone else have a
> problem with the current "security" methods.
You mean the restriction of job access to their owners or an authenticated
administrator? Lots of people dislike having to use drivers licenses,
too, but that doesn't make them useless or wrong.
> All I need is a way to
> remove users' jobs, without having to give them a shell, or reading the
> raw queue files.
How does a user remove their own job? Do that.
> Any pointers would be massively appreciated.
You'll get more sympathy without being accusatory.
Lee.
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@hylafax.org.*