Re: [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..

To: Chris SJF <chin@sjf.co.uk>
Subject: Re: [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
From: Lee Howard <faxguy@howardsilvan.com>
Cc: hylafax-users@hylafax.org
Reply-To: faxguy@howardsilvan.com
Date: Thu, 1 Aug 2002 15:57:57 -0700

On 2002.08.01 15:23 Chris SJF wrote:

> I read a post that said; after someone had asked for a "global" admin
> user capable of deleting anyone's jobs:
> 'Not trying to say that this is a bad idea, but how is this any easier
> than:
> $ su -c "faxrm 137" faxinguser"'
> 
> Well, the problem with this is the user must have a shell account. If
> they don't, it doesn't work.

then use 'faxrm -a', just delete the sendq/q file, or telnet in and say 
JDELE.

> Faxrm will silently fail. For security reasons I have users without
> shells ( i.e. /bin/false) they can access daemons,etc, but have no way
> to get a shell.

then use 'faxrm -a'

> So you can't use su under these circumstances. However, I did try adding
> root as an admin user with: faxadduser -a gggg -p gggg root , with no
> joy. Infact, any user added this way couldn't "faxrm" any other users
> job, either with "faxrm -a .." or telneting to the server.

A user cannot delete their own job?

Well, order of matching in etc/hosts.hfaxd is important, and matching by 
IP often defeats administrative authentication.

> I did, frankly get a little peeved about it. I'm using 4.1.2. I wonder
> if this has been fixed in a later version?

Is it broken?  faxrm is a client program.  It communicates to hfaxd.  
hfaxd doesn't know that you're root.  If you don't authenticate it can't 
give you administrative rights.  If you don't like authentication with 
faxrm, that's fine; you don't have to use faxrm as I've said already.

> Does anyone else have a
> problem with the current "security" methods.

You mean the restriction of job access to their owners or an authenticated 
administrator?  Lots of people dislike having to use drivers licenses, 
too, but that doesn't make them useless or wrong.

> All I need is a way to
> remove users' jobs, without having to give them a shell, or reading the
> raw queue files.

How does a user remove their own job?  Do that.

> Any pointers would be massively appreciated.

You'll get more sympathy without being accusatory.

Lee.

____________________ HylaFAX(tm) Users Mailing List _______________________
  To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
 On UNIX: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null
  *To learn about commercial HylaFAX(tm) support, mail sales@hylafax.org.*

References:
- [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
  - From: Chris SJF
- [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
  - From: Chris SJF

Prev by Date: Re: [hylafax-users] Waiting for modem to come ready
Next by Date: Re: [hylafax-users] cypheus-hylafax - high resolution send ERROR
Previous by thread: [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
Next by thread: Re: [hylafax-users] Faxrm nightmare - no permissions - /bin/false - 5 hours later..
Index(es):
- Main
- Thread

Project hosted by iFAX Solutions