HylaFAX The world's
most advanced open source fax server
|
|
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
Re: [hylafax-users] SOLVED Basic sendfax failures - "no_formatter" but GS installed?
Lee:
Thanks - your explanation makes perfect sense, and I didn't want to start (or continue) a holy war here.
I got the sysadmins to agree to remove the "noexec" on the /var mount (keeping just "nosuid"), so I can keep on trucking with the default Hylafax install locations, including the scripts.
Appreciated,
David
> -----Original Message-----
> From: Lee Howard [mailto:faxguy@xxxxxxxxxxxxxxxx]
> Sent: Saturday, December 20, 2008 6:35 PM
> To: David Ruggiero
> Cc: 'hylafax-users@xxxxxxxxxxx'
> Subject: Re: [hylafax-users] SOLVED Basic sendfax failures -
> "no_formatter" but GS installed?
>
> David Ruggiero wrote:
> > The problem was that on this system the /var partition is set as
> "noexec, nosuid" for security. This is pretty common in Linux
> installations, in my experience, because no one runs scripts and
> executables in /var.
> >
> > No one except Hylafax, I guess. :}
> >
>
> I believe that LPRng did.
>
> Be aware that there is a good purpose in having them there.
>
> > Is there a historical reason (SGI?) why Hylafax puts ALL of its eggs -
> including executable scripts - in the /var/spool/hylafax basket? I can't
> think of any other package that does this. (Generally, isn't /var is the
> home of temporary, log, and spool files, not executables and config files?
> Yea, along with some stuff like /var/cron/*, but that's a little
> different.)
>
> You can build HylaFAX with the HYLAFAX_SPOOL directory being somewhere
> else... be it /var/hylafax or wherever. However, understand that the
> queue directories really are spool directories. According to FHS
> zealots these therefore belong under /var/spool... and yet according to
> those same people our scripts in the same chroot don't belong there.
>
> Breaking them into remote places would therefore make the chroot
> difficult or impossible as well as tripping-up the capability for an
> administrator logged in through hfaxd to make modifications to the
> deliberately *customizable* scripts.
>
> You can read some of my debate about this topic here (warning, it's a
> long read):
>
> https://bugzilla.redhat.com/show_bug.cgi?id=188542
>
> In the end it comes down to who is master and who is servant. On your
> system your SElinux configuration may rule with FHS authority... and in
> that case you'll need to do something other than what HylaFAX does by
> default.
>
> Thanks,
>
> Lee.
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*