Handbook:Advanced Server Configuration:Job Protection
Job protection has been enhanced in HylaFAX 6.0.0 and jobs can now be completely hidden from other users if wanted.
Contents
HylaFAX permission model
In the HylaFAX permission model, the file gid is used to represent the HylaFAX uid. The groub bits thus control the uid permissions while the other bits control the other permissions. Admins always have read+write access to any file.
Send Queue protection
By default, HylaFAX has always made the listings of the sendq/doneq include all jobs to any client connected to hfaxd. By setting PublicSendQ to false, hfaxd will also enforce it’s normal access restrictions on the listing of jobs in the sendq/doneq.
The file mode setting for new job qfiles in the HylaFAX queues (sendq and doneq) is controlled by the JobProtection config option. The default setting of 0644 allows all users to view all job parameters in the send/done queues. If PublicJobQ is set to false, then this file mode determines the permissions of the clients to see the jobs, following the HylaFAX permission model of the group bits controlling uid permissions and the other bits controlling other permissions. The job owner (a user connected with the same username as the owner value of a job) and admins always have read+write access to the job.
Receive Queue protection
By default, HylaFAX has always made the listings of the recvq include all faxes to any client connected to hfaxd. By setting PublicRecvQ to false, hfaxd will also enforce it’s normal access restrictions on the listing of faxes in the recvq.
The default file mode set on incoming fax by faxgetty is 0600. It can be changed with the RecvFileMode parameter in the modem config file. Complex access restrictions can be implemented using FaxDispatch.
Sample complex access restriction
In some setup, the recipient of a fax is known according to the incoming modem, DID or some other parameter available to FaxDispatch. In such cases, it is possible to have HylaFAX restrict the received faxes to the right users at reception.
HylaFAX users must have their uid set in hosts.hfaxd.
hfaxd.conf must contain the following line:
PublicRecvQ: false
config.$DEVID must contain the following line:
RecvFileMode: 0600
FaxDispatch can now be used to give the received faxes to the right users. FaxDispatch settings are configured in
/etc/hylafax/FaxDispatch, if this file does not exist, create it and make it contain the following:
case $DEVICE in ttyS0) chgrp $UID_OF_DEPT1 $FILE ## Give it the right "fax uid" chmod g+r $FILE ## Give that uid read rights ;; ttyS1) chgrp $UID_OF_DEPT3 $FILE ## Give it the right "fax uid" chmod g+r $FILE ## Give that uid read rights ;; esac
For more FaxDispatch options, see http://wiki.debian.org/HylaFax#FaxDispatch and http://www.guardiani.us/index.php/TrixBox_IAXModem_HylaFax#Inbound_DID_routing_FaxDispatch_example
Many platforms will require the HylaFAX user (usually uucp) to be a member of the groups used as "fax uid" before the chgrp command will work. Remember to restart every faxgetty when you add uucp to a new group.
It is also possible to configure sudo to allow the uucp user to change a file to any group by adding the following lines to the sudoers file:
Defaults:uucp !requiretty uucp ALL=(root) NOPASSWD: /bin/chgrp
Note that this allows the uucp user to change the group of any file, even files owned by other users.
Documents Queue protection
Documents in the docq directory use the normal access restrictions of HylaFAX to define who can access which file.
This means that two users sharing the same uid may not see each other's job (if the job file rights are set to 0600. but will be able to see the actual fax content of those jobs.