HylaFAX Advanced Permissions with 6.0
With the release of Hylafax 6.0 now a couple of months old, new features were added including new Permissions which Iam going to write about on this page and how I implemented them into our work place using these new Permissions in a multi user/department environment.
Previously we had been using Hylafax 4.4.4 in our work place for the past 9 months trialling it and seeing how well it works, and how best we would roll it out to other departments.
With Hylafax 4.4.4 it was fine for a one fax machine solution which we required at the time, but now as we were looking at expanding the use of Hylafax or needs had changed a little bit.
In this Wiki I will try and explain how we have successfully rolled out Hylafax 6.0.2 (currently) to 2 departments, with more to be added with multiaple users in each department. This is going to be based on a CentOS 5.3 system which we had to move to from debian based system due to our requirement of a Serial Over Ip hub, so for other Distro's the file locations will vary.
Our requirement was to Setup a Hylafax Server for use with 2 incomming fax lines (1 for each department), and to restrict access to the public received & sent fax lists to only allow each department to view which faxes belonged to their fax line, via the client software of yajhfc which we intend to distribute.
Our Setup will be described as follows:-
Dept1 with only allowing access to the received fax list for this fax line to User1 & User2 Dept2 with only allowing access to the received fax list for this fax line to USer3 & User4
Users sending faxes will only be able to view thier own faxes which they have sent and not other peoples.
The dept1 modem device will be /dev/ttyS1, and dept2 will be /dev/ttyS2.
1) Add the new Hylafax 6.0 premissions to /etc/hylafax/hfaxd.conf :-
JobProtection: 0600
PublicJobQ: false
PublicRecvQ: false
JobProtection sets the permissions of faxes which are sent by the user, 0600 is needed here to help with restricting access to the puclic list.
PublicJobQ set to false is required to restrict access to the public fax sent list, if set to true or line not present faxes will appear in the Public queue.
PublicRecvQ set to false is required to restrict access to the public fax received list view, file premissions are explained later in more detail for this area.
2) Next I will need to alter the RecvFileMode in my modem configuation lines in /var/spool/hylafax/config.ttyS1 & config.ttyS2 to the following if it already it not set like this:-
From
RecvFileMode: 0644
To
RecvFileMode: 0600
This makes any received faxes not accessible to the public list, otherwise a value of 644 makes them accessible to the public.
3) I now need to create 2 actual linux users as follows:-
dept1 - UID of 501 dept2 - UID of 502
You will need to make a note of the various UID's for later as these will be required when altering your hosts.hfaxd file later on.
You can create more linix user account if needed for the different users, but here I don't need them as I will only be using user1-4 for fax access which I shall add with the faxadduser command In the next step.
4) Now I shall add my user1, user2, user3, user4 to the hylafax configuration so I can grant them access to the appropiate faxes later on.
/usr/sbin/faxadduser -p password user1
Obviosuly here I would repeat this 4 times for user1-4 and then choose an appropiate password after the -p option.
Once these have been added 4 new lines will appear in the /var/spool/hylafax/etc/hosts.faxd file eg:-
^user1@::password:
^user2@::password:
^user3@::password:
^user4@::password:
The password will not be clear text but encrypted, I shall come back to this file in a later step.
4) Now i need to edit my /var/spool/hylafax/FaxDispatch file so I can assign the correct permissions & unix user to the fax received depending which modem it has arrived on.
