NAME¶
hosts.hfaxd -
HylaFAX client access control list
DESCRIPTION¶
The
ASCII file
etc/hosts.hfaxd in the
HylaFAX
spooling area specifies the hosts and users that are permitted to access
services through the
hfaxd(8) process. This file must exist for client
access; if it is not present then
hfaxd will deny all requests for
service. Note also that this file must be readable only by the ``fax'' user;
i.e. it should have mode 600 and be owned by ``fax''.
Each newline-terminated entry is a set of colon (:) separated fields, all but
the first of which are optional. Trailing null fields and their separators may
be omitted. The most general form is:
client:uid:passwd:adminwd
client is a regular expression to be matched against a string ``
user@
host'' that is formed from the
user string passed
to
hfaxd with the
USER command and the official
host name
or the
DARPA Internet address, specified in ``dot notation''.
If
client does not contain an ``@'' then, for backwards compatibility,
it is treated as a host for which any user may have access; i.e. it is
automatically converted to the regular expression ``^.*@
client$''.
Comments are introduced with the ``#'' character and extend to the end of the
line. Any whitespace immediately preceding a comment is also ignored.
If
client has a leading ``!'', then it is interpreted as a class of hosts
and users to which access is to be
disallowed. That is, if the pattern
matches the client information, then access is denied.
Note that regular expressions are
not anchored. That is, a regular
expression may match a substring of the ``
user@
host'' string.
Thus `
pb@
.*\.cl\.cam\.ac\.uk' matches `
cpb@
mc.cl.cam.ac.uk.esd.sgi.com'. Use ``^'' to match the start
of the string and ``$'' to match the end.
Fields following
client are optional and specify the following:
- uid
- The numerical user ID to assign to clients that use the entry for access.
hfaxd uses the uid to control access to server resources
such as jobs and documents (the value is used to set the group ID of files
created by a client).
- Multiple clients/users may share the same uid or unique IDs may be
created for each client. User IDs may be any number in the range
[0..60002] with 60002 used, by convention, for entries that do not have a
uid specified.
- passwd
- The encrypted password. If this field is empty (null) then no password
will be demanded when a client logs in; i.e. the USER command does
not need to be followed by a PASS command.
- adminwd
- The encrypted password for this user to gain administrative privileges. If
this field is empty (null) then the user is not permitted to have
administrative privileges.
EXAMPLE¶
The following is a sample hosts.hfaxd file. Note that the first entry that
matches is taken, so more-specific entries should be placed first.
^pb@[^.]*\.cl\.cam\.ac\.uk$:::hFy8zXq2KaG8s
# pb on a machine directly in cl.cam.ac.uk can
# administer if an admin pw is given
127.0.0.1 # anyone on local host uses the default uid
^sam@flake.*sgi\.com$ # Sam on his work machine
^sam@oxford.*Berkeley.* # Sam on any machine starting oxford and containing
# Berkeley, e.g. sam@oxfordberkeley.cl.cam.ac.uk
^.*@.*.\.esd\. # anyone in an esd domain
!^tom@ # Tom Davis is denied access
.*\.sgi\.com$ # but anyone else at sgi is ok
SEE ALSO¶
sendfax(1),
hfaxd(8),
hylafax-server(5)