NAME
hosts.hfaxd - HylaFAX client access control list
DESCRIPTION
The ASCII file etc/hosts.hfaxd in the HylaFAX spooling area specifies
the hosts and users that are permitted to access services through the
hfaxd(8) process. This file must exist for client access; if it is not
present then hfaxd will deny all requests for service. Note also that
this file must be readable only by the ``fax'' user; i.e. it should
have mode 600 and be owned by ``fax''.
Each newline-terminated entry is a set of colon (:) separated fields,
all but the first of which are optional. Trailing null fields and
their separators may be omitted. The most general form is:
client:uid:passwd:adminwd
client is a regular expression to be matched against a string
``user@host'' that is formed from the user string passed to hfaxd with
the USER command and the official host name or the DARPA Internet
address, specified in ``dot notation''. If client does not contain an
``@'' then, for backwards compatibility, it is treated as a host for
which any user may have access; i.e. it is automatically converted to
the regular expression ``^.*@client$''.
Comments are introduced with the ``#'' character and extend to the end
of the line. Any whitespace immediately preceding a comment is also
ignored.
If client has a leading ``!'', then it is interpreted as a class of
hosts and users to which access is to be disallowed. That is, if the
pattern matches the client information, then access is denied.
Note that regular expressions are not anchored. That is, a regular
expression may match a substring of the ``user@host'' string. Thus
`pb@.*\.cl\.cam\.ac\.uk' matches `cpb@mc.cl.cam.ac.uk.esd.sgi.com'.
Use ``^'' to match the start of the string and ``$'' to match the end.
Fields following client are optional and specify the following:
uid The numerical user ID to assign to clients that use the entry
for access. hfaxd uses the uid to control access to server
resources such as jobs and documents (the value is used to
set the group ID of files created by a client).
Multiple clients/users may share the same uid or unique IDs
may be created for each client. User IDs may be any number
in the range [0..60002] with 60002 used, by convention, for
entries that do not have a uid specified.
passwd The encrypted password. If this field is empty (null) then
no password will be demanded when a client logs in; i.e. the
USER command does not need to be followed by a PASS command.
adminwd The encrypted password for this user to gain administrative
privileges. If this field is empty (null) then the user is
not permitted to have administrative privileges.
EXAMPLE
The following is a sample hosts.hfaxd file. Note that the first entry
that matches is taken, so more-specific entries should be placed first.
^pb@[^.]*\.cl\.cam\.ac\.uk$:::hFy8zXq2KaG8s
# pb on a machine directly in cl.cam.ac.uk can
# administer if an admin pw is given
127.0.0.1 # anyone on local host uses the default uid
^sam@flake.*sgi\.com$ # Sam on his work machine
^sam@oxford.*Berkeley.*# Sam on any machine starting oxford and containing
# Berkeley, e.g. sam@oxfordberkeley.cl.cam.ac.uk
^.*@.*.\.esd\. # anyone in an esd domain
!^tom@ # Tom Davis is denied access
.*\.sgi\.com$ # but anyone else at sgi is ok
SEE ALSO
sendfax(1), hfaxd(8), hylafax-server(5)
January 18, 1996