Re: help! can't faxalter or faxrm! permission denied!

To: flexfax@sgi.com
Subject: Re: flexfax: help! can't faxalter or faxrm! permission denied!
From: Andrew CROKE <andrew.croke@awamarine.com.au>
Date: Fri, 25 Jun 1999 19:33:00 +1000

David Woolley wrote:
> 
> >
> > > I have found that the process is actually owned by bin. I have been
> > > working around it by
> 
> If you have a process, as against a program, owned by bin, you have
> a security problem.  faxalter itself is not setuser, so should run
> as whoever starts it.
> 
> Generally things are owned by bin if they should not be writeable,
> and in some cases readable, to anyone except root; it allows a careful
> sysadmin to manage them without running as root all the time.  They can
> be a risk in NFS systems, as bin doesn't have the special protection
> given to root.
> 
> Any process running as bin has the ability, if subverted, to access
> all the non-privileged programs in the system, including many that
> may subsequently be run as root.
> 
> Either the startup script is being run unsafely, or something that
> is supposed to be set-user root has been made set-user bin, or
> set-user has been inappropriately set on something that doesn't need it.

Thanks David,

I am no sys admin but doing my best to dig big holes. My terminology is
misleading.

I should have said "job".

This problem does not result from the use of sendfax directly.

When a fax is submitted via Netscape Mail (Communicator 4.07 for Linux)
the fax appears to be owned by group bin as a result of sendmail. If I
submit it from Pine it is no problem (the fax job is owned by the right
person) and faxrm can be used OK.

I get this in messages.

Jun 25 18:15:46 winger sendmail[315]: SAA00315: Authentication-Warning:
winger.awamarine.com.au: uucp set sender to fax using -f

This is the two jobs. 30 from Netscape. 31 from Pine.

JID  Pri S  Owner Number       Pages Dials     TTS Status
30   118 S    bin 96828560      0:1   9:12   08:59 No local dialtone
32   127 B apcrok 96828560      0:0   0:12         Blocked by concurrent
job

Is it sendmail (8.8.7) that is the problem or have I configured hylafax
incorrectly?

In the basic setup root cannot faxrm jobs from the queue. Where do you
set the admin password? I can't find it specified anywhere?

Thanks,

-- 
Andrew Croke         Fax: +61 (0)3 9347 5887
P.O Box  451         Mob: +61 (0)411 511 160
North Melbourne 3051
a.croke@ugrad.unimelb.edu.au  (academic)
andrew.croke@awamarine.com.au (commercial)

Follow-Ups:
- Re: help! can't faxalter or faxrm! permission denied!
  - From: giulioo@tiscalinet.it (Giulio Orsero)
- Re: help! can't faxalter or faxrm! permission denied!
  - From: David Woolley <david@djwhome.demon.co.uk>

References:
- Re: help! can't faxalter or faxrm! permission denied!
  - From: David Woolley <david@djwhome.demon.co.uk>

Prev by Date: Deployment of Hylafax NT client
Next by Date: Re: Message clarification
Prev by thread: Re: help! can't faxalter or faxrm! permission denied!
Next by thread: Re: help! can't faxalter or faxrm! permission denied!
Index(es):
- Main
- Thread

Report any problems to webmaster@hylafax.org

HylaFAX is a trademark of Silicon Graphics Corporation.
Internet connectivity for hylafax.org is provided by:
VirtuALL Private Host Services