hosts - HylaFAX client access control list
The ASCII file etc/hosts in the HylaFAX spooling area
specifies the hosts and users that are permitted to access
services through the hfaxd(8C) process. This file must
exist for client access; if it is not present then hfaxd
will deny all requests for service. Note also that this
file must be readable only by the ``fax'' user; i.e. it
should have mode 600 and be owned by ``fax''.
Each newline-terminated entry is a set of colon (:) sepa-
rated fields, all but the first of which are optional.
Trailing null fields and their separators may be omitted.
The most general form is:
client is a regular expression to be matched against a
string ``user@host'' that is formed from the user string
passed to hfaxd with the USER command and the official
host name or the DARPA Internet address, specified in
``dot notation''. If client does not contain an ``@''
then, for backwards compatibility, it is treated as a host
for which any user may have access; i.e. it is automati-
cally converted to the regular expression ``^.*@client$''.
Comments are introduced with the ``#'' character and
extend to the end of the line. Any whitespace immediately
preceding a comment is also ignored.
If client has a leading ``!'', then it is interpreted as a
class of hosts and users to which access is to be disal-
lowed. That is, if the pattern matches the client infor-
mation, then access is denied.
Note that regular expressions are not anchored. That is,
a regular expression may match a substring of the
``user@host'' string. Thus `pb@.*\.cl\.cam\.ac\.uk'
matches `email@example.com'. Use ``^'' to
match the start of the string and ``$'' to match the end.
Fields following client are optional and specify the fol-
uid The numerical user ID to assign to clients that
use the entry for access. hfaxd uses the uid to
control access to server resources such as jobs
and documents (the value is used to set the
group ID of files created by a client).
Multiple clients/users may share the same uid or
unique IDs may be created for each client. User
January 18, 1996 1
IDs may be any number in the range [0..6002]
with 6002 used, by convention, for entries that
do not have a uid specified.
passwd The encrypted password. If this field is empty
(null) then no password will be demanded when a
client logs in; i.e. the USER command does not
need to be followed by a PASS command.
adminwd The encrypted password for this user to gain
administrative privileges. If this field is
empty (null) then the user is not permitted to
have administrative privileges.
The following is a sample hosts file. Note that the first
entry that matches is taken, so more-specific entries
should be placed first.
# pb on a machine directly in cl.cam.ac.uk can
# administer if an admin pw is given
127.0.0.1 # anyone on local host uses the default uid
^sam@flake.*sgi\.com$ # Sam on his work machine
^sam@oxford.*Berkeley.*# Sam on any machine starting oxford and containing
# Berkeley, e.g. firstname.lastname@example.org
^.*@.*.\.esd\. # anyone in an esd domain
!^tom@ # Tom Davis is denied access
.*\.sgi\.com$ # but anyone else at sgi is ok
sendfax(1), hfaxd(8C), hylafax(5F)
January 18, 1996 2