From owner-freebsd-ports  Tue Aug 13  7:44:52 2002
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 41E0E37B427; Tue, 13 Aug 2002 07:44:47 -0700 (PDT)
Received: from sep.oldach.net (sep.oldach.net [194.180.25.6])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 0BE1743E6A; Tue, 13 Aug 2002 07:44:45 -0700 (PDT)
	(envelope-from hmo@sep.oldach.net)
Received: from sep.oldach.net (localhost [127.0.0.1])
	by sep.oldach.net (8.12.5/8.12.5/hmo29jun02) with ESMTP id g7DEigl6082157
	(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO);
	Tue, 13 Aug 2002 16:44:42 +0200 (CEST)
	(envelope-from hmo@sep.oldach.net)
Received: (from hmo@localhost)
	by sep.oldach.net (8.12.5/8.12.5/Submit) id g7DEif0B082156;
	Tue, 13 Aug 2002 16:44:41 +0200 (CEST)
	(envelope-from hmo)
Message-Id: <200208131444.g7DEif0B082156@sep.oldach.net>
Subject: Re: ports/31684: ports/comms/hylafax fixes
In-Reply-To: <200208122317.g7CNHmvx039066@freefall.freebsd.org> from Greg Lewis at "Aug 12, 2002  4:17:48 pm"
To: glewis@FreeBSD.org (Greg Lewis)
Date: Tue, 13 Aug 2002 16:44:41 +0200 (CEST)
Cc: freebsd-ports@FreeBSD.org
From: send-pr@oldach.net (Helge Oldach)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org

Greg Lewis:
> State-Changed-From-To: open->closed
> State-Changed-By: glewis
> State-Changed-When: Mon Aug 12 16:16:40 PDT 2002
> State-Changed-Why: 
> I've implemented all of these changes except the last one.  I don't
> believe its required as you can specify a user (fax, uucp) to start
> a process as in inetd.conf.

Thank you very much for the commits.

However the inetd issue doesn't work as you explained. I have 

| hylafax	stream	tcp	nowait	uucp	/usr/local/sbin/hfaxd	hfaxd -I -d
| fax	stream	tcp	nowait	uucp	/usr/local/sbin/hfaxd	hfaxd -O -d
| snpp	stream	tcp	nowait	uucp	/usr/local/sbin/hfaxd	hfaxd -S -d

in my inetd.conf. But when I talk to the hylafax port I am lacking
permissions:

| hmo@sep /home/hmo > socket localhost hylafax
| 220 sep.oldach.net server (HylaFAX (tm) Version 4.1) ready.
| USER hmo
| 550 Cannot set privileges.
| quit
| 221 Goodbye.
| hmo@sep /home/hmo > 

It does work however when I change the "uucp" user to "root" in
inetd.conf.

I believe this has to do with Hylafax chrooting to /var/spool/hylafax
which is only allowed by root or by a setuid binary. So when a
non-setuid hfaxd is being started from inetd the only option is to run
the daemon as root and not as uucp or fax. Probably less dangerous than
having another setuid binary...

Anyhow, how about a suggestion for the proper server configuration after
"make install"?

Kind regards,
Helge

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message