#define N(a) (sizeof (a) / sizeof (a[0]))
+/*
+ * logFacility *must* be tie first entry - see it's handling
+ * below in setConfigItem()
+ */
HylaFAXServer::stringtag HylaFAXServer::strings[] = {
{ "logfacility", &HylaFAXServer::logFacility, LOG_FAX },
{ "faxcontact", &HylaFAXServer::faxContact, "FaxMaster" },
"UNIX Type: L8 Version: SVR4" },
{ "admingroup", &HylaFAXServer::admingroup },
};
+
+/*
+ * jobprotection needs to be first as well, see setConfigItem() below
+ */
HylaFAXServer::numbertag HylaFAXServer::numbers[] = {
+{ "jobprotection", &HylaFAXServer::jobProtection, 0644 },
{ "servertracing", &HylaFAXServer::tracingLevel, TRACE_SERVER },
{ "idletimeout", &HylaFAXServer::idleTimeout, 900 },
{ "maxidletimeout", &HylaFAXServer::maxIdleTimeout, 7200 },
{ "maxloginattempts", &HylaFAXServer::maxLoginAttempts, 5 },
{ "maxadminattempts", &HylaFAXServer::maxAdminAttempts, 5 },
{ "maxconsecutivebadcmds",&HylaFAXServer::maxConsecutiveBadCmds,10 },
-{ "jobprotection", &HylaFAXServer::jobProtection, 0444 },
};
HylaFAXServer::booltag HylaFAXServer::booleans[] = {
{ "allowsorting", &HylaFAXServer::allowSorting, true },
}
} else if (findTag(tag, (const tags*) numbers, N(numbers), ix)) {
(*this).*numbers[ix].p = getNumber(value);
+ switch (ix) {
+ case 0: if ( (jobProtection & 0600) != 0600)
+ {
+ logError("JobProtection value must include 0600, forcing");
+ jobProtection |= 0600;
+ }
+ }
} else if (findTag(tag, (const tags*) booleans, N(booleans), ix)) {
(*this).*booleans[ix].p = getBoolean(value);
} else
if (newJob(emsg) && updateJobOnDisk(*curJob, emsg)) {
fxStr file("/" | curJob->qfile);
setFileOwner(file); // force ownership
- FileCache::chmod(file, 0660); // sync cache
+ FileCache::chmod(file, jobProtection); // sync cache
curJob->lastmod = Sys::now(); // noone else should update
reply(200, "New job created: jobid: %s groupid: %s.",
(const char*) curJob->jobid, (const char*) curJob->groupid);
{
if (job.fd < 0)
{
- job.fd = Sys::open("/" | job.qfile, O_RDWR|O_CREAT, 0600);
+ job.fd = Sys::open("/" | job.qfile, O_RDWR|O_CREAT, jobProtection);
if (job.fd < 0)
{
emsg = "Cannot open/create job description file /" | job.qfile;
IdleTimeout integer \s-1900\s+1 client idle timeout in seconds
JobFmt string \s-1\fIsee below\fP\s+1 format string for job status results
JobSortFmt string \s-1-\s+1 format string for sorting job status listing
-JobProtection octal \s-10444\s+1 permissions for client access to jobs
+JobProtection octal \s-10444\s+1 permissions for job qfiles in sendq/docq
KillTimeMap string \s-1\fIsee below\fP\s+1 mapping from service level to job kill time (\s-1SNPP\s+1)
LogFacility string \s-1daemon\s+1 \fIsyslog\fP facility name for tracing messages
MaxAdminAttempts integer \s-15\s+1 maximum admin attempts before disconnecting
sendq and doneq directories. Follows the JobFmt formatting rules.
.TP 10
.B JobProtection
-The permissions setting for viewing jobs in the \*(Fx queues. The
-default setting of ``0444'' allows all users to view all jobs in the send/done
-queues. The permissions copy unix filesystem permission, with the 3 sets
-being owner, admin, and others, instead of owner/group/other. The only
-permissions that are meaningful are read, because write permissions are
-controlled for the specific properties of the job. If a user doesn't have
-read permissions on the job, the job will not be visible to them. Useful
-settings are ``0444'' (for oao=r), ``0440'' (for oa=r), and ``0400'' (for o=r).
+The file mode setting for job qfiles in the \*(Fx queues (sendq and doneq).
+The default setting of ``0644'' allows all users to view all job paramaters in
+the send/done queues. The mode determines the permissions of the clients to
+see the jobs, following the \*(Fx permission model of the group bits
+controlling uid permissions and the other bits controlling other permissions.
.TP 10
.B KillTimeMap
The mapping from \s-1SNPP\s+1 service level (0-11) to job expiration time
projects / thirdparty / HylaFAX.git / commitdiff
