From owner-freebsd-stable Fri Jan 12 7: 3: 8 2001 Delivered-To: freebsd-stable@freebsd.org Received: from picalon.gun.de (unknown [192.109.159.1]) by hub.freebsd.org (Postfix) with ESMTP id AC84637B400; Fri, 12 Jan 2001 07:02:46 -0800 (PST) Received: (from uucp@localhost) by picalon.gun.de (8.9.3/8.9.3) id QAA01321; Fri, 12 Jan 2001 16:00:28 +0100 (MET) >Received: (from andreas@localhost) by klemm.gtn.com (8.11.1/8.11.1) id f0CErPG08762; Fri, 12 Jan 2001 15:53:25 +0100 (CET) (envelope-from andreas) Date: Fri, 12 Jan 2001 15:53:25 +0100 From: Andreas Klemm To: Garance A Drosihn Cc: Andreas Klemm , Ilya Martynov , gad@FreeBSD.ORG, apsfilter-current@apsfilter.org, freebsd-stable@FreeBSD.ORG, Garrett Wollman , apsfilter-devel@apsfilter.org Subject: Re: printer spooldirs wrong owner ?? (was Re: Fixes for apsfilter-current-09.12.2000 (printing via smbclient) ) Message-ID: <20010112155325.A8649@titan.klemm.gtn.com> References: <20001214080622.A11433@titan.klemm.gtn.com> Mime-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from drosih@rpi.edu on Thu, Dec 14, 2000 at 06:13:01PM -0500 X-Operating-System: FreeBSD 4.2-STABLE SMP X-Disclaimer: A free society is one where it is safe to be unpopular Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Dec 14, 2000 at 06:13:01PM -0500, Garance A Drosihn wrote: > At 8:06 AM +0100 12/14/00, Andreas Klemm wrote: > >On Wed, Dec 13, 2000 at 03:35:51PM +0300, Ilya Martynov wrote: > > > P.S. I forgot about another problem I meet while setting up > > > printing. SETUP creates smbclient.conf that is not readble > > > by lpd. For me it was created as: > > > > >> -rw------- 1 root daemon 156 Dec 12 16:41 smbclient.conf > >> > >> to make printing work I had to chmod g+r on it. > > > >I think this is an inconsistency in FreeBSD ... > > > >The filterscript (forked by llpd) runs under permissions > >daemon.wheel, but the spooldirs in FreeBSD by default are > >created with permissions root.daemon. > > > >I think this could easily be fixed, if you would > > chown -R dameon.wheel /var/spool/lpd > >and during apsfilter SETUP you should take care that owner > >and group are now setup right to match daemon.wheel. > > > >[ Cc'd to freebsd-stable ] > > > >What do the lpd maintaining authorities in FreeBSD say ? > > I haven't thought about permissions enough to say I have a > strong opinion on it, but my gut-level feeling is that the > spool directories are created with the right owner+group > (ie, root+daemon). > > What I don't understand here is what that has to do with > smbclient.conf. Well, the file contains passwords. So I have to protect it. I thought I could simply "clone" the permissions of the spool directory /var/spool/lpd. On the first glance it looked reasonable. drwxr-xr-x 3 root daemon 512 9 Jan 14:54 /var/spool/lpd So I choosed 600 root.daemon for the smbclient.conf file. But bad luck, the input filter runs with other permissions (other owner -> root) and therefore was unable to read the smbclient config file. When printing a job to a remote printer, you'll also notice, that files are created with owner root ... So, on remote printing you have owner root, whereas a local input filter runs with owner daemon. This confuses me somehow ... It would be fine, if the permissions of the spooldir would reflect owner and group under which lpd *always* runs, including scripts. This would make it easier to understand, what privileges are in use and for script writers it would be easier to choose the proper permissions. On the other hand I don't want you to do changes, that break compatibility in any way ... I'd really appreciate, if people, who know lpd code a little could tell me, if things have to be, as they are or if it would be useful, to have uniq permissions, no matter if we have to deal with remote print jobs or running input filters ... Andreas /// -- Andreas Klemm Apsfilter Homepage http://www.apsfilter.org Support over mailing-lists (only!) http://www.apsfilter.org/support Mailing-list archive http://www.apsfilter.org/Lists-Archives To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message