Package: smbclient Version: 3.0.22-1 Severity: wishlist The problem is as follows: CUPS 1.2 setuids its backends to a safe user (lp on Debian) unless the backend is chmod 0700.
CUPS 1.1 ran its backends as whatever user cupsd was running as (root on Debian) (Apparently this change wasn't important enough to appear in the CUPS 1.2 changelogs) /usr/bin/smbspool (called via symlink from /usr/lib/cups/backends/smb) will not run setuid (libsmb rejects this, quite sensibly) As noted in #371143, RunAsUser in /etc/cupsd.conf has no effect as of CUPS 1.2. smbspool needs to be root to read mode 600 /tmp/krb5cc*, to be able to submit print jobs to Active Directory-based print servers without putting the username and password into the Device URI. The problem is of course that making smbspool 0700 in the .deb means it can't be used by non-priviliged users, which is pretty much everyone except those trying to use the kinda-hacky kerberos support in smbspool. So this becomes wishlist... And mybe slightly documentation for the next poor soul to spend all afternoon beating cups with a stick. ^_^ -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (990, 'unstable'), (950, 'unstable'), (900, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-686 Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) -- Paul "TBBle" Hampson, [EMAIL PROTECTED] Shorter .sig for a more eco-friendly paperless office.
pgpql7BBsPNMQ.pgp
Description: PGP signature