Kaixo!
On Thu, Feb 17, 2000 at 11:18:40AM +0100, [EMAIL PROTECTED] wrote:
> > ..when you type "lpr" on the commandline. I have high security-level
> > turned on, but I don't think this should be a problem. (And if it is,
> > why isn't it documented..?!?)
>
> No, this is the problem, /etc/printcap cannot be read by lpr, maybe lpr
> check for access right on the file as it is suid.
>
> To fix this problem, use chmod a+r /etc/printcap when root, although this
> will give everyone access to /etc/printcap, this will help you waiting
> for a correction.
The right solution will be to make lpr command s-x--x--- root.printer
and the /etc/printcap file rw-r----- root.printer; then add to the "printer"
group any user that is allowed to print.
(A nice future improvement will be to have a "permissions" tab on the user
configuration tool; that tab would show a list of checkbox like:
Services this user is allowed to use:
[x] printing [x] direct CD access (eg audio CD)
[ ] modem access [ ] FAT fs write access
[x] internet access [X] sound access
etc.
(PS: note that modem access and internet access are not the same; modem
access means real modem acces, to /dev/modem, you can do what you want, ppp,
fax, etc. internet access means being able to launch pppd; but it could be
set up to forbid the user giving a phone number for example, so avoiding
misuse of long distance calls)
Such a configuration will really be very intuitive for anyone, and at same
time take full advantage and power of the user/group/other scheme, and
allow easy configuration still keeping the securioty and power of tightly
controled accesses and permissions.
I use a similar scheme on my machine; that allows me to give free access
to it yet avoid nuisances like (while : do ; echo "fuck you" | lpr ; done)
(yes, someone really tried that on my machine; of course without any success
at all)
> Fran�ois.
--
Ki �a vos v�ye b�n,
Pablo Saratxaga
http://www.ping.be/~pin19314/ PGP Key available, key ID: 0x8F0E4975
