Your message dated Fri, 29 Apr 2005 14:31:37 +0100
with message-id <[EMAIL PROTECTED]>
and subject line Bug#306674: cupsys: Incorrect permissions on 
/usr/share/cups/model
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 27 Apr 2005 22:03:46 +0000
>From [EMAIL PROTECTED] Wed Apr 27 15:03:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from s2.ukfsn.org (mail.ukfsn.org) [217.158.120.143] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DQudF-0003ZO-00; Wed, 27 Apr 2005 15:03:45 -0700
Received: from localhost (lucy.ukfsn.org [127.0.0.1])
        by mail.ukfsn.org (Postfix) with ESMTP
        id 526E2E6D98; Wed, 27 Apr 2005 23:01:15 +0100 (BST)
Received: from mail.ukfsn.org ([127.0.0.1])
 by localhost (lucy.ukfsn.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 30322-15; Wed, 27 Apr 2005 23:01:15 +0100 (BST)
Received: from hardknott.home.whinlatter.ukfsn.org 
(dsl-80-41-9-131.access.as9105.com [80.41.9.131])
        by mail.ukfsn.org (Postfix) with ESMTP
        id D4433E6D96; Wed, 27 Apr 2005 23:01:14 +0100 (BST)
Received: from rleigh by hardknott.home.whinlatter.ukfsn.org with local (Exim 
4.50)
        id 1DQuZ4-0001oG-41; Wed, 27 Apr 2005 22:59:26 +0100
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Roger Leigh <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: cupsys: Incorrect permissions on /usr/share/cups/model
X-Mailer: reportbug 3.11
Date: Wed, 27 Apr 2005 22:59:25 +0100
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: cupsys
Version: 1.1.23-10
Severity: important

The permissions on /usr/share/cups/model are strange compared with the
other files in /usr/share/cups:

$ stat /usr/share/cups/model
  File: `/usr/share/cups/model'
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: fe03h/65027d    Inode: 52606       Links: 3
Access: (3775/drwxrwsr-t)  Uid: (    0/    root)   Gid: (  106/ lpadmin)
Access: 2005-04-27 22:19:07.000000000 +0100
Modify: 2005-04-27 13:03:59.000000000 +0100
Change: 2005-04-27 22:19:06.000000000 +0100

$ ls -l /usr/share/cups
total 360
drwxr-xr-x  2 root root      4096 Apr 20 00:36 banners/
-rw-r--r--  1 root root    331836 Apr 27 11:43 calibrate.ppm
drwxr-xr-x  2 root root      4096 Apr 20 00:36 charsets/
drwxr-xr-x  2 root root      4096 Apr 20 00:36 data/
drwxr-xr-x  8 root root      4096 Apr 20 00:37 doc-root/
drwxr-xr-x  2 root root      4096 Apr 20 00:36 fonts/
drwxrwsr-t  3 root lpadmin   4096 Apr 27 13:03 model/
drwxr-xr-x  7 root root      4096 Apr 20 00:36 templates/

Not only is its group set to "lpadmin", it's setgid /and/ sticky.
What makes this directory different, and what is the rationale
behind the setgid and sticky status?

This breaks upgrades of the cupsys-driver-gutenprint (formerly
cupsys-driver-gimpprint) package, available here:
http://people.debian.org/~rleigh/gutenprint/sid/5.0.0-beta4/

# dpkg -i cupsys-driver-gutenprint_5.0.0-beta4-1_powerpc.deb
(Reading database ... 112922 files and directories currently installed.)
Preparing to replace cupsys-driver-gutenprint 5.0.0-beta4-1 (using
cupsys-driver-gutenprint_5.0.0-beta4-1_powerpc.deb) ...
Unpacking replacement cupsys-driver-gutenprint ...
Setting up cupsys-driver-gutenprint (5.0.0-beta4-1) ...
Subroutine wprintw redefined at (eval 103) line 1.
Subroutine mvprintw redefined at (eval 103) line 2.
Subroutine nl redefined at /usr/share/perl5/perlmenu.pm line 1857.
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-30.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-50.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-55.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-80.5.0.ppd.gz...
[...]
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-4si.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-5.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-5si.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-6.5.0.ppd.gz...
Writing /usr/share/cups/model/gutenprint/5.0/en/stp-lexmark-4076.5.0.ppd.gz...
Use of uninitialized value in pattern match (m//) at 
/usr/sbin/cups-genppdupdate.5.0 line 453, <ORIG> line 1068.

    **** Bug in the update script, since fixed.

/usr/share/cups/model/gutenprint/5.0/en/stp-escp2-c60.5.0.ppd.gz: not a
regular file, or insecure ownership and permissions.  Skipped

   **** For security, the update script requires that the permissions are
   at least 0644 and uid=0 and gid=0.  The setgid lpadmin changes the gid,
   so the script fails.

/etc/cups/ppd/c60.ppd: no valid candidate for replacement.  Skipping
/etc/cups/ppd/c60.ppd: please upgrade this PPD manually
Failed to update any PPD files
Restarting Common Unix Printing System: cupsd.


The change isn't necessarily /wrong/, but if PPDs are installed from a
.deb, the setgid bit will be ignored.  In this case the PPDs are
generated in the postinst, which is why the group ownership changes.
I can change by script to check for gid=lpadmin, but it's then no longer
distribution-agnostic.  If there's no good reason for the current
ownership and permissions, please could you change it back to
root:root 0755?  Thanks.


Regards,
Roger


-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Kernel: Linux 2.6.11.7
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages cupsys depends on:
ii  adduser                     3.63         Add and remove users and groups
ii  debconf                     1.4.48       Debian configuration management sy
ii  libc6                       2.3.2.ds1-21 GNU C Library: Shared libraries an
ii  libcupsimage2               1.1.23-10    Common UNIX Printing System(tm) - 
ii  libcupsys2-gnutls10         1.1.23-10    Common UNIX Printing System(tm) - 
ii  libgnutls11                 1.0.16-13    GNU TLS library - runtime library
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libpaper1                   1.1.14-3     Library for handling paper charact
ii  libslp1                     1.0.11a-2    OpenSLP libraries
ii  patch                       2.5.9-2      Apply a diff file to an original
ii  perl-modules                5.8.4-8      Core Perl modules
ii  xpdf-utils                  3.00-13      Portable Document Format (PDF) sui
ii  zlib1g                      1:1.2.2-4    compression library - runtime

-- debconf information excluded

---------------------------------------
Received: (at 306674-done) by bugs.debian.org; 29 Apr 2005 13:37:58 +0000
>From [EMAIL PROTECTED] Fri Apr 29 06:37:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from s2.ukfsn.org (mail.ukfsn.org) [217.158.120.143] 
        by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
        id 1DRVgs-0005T5-00; Fri, 29 Apr 2005 06:37:58 -0700
Received: from localhost (lucy.ukfsn.org [127.0.0.1])
        by mail.ukfsn.org (Postfix) with ESMTP
        id 46669E6DA0; Fri, 29 Apr 2005 14:37:56 +0100 (BST)
Received: from mail.ukfsn.org ([127.0.0.1])
 by localhost (lucy.ukfsn.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 22086-07; Fri, 29 Apr 2005 14:37:56 +0100 (BST)
Received: from hardknott.whinlatter.ukfsn.org (dsl-80-41-0-36.access.as9105.com 
[80.41.0.36])
        by mail.ukfsn.org (Postfix) with ESMTP
        id C6723E6D98; Fri, 29 Apr 2005 14:37:55 +0100 (BST)
Received: from rleigh by hardknott.whinlatter.ukfsn.org with local (Exim 4.50)
        id 1DRVaj-0002Jl-DO; Fri, 29 Apr 2005 14:31:37 +0100
To: Kenshi Muto <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Bug#306674: cupsys: Incorrect permissions on
 /usr/share/cups/model
References: <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
        <[EMAIL PROTECTED]>
From: Roger Leigh <[EMAIL PROTECTED]>
Date: Fri, 29 Apr 2005 14:31:37 +0100
In-Reply-To: <[EMAIL PROTECTED]> (Kenshi
 Muto's message of "Fri, 29 Apr 2005 22:21:31 +0900")
Message-ID: <[EMAIL PROTECTED]>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kenshi Muto <[EMAIL PROTECTED]> writes:

> At Thu, 28 Apr 2005 19:01:49 +0100,
> Roger Leigh wrote:
>> I've now modified the update script to check for gid==lpadmin, so
>> there's no need to change it.
>
> Thanks. So can I close this bug?

Sure.  It should be done with this reply.

>> If lpadmin should be able to add printers, it might be worth thinking
>> about extending the lpadmin group ownership to other parts of the
>> system.
>
> Exactly.
> To decrease root-power from CUPS, it needs more modifications.
> Ubuntu looks do already this, but I'm afraid it's sensitive at this
> time for Sarge.
> I'd like to treat this as post-sarge issue.

Certainly.  I look forward to any changes to do this post-Sarge.


Thanks,
Roger

- -- 
Roger Leigh
                Printing on GNU/Linux?  http://gimp-print.sourceforge.net/
                Debian GNU/Linux        http://www.debian.org/
                GPG Public Key: 0x25BFB848.  Please sign and encrypt your mail.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>

iD8DBQFCcjc5VcFcaSW/uEgRAqxxAJ0bejea7udUkLEHfz69zKKZ5xgAOACg8vZd
lLCFOxfUFhnGVvSrKIbx8iU=
=PPKL
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to