Package: cupsys Version: 1.1.23-10 Severity: important The permissions on /usr/share/cups/model are strange compared with the other files in /usr/share/cups:
$ stat /usr/share/cups/model File: `/usr/share/cups/model' Size: 4096 Blocks: 8 IO Block: 4096 directory Device: fe03h/65027d Inode: 52606 Links: 3 Access: (3775/drwxrwsr-t) Uid: ( 0/ root) Gid: ( 106/ lpadmin) Access: 2005-04-27 22:19:07.000000000 +0100 Modify: 2005-04-27 13:03:59.000000000 +0100 Change: 2005-04-27 22:19:06.000000000 +0100 $ ls -l /usr/share/cups total 360 drwxr-xr-x 2 root root 4096 Apr 20 00:36 banners/ -rw-r--r-- 1 root root 331836 Apr 27 11:43 calibrate.ppm drwxr-xr-x 2 root root 4096 Apr 20 00:36 charsets/ drwxr-xr-x 2 root root 4096 Apr 20 00:36 data/ drwxr-xr-x 8 root root 4096 Apr 20 00:37 doc-root/ drwxr-xr-x 2 root root 4096 Apr 20 00:36 fonts/ drwxrwsr-t 3 root lpadmin 4096 Apr 27 13:03 model/ drwxr-xr-x 7 root root 4096 Apr 20 00:36 templates/ Not only is its group set to "lpadmin", it's setgid /and/ sticky. What makes this directory different, and what is the rationale behind the setgid and sticky status? This breaks upgrades of the cupsys-driver-gutenprint (formerly cupsys-driver-gimpprint) package, available here: http://people.debian.org/~rleigh/gutenprint/sid/5.0.0-beta4/ # dpkg -i cupsys-driver-gutenprint_5.0.0-beta4-1_powerpc.deb (Reading database ... 112922 files and directories currently installed.) Preparing to replace cupsys-driver-gutenprint 5.0.0-beta4-1 (using cupsys-driver-gutenprint_5.0.0-beta4-1_powerpc.deb) ... Unpacking replacement cupsys-driver-gutenprint ... Setting up cupsys-driver-gutenprint (5.0.0-beta4-1) ... Subroutine wprintw redefined at (eval 103) line 1. Subroutine mvprintw redefined at (eval 103) line 2. Subroutine nl redefined at /usr/share/perl5/perlmenu.pm line 1857. Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-30.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-50.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-55.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-bjc-80.5.0.ppd.gz... [...] Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-4si.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-5.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-5si.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-pcl-6.5.0.ppd.gz... Writing /usr/share/cups/model/gutenprint/5.0/en/stp-lexmark-4076.5.0.ppd.gz... Use of uninitialized value in pattern match (m//) at /usr/sbin/cups-genppdupdate.5.0 line 453, <ORIG> line 1068. **** Bug in the update script, since fixed. /usr/share/cups/model/gutenprint/5.0/en/stp-escp2-c60.5.0.ppd.gz: not a regular file, or insecure ownership and permissions. Skipped **** For security, the update script requires that the permissions are at least 0644 and uid=0 and gid=0. The setgid lpadmin changes the gid, so the script fails. /etc/cups/ppd/c60.ppd: no valid candidate for replacement. Skipping /etc/cups/ppd/c60.ppd: please upgrade this PPD manually Failed to update any PPD files Restarting Common Unix Printing System: cupsd. The change isn't necessarily /wrong/, but if PPDs are installed from a .deb, the setgid bit will be ignored. In this case the PPDs are generated in the postinst, which is why the group ownership changes. I can change by script to check for gid=lpadmin, but it's then no longer distribution-agnostic. If there's no good reason for the current ownership and permissions, please could you change it back to root:root 0755? Thanks. Regards, Roger -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (990, 'unstable') Architecture: powerpc (ppc) Kernel: Linux 2.6.11.7 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages cupsys depends on: ii adduser 3.63 Add and remove users and groups ii debconf 1.4.48 Debian configuration management sy ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an ii libcupsimage2 1.1.23-10 Common UNIX Printing System(tm) - ii libcupsys2-gnutls10 1.1.23-10 Common UNIX Printing System(tm) - ii libgnutls11 1.0.16-13 GNU TLS library - runtime library ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libpaper1 1.1.14-3 Library for handling paper charact ii libslp1 1.0.11a-2 OpenSLP libraries ii patch 2.5.9-2 Apply a diff file to an original ii perl-modules 5.8.4-8 Core Perl modules ii xpdf-utils 3.00-13 Portable Document Format (PDF) sui ii zlib1g 1:1.2.2-4 compression library - runtime -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
