The discussion below is about lprng 3.5.2-1.2. I'm using potato but the same version seems to be in slink too. I have not yet filed the bug report I promised, so any suggestions to make a more intelligent bug report are welcome. Otherwise I'll send in what I have here withing the next 24 hours.
I did some more research about lprng and /etc/lpd.perms. I found two ways to enable printing from local host. The first one takes 'disable all, enable what needed' approach and the other one is 'enable all, disable what not needed'. The both patches include one common restriction (ACCEPT SERVICE=S SERVER) which I found when checking out existing bug reports against lprng. In the first patch, which keeps "DEFAULT REJECT", I had to add both localhost and the fully qualified domain name to get things working. I found this out by running lpd with debuggin on. It looks like lpd likes to do a lot of DNS lookups. Adding the both names did the trick. --- lpd.perms.orig Sat Jan 30 21:11:29 1999 +++ lpd.perms Sat Jan 30 22:29:41 1999 @@ -163,8 +163,8 @@ ## # allow root on server to control jobs ACCEPT SERVICE=C SERVER REMOTEUSER=root -# allow anybody to get status -ACCEPT SERVICE=S +# allow anybody on server to get status +ACCEPT SERVICE=S SERVER # reject all others, including lpc commands permitted by user_lpc REJECT SERVICE=CSU # @@ -173,7 +173,9 @@ # allow root on server to remove a job ACCEPT SERVICE=M SERVER REMOTEUSER=root REJECT SERVICE=M -# all other operations denied +# all other operations allowed from local host, none from a remote host +ACCEPT SERVICE=XPRQ REMOTEHOST=localhost +ACCEPT SERVICE=XPRQ REMOTEHOST=rae.ton.tut.fi DEFAULT REJECT # all other operations allowed # DEFAULT ACCEPT The second patch does what [EMAIL PROTECTED] suggested and rejects everyone but localhost. --- lpd.perms.orig Sat Jan 30 21:11:29 1999 +++ lpd.perms Sat Jan 30 22:37:22 1999 @@ -163,8 +163,8 @@ ## # allow root on server to control jobs ACCEPT SERVICE=C SERVER REMOTEUSER=root -# allow anybody to get status -ACCEPT SERVICE=S +# allow anybody on server to get status +ACCEPT SERVICE=S SERVER # reject all others, including lpc commands permitted by user_lpc REJECT SERVICE=CSU # @@ -174,7 +174,9 @@ ACCEPT SERVICE=M SERVER REMOTEUSER=root REJECT SERVICE=M # all other operations denied -DEFAULT REJECT +# DEFAULT REJECT +# reject request not from local host +REJECT SERVICE=XRPQ NOT SERVER # all other operations allowed -# DEFAULT ACCEPT +DEFAULT ACCEPT // Heikki -- Heikki Vatiainen * [EMAIL PROTECTED] Tampere University of Technology * Tampere, Finland
