Hi,
I'm having a bit of trouble figuring out why I can impersonate users
with the -U flag when printing with lpr, but not when canceling jobs
with lprm. For example, I'm root on my print server, 'harpo', and I
type this:
harpo # su - nobody -c 'lpr -Phorn -Utest /etc/motd'
Now, the job is in the queue as though 'test' had submitted it:
harpo # lpq -Phorn
Printer: horn@harpo
Rank Owner/ID Class Job Files Size Time
active test@harpo+847 A 847 /etc/motd 612 12:24:01
Then, I try to remove it as nobody with -U test (same as when I
printed it):
harpo # su - nobody -c 'lprm -Phorn -Utest 847'
Printer horn@harpo:
checking perms 'test@harpo+847'
no permissions 'test@harpo+847'
This is weird. If I could print, why can't I also remove ?
I can remove just fine as user 'test', though:
harpo # su - test -c 'lprm -Phorn 847'
Printer horn@harpo:
checking perms 'test@harpo+847'
dequeued 'test@harpo+847'
What gives ?
The relevant information in my /etc/printcap is:
.commonserver
:af=/var/log/lpd/%P
:filter=/usr/libexec/filters/ifhp
:lp=%P.mydomain.net%9100
:sd=/var/spool/printers/%P
:done_jobs=0
:done_jobs_max_age=0
:save_when_done@
:save_on_error@
:mx=0
.commonclient
:allow_user_setting=nobody
:[EMAIL PROTECTED]
horn:server:ifhp=model=hp4simx:tc=.commonserver
horn:client:tc=.commonclient
And my lpd.perms file looks like this:
ACCEPT SERVICE=C SERVER REMOTEUSER=root
ACCEPT SERVICE=C LPC=lpd,status,printcap
REJECT SERVICE=C
ACCEPT SERVICE=M SAMEHOST SAMEUSER
ACCEPT SERVICE=M SERVER REMOTEUSER=root
REJECT SERVICE=M
DEFAULT ACCEPT
The lpd.conf file doesn't have anything in it, it's all the default
settings of the precompiled RPMs I've downloaded from lprng.com
(LPRng-3.8.10-1.i386.rpm and ifhp-3.5.7-1.i386.rpm)
Thanks much for any help or ideas you might have...
Gabriel
--
-----------------------------------------------------------------------
Gabriel L. Somlo Assistant System Administrator
Computer Science Department
Colorado State University e-mail: [EMAIL PROTECTED]
601 Howes St. 2nd Floor phone: +1 (970) 491-5305
Fort Collins, CO 80523
-----------------------------------------------------------------------
-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address
If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body. For the impatient,
to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED]
with: | example:
subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED]
If you have major problems, send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------
