Re: LPRng: Please Help: -U works with lpr, but not with lprm

Gabriel L Somlo Mon, 15 Apr 2002 09:59:47 -0700


Hi Patrick,


Thanks for looking into it. Just to do a sanity check, I tried this
with the default rpm which shipped with redhat 7.1
(LPRng-3.7.4-22.i386.rpm), and it had the same behavior. So it's not a
problem specific to LPRng-3.8.10-1.i386.rpm...

T.I.A. for any other ideas...

Gabriel

-- 
-----------------------------------------------------------------------
     Gabriel L.  Somlo                   Assistant System Administrator
Computer Science Department
 Colorado State University               e-mail: [EMAIL PROTECTED]
  601 Howes St. 2nd Floor                 phone: +1 (970) 491-5305
  Fort Collins,  CO 80523
-----------------------------------------------------------------------

On Fri, 12 Apr 2002, Patrick Powell wrote:

> I am baffled... I will look at this again...
> 
> > From [EMAIL PROTECTED] Thu Apr 11 12:46:47 2002
> > Date: Thu, 11 Apr 2002 12:37:04 -0600 (MDT)
> > From: Gabriel L Somlo <[EMAIL PROTECTED]>
> > To: [EMAIL PROTECTED]
> > Subject: LPRng: Please Help: -U works with lpr, but not with lprm
> >
> >
> > Hi,
> >
> > I'm having a bit of trouble figuring out why I can impersonate users
> > with the -U flag when printing with lpr, but not when canceling jobs
> > with lprm. For example, I'm root on my print server, 'harpo', and I
> > type this:
> >
> >     harpo # su - nobody -c 'lpr -Phorn -Utest /etc/motd'
> >
> > Now, the job is in the queue as though 'test' had submitted it:
> >
> >     harpo # lpq -Phorn
> >     Printer: horn@harpo
> >      Rank   Owner/ID         Class Job Files       Size Time
> >     active test@harpo+847      A   847 /etc/motd    612 12:24:01
> >
> > Then, I try to remove it as nobody with -U test (same as when I
> > printed it):
> >
> >     harpo # su - nobody -c 'lprm -Phorn -Utest 847'
> >     Printer horn@harpo:
> >       checking perms 'test@harpo+847'
> >       no permissions 'test@harpo+847'
> >
> > This is weird. If I could print, why can't I also remove ?
> >
> > I can remove just fine as user 'test', though:
> >
> >     harpo # su - test -c 'lprm -Phorn 847'
> >     Printer horn@harpo:
> >       checking perms 'test@harpo+847'
> >       dequeued 'test@harpo+847'
> >
> > What gives ?
> >
> > The relevant information in my /etc/printcap is:
> >
> >     .commonserver
> >       :af=/var/log/lpd/%P
> >       :filter=/usr/libexec/filters/ifhp
> >       :lp=%P.mydomain.net%9100
> >       :sd=/var/spool/printers/%P
> >       :done_jobs=0
> >       :done_jobs_max_age=0
> >       :save_when_done@
> >       :save_on_error@
> >       :mx=0
> >     .commonclient
> >       :allow_user_setting=nobody
> >       :[EMAIL PROTECTED]
> >
> >     horn:server:ifhp=model=hp4simx:tc=.commonserver
> >     horn:client:tc=.commonclient
> >
> > And my lpd.perms file looks like this:
> >
> >     ACCEPT SERVICE=C SERVER REMOTEUSER=root
> >     ACCEPT SERVICE=C LPC=lpd,status,printcap
> >     REJECT SERVICE=C
> >     ACCEPT SERVICE=M SAMEHOST SAMEUSER
> >     ACCEPT SERVICE=M SERVER REMOTEUSER=root
> >     REJECT SERVICE=M
> >     DEFAULT ACCEPT
> >
> > The lpd.conf file doesn't have anything in it, it's all the default
> > settings of the precompiled RPMs I've downloaded from lprng.com 
> > (LPRng-3.8.10-1.i386.rpm and ifhp-3.5.7-1.i386.rpm)
> >
> >
> > Thanks much for any help or ideas you might have...
> >
> > Gabriel
> >
> > -- 
> > -----------------------------------------------------------------------
> >      Gabriel L.  Somlo                   Assistant System Administrator
> > Computer Science Department
> >  Colorado State University               e-mail: [EMAIL PROTECTED]
> >   601 Howes St. 2nd Floor                 phone: +1 (970) 491-5305
> >   Fort Collins,  CO 80523
> > -----------------------------------------------------------------------
> 
> -----------------------------------------------------------------------------
> YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
> The address you post from MUST be your subscription address
> 
> If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
> or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
> to subscribe to a list with name LIST,  send mail to [EMAIL PROTECTED]
> with:                           | example:
> subscribe LIST <mailaddr>       |  subscribe lprng-digest [EMAIL PROTECTED]
> unsubscribe LIST <mailaddr>     |  unsubscribe lprng [EMAIL PROTECTED]
> 
> If you have major problems,  send email to [EMAIL PROTECTED] with the word
> LPRNGLIST in the SUBJECT line.
> -----------------------------------------------------------------------------
> 


-----------------------------------------------------------------------------
YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST
The address you post from MUST be your subscription address

If you need help, send email to [EMAIL PROTECTED] (or lprng-requests
or lprng-digest-requests) with the word 'help' in the body.  For the impatient,
to subscribe to a list with name LIST,  send mail to [EMAIL PROTECTED]
with:                           | example:
subscribe LIST <mailaddr>       |  subscribe lprng-digest [EMAIL PROTECTED]
unsubscribe LIST <mailaddr>     |  unsubscribe lprng [EMAIL PROTECTED]

If you have major problems,  send email to [EMAIL PROTECTED] with the word
LPRNGLIST in the SUBJECT line.
-----------------------------------------------------------------------------

Re: LPRng: Please Help: -U works with lpr, but not with lprm

Reply via email to