On Tue, Dec 02, 2003 at 10:04:19AM -0700, David Bear wrote: > I would like to have a queue administrator that is not root. I > noticed that lpd runs a su 'daemon' and that /var/spool/lpd/.. is > owned by daemon and group daemon. Yet the perms set on /var/spool/lpd > are 700. If I set perms to 770 and then put a user in the daemon > group would that enable that person to be a 'printer admin', ie use > lpc to hold, flush, release queues?
The permissions of the files have nothing to do with what people can do. All the file permissions do is make sure (or break if they're wrong) that lpd is able to do its thing. The printer admin comes through the lpr/lpd interface and so it is up to lpd to enforce whatever control you want. That means editing the lpd.perms file in lprng to do whatever you want. Be warned that it is trivially easy to fool lpd using the standard protocol into thinking you are any user you want, it is just a string sent in a TCP packet. - Craig -- Craig Small GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 Eye-Net Consulting http://www.enc.com.au/ MIEE Debian developer csmall at : enc.com.au ieee.org debian.org ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
