:: Re: [DNG] Printing -- now a permiss…
Top Page
Delete this message
Reply to this message
Author: Hendrik Boom
Date:  
To: dng
Subject: Re: [DNG] Printing -- now a permissions problem
On Mon, Oct 19, 2015 at 09:38:20AM -0500, Thaddeus Nielsen wrote:
> On Mon, 19 Oct 2015 16:05:37 +0200
> Didier Kryn <kryn@???> wrote:
>
> > Le 19/10/2015 15:24, Hendrik Boom a écrit :
> > > On Mon, Oct 05, 2015 at 05:13:40PM -0400, Hendrik Boom wrote:
> > >> On Mon, Oct 05, 2015 at 09:47:02PM +0200, Riccardo Boninsegna wrote:
> > >>> On Mon, Oct 5, 2015 at 9:12 PM, Hendrik Boom <hendrik@???> wrote:
> > >>>> I installed lpr, and it did take a lot of cups off. Do I really need cups?
> > >>> Nope, especially with a Brother that's very LPR-friendly!
> > >>> As you found out, cups-bsd is just a port of LPR programs to CUPS.
> > >>>
> > >>>> But I still don't know how to specify my network printer.
> > >>> I'm not familiar at all with LPR, but I know a printcap entry for the
> > >>> printer is created (if it's currently connected via USB) by the
> > >>> driver's postinst somewhere under /opt/Brother; according to the
> > >>> printcap manpage, you'd have to edit the "lp" option -- the
> > >>> description says "local printer device, or port@host for remote"!
> > >> Presumeably that would be port 515 at whatever the IP number for the
> > >> printer is. Will try that wen I'm home near the priniter again.
> > >>
> > >> And what's there in the way of termcap is a shell script
> > >> /opt/brother/Printers/hl3170cdw/inf/setupPrintcapij that creates a
> > >> termcap. I hope it will get executed at the right time. At bootup,
> > >> perhaps?
> > >>
> > >> I'll see when I'm home again.
> > > Hand-edited /etc/termcap:
> > > root@notlookedfor:/home/hendrik# cat /etc/printcap
> > > HL3170CDW:\
> > >          :mx=0:\
> > >          :sd=/var/spool/lpd/hl3170cdw:\
> > >          :sh:\
> > >          :lp=515@172.25.1.122:\
> > >          :if=/opt/brother/Printers/hl3170cdw/lpd/filterhl3170cdw:
> > > root@notlookedfor:/home/hendrik#

> > >
> > > Now I get
> > >
> > > hendrik@notlookedfor:~$ lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > hendrik@notlookedfor:~$
> > >
> > > This happens even if I run as root:
> > >
> > > root@notlookedfor:/home/hendrik# lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > root@notlookedfor:/home/hendrik#
> > >
> > > That directory is owned by the lp daemon:
> > >
> > > oot@notlookedfor:/home/hendrik# ls -al /var/spool/lpd/hl3170cdwtotal 8
> > > drwx------ 2 daemon lp   4096 Oct  5 14:40 .
> > > drwxr-xr-x 5 root   root 4096 Oct 19 09:02 ..
> > > -rw------- 1 daemon lp      0 Oct  5 14:32 acct
> > > -rw------- 1 daemon lp      0 Oct  5 14:32 log
> > > -rw------- 1 daemon lp      0 Oct  5 14:32 status
> > > -rw------- 1 daemon lp      0 Oct  5 14:32 status.pr
> > > root@notlookedfor:/home/hendrik#

> > >
> > > and it contains no .seq file. Preumably that fle would be created as needed.
> > > And presumably the permissions are checked in some way that can exclude root.
> > >
> > >
> >
> >      Hi Hendrik.

> >
> >      I can see one reason for root to be unable to get the permission: 
> > lpr being owned by another user than root and being suid; this is fine 
> > at the condidiont that this owner is 'daemon', given the owner and 
> > permissions of /var/spool/lpd.

> >
> >      Didier

> >
> Another thing to examine: lp is the group on the directory but that
> directory had no write permission for the group, if I recall
> correctly.


Correct:
root@notlookedfor:/home/hendrik# ls -ald /var/spool/lpd/hl3170cdw
drwx------ 2 daemon lp 4096 Oct 5 14:40 /var/spool/lpd/hl3170cdw
root@notlookedfor:/home/hendrik#

But with lpr being suid root, should that matter? At least, I think
tht's what the s's mean:

root@notlookedfor:/home/hendrik# which lpr
/usr/bin/lpr
root@notlookedfor:/home/hendrik# ls -l /usr/bin/lpr
-rwsr-sr-x 1 root lp 26536 Nov 20 2014 /usr/bin/lpr
root@notlookedfor:/home/hendrik#

-- hendrik