:: Re: [DNG] Printing -- now a permiss…
Top Page
Delete this message
Reply to this message
Author: Thaddeus Nielsen
Date:  
To: dng
Subject: Re: [DNG] Printing -- now a permissions problem
On Mon, 19 Oct 2015 10:47:22 -0400
Hendrik Boom <hendrik@???> wrote:

> On Mon, Oct 19, 2015 at 09:38:20AM -0500, Thaddeus Nielsen wrote:
> > On Mon, 19 Oct 2015 16:05:37 +0200
> > Didier Kryn <kryn@???> wrote:
> >
> > > Le 19/10/2015 15:24, Hendrik Boom a écrit :
> > > > On Mon, Oct 05, 2015 at 05:13:40PM -0400, Hendrik Boom wrote:
> > > >> On Mon, Oct 05, 2015 at 09:47:02PM +0200, Riccardo Boninsegna wrote:
> > > >>> On Mon, Oct 5, 2015 at 9:12 PM, Hendrik Boom <hendrik@???> wrote:
> > > >>>> I installed lpr, and it did take a lot of cups off. Do I really need cups?
> > > >>> Nope, especially with a Brother that's very LPR-friendly!
> > > >>> As you found out, cups-bsd is just a port of LPR programs to CUPS.
> > > >>>
> > > >>>> But I still don't know how to specify my network printer.
> > > >>> I'm not familiar at all with LPR, but I know a printcap entry for the
> > > >>> printer is created (if it's currently connected via USB) by the
> > > >>> driver's postinst somewhere under /opt/Brother; according to the
> > > >>> printcap manpage, you'd have to edit the "lp" option -- the
> > > >>> description says "local printer device, or port@host for remote"!
> > > >> Presumeably that would be port 515 at whatever the IP number for the
> > > >> printer is. Will try that wen I'm home near the priniter again.
> > > >>
> > > >> And what's there in the way of termcap is a shell script
> > > >> /opt/brother/Printers/hl3170cdw/inf/setupPrintcapij that creates a
> > > >> termcap. I hope it will get executed at the right time. At bootup,
> > > >> perhaps?
> > > >>
> > > >> I'll see when I'm home again.
> > > > Hand-edited /etc/termcap:
> > > > root@notlookedfor:/home/hendrik# cat /etc/printcap
> > > > HL3170CDW:\
> > > >          :mx=0:\
> > > >          :sd=/var/spool/lpd/hl3170cdw:\
> > > >          :sh:\
> > > >          :lp=515@172.25.1.122:\
> > > >          :if=/opt/brother/Printers/hl3170cdw/lpd/filterhl3170cdw:
> > > > root@notlookedfor:/home/hendrik#

> > > >
> > > > Now I get
> > > >
> > > > hendrik@notlookedfor:~$ lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > > hendrik@notlookedfor:~$
> > > >
> > > > This happens even if I run as root:
> > > >
> > > > root@notlookedfor:/home/hendrik# lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > > root@notlookedfor:/home/hendrik#
> > > >
> > > > That directory is owned by the lp daemon:
> > > >
> > > > oot@notlookedfor:/home/hendrik# ls -al /var/spool/lpd/hl3170cdwtotal 8
> > > > drwx------ 2 daemon lp   4096 Oct  5 14:40 .
> > > > drwxr-xr-x 5 root   root 4096 Oct 19 09:02 ..
> > > > -rw------- 1 daemon lp      0 Oct  5 14:32 acct
> > > > -rw------- 1 daemon lp      0 Oct  5 14:32 log
> > > > -rw------- 1 daemon lp      0 Oct  5 14:32 status
> > > > -rw------- 1 daemon lp      0 Oct  5 14:32 status.pr
> > > > root@notlookedfor:/home/hendrik#

> > > >
> > > > and it contains no .seq file. Preumably that fle would be created as needed.
> > > > And presumably the permissions are checked in some way that can exclude root.
> > > >
> > > >
> > >
> > >      Hi Hendrik.

> > >
> > >      I can see one reason for root to be unable to get the permission: 
> > > lpr being owned by another user than root and being suid; this is fine 
> > > at the condidiont that this owner is 'daemon', given the owner and 
> > > permissions of /var/spool/lpd.

> > >
> > >      Didier

> > >
> > Another thing to examine: lp is the group on the directory but that
> > directory had no write permission for the group, if I recall
> > correctly.
>
> Correct:
> root@notlookedfor:/home/hendrik# ls -ald /var/spool/lpd/hl3170cdw
> drwx------ 2 daemon lp 4096 Oct 5 14:40 /var/spool/lpd/hl3170cdw
> root@notlookedfor:/home/hendrik#
>
> But with lpr being suid root, should that matter? At least, I think
> tht's what the s's mean:
>
> root@notlookedfor:/home/hendrik# which lpr
> /usr/bin/lpr
> root@notlookedfor:/home/hendrik# ls -l /usr/bin/lpr
> -rwsr-sr-x 1 root lp 26536 Nov 20 2014 /usr/bin/lpr
> root@notlookedfor:/home/hendrik#
>
> -- hendrik


Sorry, I missed that; yes, I agree that the setuid should allow a user to print.  Does lpr.log have any helpful message?
    RPTN