:: Re: [DNG] Printing -- now a permiss…
Page principale
Supprimer ce message
Répondre à ce message
Auteur: Hendrik Boom
Date:  
À: dng
Sujet: Re: [DNG] Printing -- now a permissions problem
On Mon, Oct 19, 2015 at 10:32:04AM -0500, Thaddeus Nielsen wrote:
> On Mon, 19 Oct 2015 10:47:22 -0400
> Hendrik Boom <hendrik@???> wrote:
>
> > On Mon, Oct 19, 2015 at 09:38:20AM -0500, Thaddeus Nielsen wrote:
> > > On Mon, 19 Oct 2015 16:05:37 +0200
> > > Didier Kryn <kryn@???> wrote:
> > >
> > > > Le 19/10/2015 15:24, Hendrik Boom a écrit :
> > > > > On Mon, Oct 05, 2015 at 05:13:40PM -0400, Hendrik Boom wrote:
> > > > >> On Mon, Oct 05, 2015 at 09:47:02PM +0200, Riccardo Boninsegna wrote:
> > > > >>> On Mon, Oct 5, 2015 at 9:12 PM, Hendrik Boom <hendrik@???> wrote:
> > > > >>>> I installed lpr, and it did take a lot of cups off. Do I really need cups?
> > > > >>> Nope, especially with a Brother that's very LPR-friendly!
> > > > >>> As you found out, cups-bsd is just a port of LPR programs to CUPS.
> > > > >>>
> > > > >>>> But I still don't know how to specify my network printer.
> > > > >>> I'm not familiar at all with LPR, but I know a printcap entry for the
> > > > >>> printer is created (if it's currently connected via USB) by the
> > > > >>> driver's postinst somewhere under /opt/Brother; according to the
> > > > >>> printcap manpage, you'd have to edit the "lp" option -- the
> > > > >>> description says "local printer device, or port@host for remote"!
> > > > >> Presumeably that would be port 515 at whatever the IP number for the
> > > > >> printer is. Will try that wen I'm home near the priniter again.
> > > > >>
> > > > >> And what's there in the way of termcap is a shell script
> > > > >> /opt/brother/Printers/hl3170cdw/inf/setupPrintcapij that creates a
> > > > >> termcap. I hope it will get executed at the right time. At bootup,
> > > > >> perhaps?
> > > > >>
> > > > >> I'll see when I'm home again.
> > > > > Hand-edited /etc/termcap:
> > > > > root@notlookedfor:/home/hendrik# cat /etc/printcap
> > > > > HL3170CDW:\
> > > > >          :mx=0:\
> > > > >          :sd=/var/spool/lpd/hl3170cdw:\
> > > > >          :sh:\
> > > > >          :lp=515@172.25.1.122:\
> > > > >          :if=/opt/brother/Printers/hl3170cdw/lpd/filterhl3170cdw:
> > > > > root@notlookedfor:/home/hendrik#

> > > > >
> > > > > Now I get
> > > > >
> > > > > hendrik@notlookedfor:~$ lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > > > hendrik@notlookedfor:~$
> > > > >
> > > > > This happens even if I run as root:
> > > > >
> > > > > root@notlookedfor:/home/hendrik# lpr -h -PHL3170CDW Documents/math/Librationism=1407.3877v3.ps
> > > > > lpr: cannot open /var/spool/lpd/hl3170cdw/.seq: Permission denied
> > > > > root@notlookedfor:/home/hendrik#
> > > > >
> > > > > That directory is owned by the lp daemon:
> > > > >
> > > > > oot@notlookedfor:/home/hendrik# ls -al /var/spool/lpd/hl3170cdwtotal 8
> > > > > drwx------ 2 daemon lp   4096 Oct  5 14:40 .
> > > > > drwxr-xr-x 5 root   root 4096 Oct 19 09:02 ..
> > > > > -rw------- 1 daemon lp      0 Oct  5 14:32 acct
> > > > > -rw------- 1 daemon lp      0 Oct  5 14:32 log
> > > > > -rw------- 1 daemon lp      0 Oct  5 14:32 status
> > > > > -rw------- 1 daemon lp      0 Oct  5 14:32 status.pr
> > > > > root@notlookedfor:/home/hendrik#

> > > > >
> > > > > and it contains no .seq file. Preumably that fle would be created as needed.
> > > > > And presumably the permissions are checked in some way that can exclude root.
> > > > >
> > > > >
> > > >
> > > >      Hi Hendrik.

> > > >
> > > >      I can see one reason for root to be unable to get the permission: 
> > > > lpr being owned by another user than root and being suid; this is fine 
> > > > at the condidiont that this owner is 'daemon', given the owner and 
> > > > permissions of /var/spool/lpd.

> > > >
> > > >      Didier

> > > >
> > > Another thing to examine: lp is the group on the directory but that
> > > directory had no write permission for the group, if I recall
> > > correctly.
> >
> > Correct:
> > root@notlookedfor:/home/hendrik# ls -ald /var/spool/lpd/hl3170cdw
> > drwx------ 2 daemon lp 4096 Oct 5 14:40 /var/spool/lpd/hl3170cdw
> > root@notlookedfor:/home/hendrik#
> >
> > But with lpr being suid root, should that matter? At least, I think
> > tht's what the s's mean:
> >
> > root@notlookedfor:/home/hendrik# which lpr
> > /usr/bin/lpr
> > root@notlookedfor:/home/hendrik# ls -l /usr/bin/lpr
> > -rwsr-sr-x 1 root lp 26536 Nov 20 2014 /usr/bin/lpr
> > root@notlookedfor:/home/hendrik#
> >
> > -- hendrik
>
> Sorry, I missed that; yes, I agree that the setuid should allow a user
> to print. Does lpr.log have any helpful message?


Not really.

root@notlookedfor:/home/hendrik# cat /var/log/lpr.log.1 /var/log/lpr.log
Oct 13 14:04:07 notlookedfor lpd[1532]: restarted
Oct 13 14:04:07 notlookedfor lpd[1541]: restarted
Oct 16 07:40:02 notlookedfor lpd[31239]: restarted
Oct 19 09:02:50 notlookedfor lpd[1682]: restarted
Oct 19 09:02:50 notlookedfor lpd[1725]: restarted
root@notlookedfor:/home/hendrik#

Could it be that I have to pur root in the lp group if root is to be
able to print? Same for hendrik (me)?

-- hendrik