Why lprm requires root privilegies?

Why lprm requires root privilegies?

Post by Victor B. Wagne » Thu, 20 Feb 1997 04:00:00



Hi all.

I have a network connecting several linux and DOS machines.
One of linux servers has two printers attached to it.

When I trying to remove print job from queue,
lprm claimes that permission denied, regardless of
what machine it is issued from.

When I issue lprm from that machine where print job
was submitted, privilegies are unsufficient under both
my and root name. When I issue it from machine,
where printer is connected, I can remove job under root
name, but not under my own name.

But when I submit job from machine, where printer is
connected, I can remove it under my own name.

Both machines mention each other in /etc/hosts.equiv

Most acceptated thing is to be able to remove job
from any machine in the network, regardless where it
is submited, logging under user's own name, becouse
it would allow users of PC-NFS to remove their jobs
doing telnet or rsh.

---------------------------------------------------------------------------
Phone: 7(095)230-80-61          Victor B. Wagner
Fax:   7(095)230-80-42          Dokuchaev Soil Institute, Pyzhevsky lane, 7

 
 
 

Why lprm requires root privilegies?

Post by Allen Mcinto » Thu, 20 Feb 1997 04:00:00


The man page for Berkeley lprm states:

     Only the super-user can remove  print  jobs  submitted  from
     another host.

The linux man page does not contain this sentence, but the code contains
the following comment:

/*
 * If root is removing a file on the local machine, allow it.
 * If root is removing a file from a remote machine, only allow
 * files sent from the remote machine to be removed.
 * Normal users can only remove the file from where it was sent.
 */

 
 
 

Why lprm requires root privilegies?

Post by B.A.McCau.. » Mon, 24 Feb 1997 04:00:00



Quote:>When I trying to remove print job from queue,
>lprm claimes that permission denied, regardless of
>what machine it is issued from.

>When I issue lprm from that machine where print job
>was submitted, privilegies are unsufficient under both
>my and root name. When I issue it from machine,
>where printer is connected, I can remove job under root
>name, but not under my own name.

>But when I submit job from machine, where printer is
>connected, I can remove it under my own name.

>Both machines mention each other in /etc/hosts.equiv

This is anartifact of the way rhosts security works.  When you execute
lprm over a network the server has no way of knowing you are who you
claim to be.  After all anyone could compile a hacked version of lprm
to allow them to claim to be anyone they like.  One solution to this
problem is the RFC1413 "identd" approach but the less elegant approach
taken by lpd is to only accept connections from lprm running as root
(i.e. connecting *from* a TCP port<1024).  This means that lprm must
be installed suid-root if it is to work accross networks.  It is
supposedly suid-safe.

--

 .  _\\__[oo       from       | Phones: +44 121 471 3789 (home)

.  l___\\    /~~) /~~[  /   [ | PGP-fp: D7 03 2A 4B D8 3A 05 37...
 # ll  l\\  ~~~~ ~   ~ ~    ~ | http://wcl-l.bham.ac.uk/~bam/

 
 
 

1. Why does SO_BINDTODEVICE require root?

Hi,

Why does SO_BINDTODEVICE require root?

This dooms a whole class of applications to run (at least in part) as root
and seems to have an overall security reducing effect, so what's the reason
for making it root only?

Thanks

Jim

2. A mail problem and a memory problem

3. Print problem: Cannot lprm if not root

4. array in shell script ?

5. LPRM works only from root?

6. select() and SysV IPC.

7. LPRM works only as root?

8. Realtek 8139 PCI assigned IRQ 0

9. /root bloated, taking up all space on root partition - why?

10. Why I got mail from root to root?

11. Can't set guest privilegies.

12. setting of privilegies

13. Why does LWL on FreeBSD require Linux lesstif?