We run an environment where some of our files are 'secure', and don't
have world read access. Such files can't be printed with lp, but can be
printed with lpr. For complex reasons, we can't use lpr on these systems.
hermes:/users/johnk/bar> ll foo
-rw-rw---- 1 johnk ee 36454 Feb 17 16:51 foo
hermes:/n/hermes/johnk/bar> lp -dhp4_text foo
request id is hp4_text-2078 (1 file)
lp is suid lp, and thus can't read the file, which hangs out in the queue
hermes:/n/hermes/johnk/bar> which lp
hermes:/n/hermes/johnk/bar> ll /usr/bin/lp
-rwsr-xr-x 1 lp sys 81968 Jul 31 1993 /usr/bin/lp*
A workaround is to pipe all print jobs into lp, but this is a pain for
users to remember, and doesn't work well with other programs that expect
to be able to give file arguments to lp.
I suppose I could make lp suid root, but this opens the spectre of all
sorts of security problems (up to, and possibly including allowing
anyone to print any file on the system)
Any ideas on how to get lp working in such an environment?