![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to 3.t CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 06.lpd|
Return to 3.t CVS log | Up to [CSRG BSD Unix] / 43BSDReno / share / doc / smm / 06.lpd |
1.1 ! root 1: .\" Copyright (c) 1983 The Regents of the University of California. ! 2: .\" All rights reserved. ! 3: .\" ! 4: .\" Redistribution and use in source and binary forms are permitted ! 5: .\" provided that the above copyright notice and this paragraph are ! 6: .\" duplicated in all such forms and that any documentation, ! 7: .\" advertising materials, and other materials related to such ! 8: .\" distribution and use acknowledge that the software was developed ! 9: .\" by the University of California, Berkeley. The name of the ! 10: .\" University may not be used to endorse or promote products derived ! 11: .\" from this software without specific prior written permission. ! 12: .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR ! 13: .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED ! 14: .\" WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. ! 15: .\" ! 16: .\" @(#)3.t 6.5 (Berkeley) 3/7/89 ! 17: .\" ! 18: .NH 1 ! 19: Access control ! 20: .PP ! 21: The printer system maintains protected spooling areas so that ! 22: users cannot circumvent printer accounting or ! 23: remove files other than their own. ! 24: The strategy used to maintain protected ! 25: spooling areas is as follows: ! 26: .IP \(bu 3 ! 27: The spooling area is writable only by a \fIdaemon\fP user ! 28: and \fIdaemon\fP group. ! 29: .IP \(bu 3 ! 30: The \fIlpr\fP program runs set-user-id to \fIroot\fP and ! 31: set-group-id to group \fIdaemon\fP. The \fIroot\fP access permits ! 32: reading any file required. Accessibility is verified ! 33: with an \fIaccess\fP\|(2) call. The group ID ! 34: is used in setting up proper ownership of files ! 35: in the spooling area for \fIlprm\fP. ! 36: .IP \(bu 3 ! 37: Control files in a spooling area are made with \fIdaemon\fP ! 38: ownership and group ownership \fIdaemon\fP. Their mode is 0660. ! 39: This insures control files are not modified by a user ! 40: and that no user can remove files except through \fIlprm\fP. ! 41: .IP \(bu 3 ! 42: The spooling programs, ! 43: \fIlpd\fP, \fIlpq\fP, and \fIlprm\fP run set-user-id to \fIroot\fP ! 44: and set-group-id to group \fIdaemon\fP to access spool files and printers. ! 45: .IP \(bu 3 ! 46: The printer server, \fIlpd\fP, ! 47: uses the same verification procedures as \fIrshd\fP\|(8C) ! 48: in authenticating remote clients. The host on which a client ! 49: resides must be present in the file /etc/hosts.equiv or /etc/hosts.lpd and ! 50: the request message must come from a reserved port number. ! 51: .PP ! 52: In practice, none of \fIlpd\fP, \fIlpq\fP, or ! 53: \fIlprm\fP would have to run as user \fIroot\fP if remote ! 54: spooling were not supported. In previous incarnations of ! 55: the printer system \fIlpd\fP ran set-user-id to \fIdaemon\fP, ! 56: set-group-id to group \fIspooling\fP, and \fIlpq\fP and \fIlprm\fP ran ! 57: set-group-id to group \fIspooling\fP.
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.