[TAG] lpr works for user not root in Basiclinux 2.1

Fri Jan 26 00:23:27 MSK 2007

On Wed, Jan 24, 2007 at 11:43:43AM -0500, Sindi Keesan wrote:
> 
> cat filename > /dev/lp0 works for root, so does gs used CLI without lpr, 
> or pbmtolj from netpbm.
> 
> lpr used from Opera, lpr filename or even cat filename | lpr work for 
> 'user', but for root they do not send anything to the print queue (lpq 
> shows no entries).  No error messages.  I just get another prompt.
> 
> Permissions for lpr are unchanged from Slackware 7.1:
> -r-s--s--x 1 root lp
> (Must be s to print as user).
> 
> lp0 is crw-r--r-- 1 root root

Just for comparison, mine are

``
ben at Fenrir:~$ ls -l `which lpr` /dev/lp0
crw-rw---- 1 root lp   6, 0 2004-04-28 23:43 /dev/lp0
-rwxr-xr-x 1 root root 9888 2006-11-17 20:46 /usr/bin/lpr
''

At least a little different - although that's not necessarily the cause.

> chmod a+w lp0 did not help (crw-rw-rw-) nor did chmod 777 (crwxrwxrwx). 
> lp0 works for root except with lpr.
> 
> In order to work as user I have had to change permissions on /dev/null 
> (w), ttyp* and ptyp* (rw), set suid XVESA and anything svgalib (links2, 
> zgv, gs), make /var/lock writeable, make any scripts suid or executable as 
> user, etc.  An education.  I can now suid user (or login as user), dial, 
> load Xvesa, icewm, and rxvt and Opera and print as user.

It sounds like BasicLinux still needs a bit of refining.

> ssh still says 'host key verification failed' though telnet works.

The two are, of course, unrelated.

> I would like to quit struggling with permissions every time I try to work 
> as user, and be able to print as root.  I do know I should not work as 
> root online but I am not running any servers while online with my modem.
> If you scold me please explain why.

No scolding, but just a note: as root, one tiny mistype is all it takes
to wipe out your system. As well, *any* programs you execute that create
an externally-accessible network socket (are you sure you know what all
of those are?) are running with root privileges - meaning that if
someone manages to crack one, they 0wn your system.

So, I'm not going to say "don't do that". I'm just going to note that
the cost of doing so can be rather high.

> Does lpr depend on some other program, library, or device that I need to 
> change permissions for?  

Maybe - or maybe not, depending on how yours is configured and what
version of "lpr" you're using (in theory, you can minimize external
processing by trying to print a plain text file, e.g., '/etc/passwd'.)
In any case, it's a question that you yourself can answer by executing
"lpr" with "strace", something like this:

``
ben at Fenrir:~$ su -
Password: 
root at Fenrir:~# strace -o lpr.out /usr/bin/lpr file
''

After that, read the resulting file ('lpr.out', in the above case) and
see where things failed. If you need a baseline for comparison, you can
always run the above "strace" line as a non-root user.

> Can YOU print with lpr as root?

Yep. I don't recall that ever being a problem, although I've seen the
opposite happen.

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *