[TAG] lpr works for user not root in Basiclinux 2.1

Sindi Keesan keesan at grex.cyberspace.org
Fri Jan 26 05:48:18 MSK 2007 

On Thu, 25 Jan 2007, Kapil Hari Paranjape wrote:

> Hello,
>
> On Thu, 25 Jan 2007, Sindi Keesan wrote:
>>> 	3. Since printing by "root" would lead (possibly
>>> 	inadvertently) to the execution of these "programs" it is
>>> 	often disabled.
>>
>> How is it disabled?
>
> In one of (at least) three ways that I know of:
> 	a. When lpr is run it checks whether it is being run
> 	   as root and in that case it just drops the job.
> 	b. When lpr is run it checks whether it is being run
> 	   as root and in that case it refuses to use any filters.
> 	c. The filters themselves check to see whether they are
> 	   being run as root and in that case they refuse to run.
> I believe that (b) is quite common.


I hope it is just a permissions problem.

>
>> But I am setting up small linuxes for friends who
>> just want to print formatted files directly with a wordprocessor or
>> browser, and it is complicated to make our linux work as user for every
>> program when it is designed to be used as root only.
>
> As Ben has already pointed out: Running everything as root especially
> when the users are non-technical is probably not very safe.

I will try to set them up as user.  But I can always reinstall the 40MB of 
software if they break it (and keep a backup .tgz of it on their drive in 
a DOS partition).


>> This happened automatically when I went to any new URL as root.  I was
>> asked first whether to add that key.  User was not asked whether to add a
>> key and may not have the right to.  Do I need to change permissions on
>> the known_hosts file from /root/.ssh to use it as user?
>
> Certainly, if the user wants to write to that file. The SSH client
> pobably wants to do this on behalf of the user if the user home
> directory is set as /root.

known_hosts is -rw------- 1 root root
I copied it to /home/user/.ssh
I did a chown known_hosts user and now my error message is
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)

I do not need to run ssh as user, I was just using it as an example of how 
much more complicated it is to make things work as user in our 
distribution.

> I still feel that you are conflating a lot of different issues:
>
> 	a. Permissions (Running as root vs. running as user.)
Not necessary if I can get lpr to run as root.

> 	b. Problems with lpr.
This is what I wanted help with.

> 	c. Problems with ssh.
>
> If you separated out these issues it might be easier to diagnose and
> solve the problems. (a) and (b) may be related but I tend to think
> that this is a configuration/program issue rather than a permissions
> issue. There *may* be a relation between (a) and (c) but again this
> may be because the $HOME directory of the user is configured in a
> non-standard way. (b) and (c) are most probably[*] un-related.

> However, here is a general remark. Given the security-related history
> of "lpr" and the security-related use of "ssh", both are probably
> quite finicky about file permissions and access and will often refuse
> to run or give dire warnings (in their default configuration) if they
> find something "screwy" like unusual permissions on a directory or
> file.

Lots of things in our distribution are screwy.  But it boots in 15 seconds 
and works well (once you get it working) on old hardware.  I am trying to 
make the old hardware work for friends who want to print webpages.

>
> Regards,
>
> Kapil.
> [*] I originally wrote "certainly" but the mathematician in me
> prevailed to make it "most probably" :-)
> --
>

Sindi Keesan

More information about the TAG mailing list