[TAG] [keesan at grex.cyberspace.org: Re: lpr works for user not root in Basiclinux 2.1]

Benjamin A. Okopnik ben at linuxgazette.net
Fri Jan 26 18:43:02 MSK 2007 

----- Forwarded message from Sindi Keesan <keesan at grex.cyberspace.org> -----

Date: Thu, 25 Jan 2007 21:38:24 -0500 (EST)
From: Sindi Keesan <keesan at grex.cyberspace.org>
To: TAG <tag at lists.linuxgazette.net>
To: "Benjamin A. Okopnik" <ben at linuxgazette.net>
Subject: Re: [TAG] lpr works for user not root in Basiclinux 2.1
Sender: Sindi Keesan <keesan at cyberspace.org>

On Thu, 25 Jan 2007, Benjamin A. Okopnik wrote:

>On Wed, Jan 24, 2007 at 11:43:43AM -0500, Sindi Keesan wrote:
>>
>>cat filename > /dev/lp0 works for root, so does gs used CLI without lpr,
>>or pbmtolj from netpbm.
>>
>>lpr used from Opera, lpr filename or even cat filename | lpr work for
>>'user', but for root they do not send anything to the print queue (lpq
>>shows no entries).  No error messages.  I just get another prompt.
>>
>>Permissions for lpr are unchanged from Slackware 7.1:
>>-r-s--s--x 1 root lp
>>(Must be s to print as user).
>>
>>lp0 is crw-r--r-- 1 root root
>
>Just for comparison, mine are
>
>``
>ben at Fenrir:~$ ls -l `which lpr` /dev/lp0
>crw-rw---- 1 root lp   6, 0 2004-04-28 23:43 /dev/lp0
>-rwxr-xr-x 1 root root 9888 2006-11-17 20:46 /usr/bin/lpr
>''

I think I tried making both these files rwx for everyone.  Will try again 
to match yours.

>
>At least a little different - although that's not necessarily the cause.
>
>>chmod a+w lp0 did not help (crw-rw-rw-) nor did chmod 777 (crwxrwxrwx).
>>lp0 works for root except with lpr.
>>
>>In order to work as user I have had to change permissions on /dev/null
>>(w), ttyp* and ptyp* (rw), set suid XVESA and anything svgalib (links2,
>>zgv, gs), make /var/lock writeable, make any scripts suid or executable as
>>user, etc.  An education.  I can now suid user (or login as user), dial,
>>load Xvesa, icewm, and rxvt and Opera and print as user.
>
>It sounds like BasicLinux still needs a bit of refining.

Basiclinux is designed to work only as root, and to be small and fast.

>>ssh still says 'host key verification failed' though telnet works.
>
>The two are, of course, unrelated.

I know.

>>I would like to quit struggling with permissions every time I try to work
>>as user, and be able to print as root.  I do know I should not work as
>>root online but I am not running any servers while online with my modem.
>>If you scold me please explain why.
>
>No scolding, but just a note: as root, one tiny mistype is all it takes
>to wipe out your system. As well, *any* programs you execute that create
>an externally-accessible network socket (are you sure you know what all
>of those are?) are running with root privileges - meaning that if
>someone manages to crack one, they 0wn your system.
>
>So, I'm not going to say "don't do that". I'm just going to note that
>the cost of doing so can be rather high.


I have the same system on several computers so can easily restore it.
My super-duper full-size linux is about 1GB including a lot of music and 
photos and kernel source code.  The little one about 100MB.

>>Does lpr depend on some other program, library, or device that I need to
>>change permissions for?
>
>Maybe - or maybe not, depending on how yours is configured and what
>version of "lpr" you're using (in theory, you can minimize external
>processing by trying to print a plain text file, e.g., '/etc/passwd'.)
>In any case, it's a question that you yourself can answer by executing
>"lpr" with "strace", something like this:
>
>``
>ben at Fenrir:~$ su -
>Password:
>root at Fenrir:~# strace -o lpr.out /usr/bin/lpr file
>''

I had to download the strace.tgz package first.  Running it from a 
temporary directory without installing the package.

ptrace:  umoven:  Input/output error (four lines of this).

But it made lpr.out, a couple pages or more.

>After that, read the resulting file ('lpr.out', in the above case) and
>see where things failed. If you need a baseline for comparison, you can
>always run the above "strace" line as a non-root user.

I can't make much sense of the results.
See attached lpr.out (root) and lpr2.out (user).

It is supposed to be writing a file to /var/spool/lpd/postscript, 
and the permissions on that directory are drwxr-xr-x.  Should I change to 
drwxrwxrwx?

I probably created the directories after installing linux.

>>Can YOU print with lpr as root?
>
>Yep. I don't recall that ever being a problem, although I've seen the
>opposite happen.
>

I ran across several complaints of the opposite.

>-- 
>* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
>

Sindi Keesan

----- End forwarded message -----

-- 
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *

More information about the TAG mailing list