[TAG] [keesan at grex.cyberspace.org: Re: lpr works for user not root in Basiclinux 2.1]
Benjamin A. Okopnik
ben at linuxgazette.net
Fri Jan 26 18:43:02 MSK 2007
----- Forwarded message from Sindi Keesan <keesan at grex.cyberspace.org> -----
Date: Thu, 25 Jan 2007 21:38:24 -0500 (EST)
From: Sindi Keesan <keesan at grex.cyberspace.org>
To: TAG <tag at lists.linuxgazette.net>
To: "Benjamin A. Okopnik" <ben at linuxgazette.net>
Subject: Re: [TAG] lpr works for user not root in Basiclinux 2.1
Sender: Sindi Keesan <keesan at cyberspace.org>
On Thu, 25 Jan 2007, Benjamin A. Okopnik wrote:
>On Wed, Jan 24, 2007 at 11:43:43AM -0500, Sindi Keesan wrote:
>>cat filename > /dev/lp0 works for root, so does gs used CLI without lpr,
>>or pbmtolj from netpbm.
>>lpr used from Opera, lpr filename or even cat filename | lpr work for
>>'user', but for root they do not send anything to the print queue (lpq
>>shows no entries). No error messages. I just get another prompt.
>>Permissions for lpr are unchanged from Slackware 7.1:
>>-r-s--s--x 1 root lp
>>(Must be s to print as user).
>>lp0 is crw-r--r-- 1 root root
>Just for comparison, mine are
>ben at Fenrir:~$ ls -l `which lpr` /dev/lp0
>crw-rw---- 1 root lp 6, 0 2004-04-28 23:43 /dev/lp0
>-rwxr-xr-x 1 root root 9888 2006-11-17 20:46 /usr/bin/lpr
I think I tried making both these files rwx for everyone. Will try again
to match yours.
>At least a little different - although that's not necessarily the cause.
>>chmod a+w lp0 did not help (crw-rw-rw-) nor did chmod 777 (crwxrwxrwx).
>>lp0 works for root except with lpr.
>>In order to work as user I have had to change permissions on /dev/null
>>(w), ttyp* and ptyp* (rw), set suid XVESA and anything svgalib (links2,
>>zgv, gs), make /var/lock writeable, make any scripts suid or executable as
>>user, etc. An education. I can now suid user (or login as user), dial,
>>load Xvesa, icewm, and rxvt and Opera and print as user.
>It sounds like BasicLinux still needs a bit of refining.
Basiclinux is designed to work only as root, and to be small and fast.
>>ssh still says 'host key verification failed' though telnet works.
>The two are, of course, unrelated.
>>I would like to quit struggling with permissions every time I try to work
>>as user, and be able to print as root. I do know I should not work as
>>root online but I am not running any servers while online with my modem.
>>If you scold me please explain why.
>No scolding, but just a note: as root, one tiny mistype is all it takes
>to wipe out your system. As well, *any* programs you execute that create
>an externally-accessible network socket (are you sure you know what all
>of those are?) are running with root privileges - meaning that if
>someone manages to crack one, they 0wn your system.
>So, I'm not going to say "don't do that". I'm just going to note that
>the cost of doing so can be rather high.
I have the same system on several computers so can easily restore it.
My super-duper full-size linux is about 1GB including a lot of music and
photos and kernel source code. The little one about 100MB.
>>Does lpr depend on some other program, library, or device that I need to
>>change permissions for?
>Maybe - or maybe not, depending on how yours is configured and what
>version of "lpr" you're using (in theory, you can minimize external
>processing by trying to print a plain text file, e.g., '/etc/passwd'.)
>In any case, it's a question that you yourself can answer by executing
>"lpr" with "strace", something like this:
>ben at Fenrir:~$ su -
>root at Fenrir:~# strace -o lpr.out /usr/bin/lpr file
I had to download the strace.tgz package first. Running it from a
temporary directory without installing the package.
ptrace: umoven: Input/output error (four lines of this).
But it made lpr.out, a couple pages or more.
>After that, read the resulting file ('lpr.out', in the above case) and
>see where things failed. If you need a baseline for comparison, you can
>always run the above "strace" line as a non-root user.
I can't make much sense of the results.
See attached lpr.out (root) and lpr2.out (user).
It is supposed to be writing a file to /var/spool/lpd/postscript,
and the permissions on that directory are drwxr-xr-x. Should I change to
I probably created the directories after installing linux.
>>Can YOU print with lpr as root?
>Yep. I don't recall that ever being a problem, although I've seen the
I ran across several complaints of the opposite.
>* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
----- End forwarded message -----
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://LinuxGazette.NET *
More information about the TAG