Bug#506181: [Pkg-cups-devel] Bug#506181: Various backends have the wrong permissions

To: "Chanoch (Ken) Bloom" <kbloom@gmail.com>
Cc: 506181@bugs.debian.org
Subject: Bug#506181: [Pkg-cups-devel] Bug#506181: Various backends have the wrong permissions
From: Martin Pitt <mpitt@debian.org>
Date: Thu, 20 Nov 2008 08:58:58 +0100
Message-id: <[🔎] 20081120075858.GD6356@piware.de>
Reply-to: Martin Pitt <mpitt@debian.org>, 506181@bugs.debian.org
In-reply-to: <1227104491.22597.13.camel@localhost>
References: <20081119032301.22317.16350.reportbug@localhost.localdomain> <1227072237.3542.22.camel@localhost> <20081119115047.GA6356@piware.de> <1227104491.22597.13.camel@localhost>

Hi Chanoch,

Chanoch (Ken) Bloom [2008-11-19  8:21 -0600]:
> I decided to test this by purging and reinstalling cups. Cups worked out
> of the box. Then I went to reconfigure things the way I had been using
> CUPS (1 printer, shared with the whole subnet) by editing things in the
> KDE Printing control panel. After changing things with "Print Server ->
> Configure Server...", KDE wrote out a whole different cupsd.conf, hardly
> resembling the original. I can't figure out how that cupsd.conf is
> assigning permissions. kdeprint added the line "Group lpadmin", but the
> test backend gives uid=7(lp) gid=0(root) groups=0(root).

Ah, Group "lpadmin" is wrong. It should be SystemGroup "lpadmin",
and it shouldn't change Group.

> I guess this is a kdeprint bug rather than a cups bug, so I'm
> reassigning it. The two versions of cupsd.conf are attached.

Right, thank you!

> > I do see the issue with the serial backends. For that we probably need
> > to make the serial backend run as root.
> 
> Perhaps making the various backends SetGID (or SetUID) to the
> permissions they need would help?

I fixed it in cups now (see attached patch), will upload to
experimental and unstable.

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)

=== modified file 'debian/changelog'
--- debian/changelog	2008-11-20 07:53:16 +0000
+++ debian/changelog	2008-11-20 07:56:07 +0000
@@ -9,6 +9,9 @@
     backchannel EOF (select() returns "ready for read" on EOF). This
     completely broke printing with e. g. HPJetDirect. Thanks to
     Samuel Thibault for tracking down the problem! (Closes: #489045)
+  * debian/rules: Install the serial backend with 0744 permissions to make it
+    run as root, since /dev/ttyS* are root:dialout and thus not accessible as
+    user "lp". Thanks to Chanoch (Ken) Bloom. (One part of #506181)
 
  -- Martin Pitt <mpitt@debian.org>  Thu, 20 Nov 2008 08:52:00 +0100
 

=== modified file 'debian/rules'
--- debian/rules	2008-05-23 08:14:05 +0000
+++ debian/rules	2008-11-20 07:55:48 +0000
@@ -73,6 +73,10 @@
 	   install -D -m 644 debian/local/apparmor-profile debian/$(cdbs_curpkg)/etc/apparmor.d/usr.sbin.cupsd; \
 	fi
 
+	# Make the serial backend run as root, since /dev/ttyS* are
+	# root:dialout and thus not accessible as user lp
+	chmod go-x debian/$(cdbs_curpkg)/usr/lib/cups/backend-available/serial
+
 binary-post-install/libcupsimage2-dev::
 	rm -r debian/libcupsimage2-dev/usr/share/doc/libcupsimage2-dev
 	ln -s libcupsimage2 debian/libcupsimage2-dev/usr/share/doc/libcupsimage2-dev

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: Bug#506277: ksokoban: wish it had an editor
Next by Date: Bug#506341: kpdf crashes when opening graphically-intensive files
Previous by thread: Bug#506277: ksokoban: wish it had an editor
Next by thread: Bug#506341: kpdf crashes when opening graphically-intensive files
Index(es):
- Date
- Thread