Bug#427559: cupsd "run as user" changes in 1.2.11-2 breaks existing installations (no printing)
Package: cupsys
Version: 1.2.11-2
(I'm sorry to not be able to use "reportbug"; I'm reporting on behalf of
a customer who called me today because important functions on his test
printserver [running on Sid] broke after upgrading to CUPS 1.2.11-2; I'm
not running Sid, but I was able to ssh into his system for a few minutes
and poke around a bit...)
--------------
It looks like the 1.2.11-2 package changed a few very substantial things
over the previous package (1.2.7-4?):
* you have changed cupsd to run as user cupsys, while upstream CUPS
developers have dropped this again (and they gave very good reasons
for that) when they released 1.2.0.
* in previous upstream versions when cupsd ran as an unprivileged user,
it was possible to use "RunAsUser No" in cupsd.conf -- you have re-
applied that old patch without keeping the user option to not follow
your default.
* you have removed the possibility to run individual backends as root
(by simply giving them 0700 permissions and root ownership).
This breaks all customized backends which need root permissions in order
to do their job. In our case it was...
(a) a custom pdf-creating backend (*NOT* the "cups-pdf" package) that
was geared to work with SAP output, and write its results into
specific directories owned by different system users
(b) another custom pdf-creating backend (*NOT* the "cups-pdf" package)
which was geared to work for MS Windows domain users via Samba and
write its output to user-owned directories
(c) a backend using Pykota (http://www.pykota.com/software/pykota) as
a printjob accounting software
(d) a backend using Tea4CUPs (http://www.pykota.com/software/tea4cups)
to "fan out" (multiply) certain jobs to multiple production printers
(e) a backend that reads a hidden file in each user's home directory
containing a PIN and a USERCODE to insert these into the PostScript
file to enable user specific "locked printing" on certain printers
(f) and 3 more custom backends which I can't talk about here.
This change caught the customer completely off guard; it looks like the
upgrade did not warn him about such heavy-handed changes when the post-
install script ran.
He can not use that system any more for now, until he pays money to some-
one to fix everything (if that is at all possible; otherwise to migrate
it to a non-Debian distro).
Moreover, while you introduced these changes (amounting to a de-facto
fork from upstream IMHO), you did not sufficiently document these. In
fact, the CUPS documentation you ship is still suggesting to the user
that his cupsd runs as root.
The way you introduced these changes in effect completely takes away
users' freedom to run cupsd unchanged in its behavior from upstream's
version; and I'm very doubtful if you even added any substantial gain in
security with these modifications.
If you think you need to protect users from security breeches your way
(by adding a non-standard, now old feature back to your current CUPS (a
feature that was dropped by the CUPS developers themselves), then please
at least do it in a way that still allows to configure away your default
(by also re-enabling the "RunAsUser No" directive in cupsd.conf).
Hence, my feature requests:
-- either return to the same setup as upstream CUPS sources,
-- or do re-enable the "RunAsUser No" option in cupsd.conf
-- and please do at least make it un-mistakenly clear in the CUPS
docu at localhost:631/help what you changed and how the user can
return to upstream's CUPS behavior for its scheduler and backends.
--
Kurt Pfeifle
System & Network Printing Consultant ---- Linux/Unix/Windows/Samba/CUPS
Infotec Deutschland GmbH ..................... Hedelfinger Strasse 58
A RICOH Company ........................... D-70327 Stuttgart/Germany
---
Infotec Deutschland GmbH
Hedelfingerstrasse 58
D-70327 Stuttgart
Telefon +49 711 4017-0, Fax +49 711 4017-5752
www.infotec.com
Geschaeftsfuehrer: Elmar Karl Josef Wanderer, Frank Grosch, Heinz-Josef Jansen
Sitz der Gesellschaft: Stuttgart, Handelsregister HRB Stuttgart 20398
Der Inhalt dieser E-Mail ist vertraulich und ist nur für den Empfänger bestimmt. Falls Sie nicht der angegebene Empfänger sind oder falls diese E-Mail irrtümlich an Sie adressiert wurde, verständigen Sie bitte den Absender sofort und löschen Sie die E-Mail sodann. Das unerlaubte Veröffentlichen, Kopieren sowie die unbefugte Übermittlung komplett oder in Teilen sind nicht gestattet.Private Ansichten und Meinungen sind, wenn nicht ausdrücklich erklärt, die des Autors und nicht die der Infotec Deutschland GmbH oder deren verantwortliche Direktoren und Angestellte. Eine Haftung für Schäden oder Verlust von Daten durch den Gebrauch dieser Email oder deren Anhänge wird ausgeschlossen.
Weitere Informationen erhalten Sie im Internet unter www.infotec.com oder in jeder Infotec Niederlassung.
This E-Mail is for the exclusive use of the recipient and may contain information which is confidential. Any disclosure, distribution or copying of this communication, in whole or in part, is not permitted. Any views or opinions presented are those of the author and (unless otherwise specifically stated) do not represent those of Infotec Deutschland GmbH or their directors or officers; none of whom are responsible for any reliance placed on the information contained herein. Although reasonable precautions have been taken to ensure that no viruses are present, all liability is excluded for any loss or damage arising from the use of this email or attachments.
For further information please see our website at www.infotec.com or refer to any Infotec office.
Reply to: