Pause/Resume printing jobs: SOLVED, sorta

Joel Hammer jhammer2 at home.com
Thu Nov 29 18:17:04 GMT 2001 

This is the default lpd.perms that came with the LRPNG sources:
To get out all the comments, this works well in vi:
:g/^#/d
It doesn't look so intimidating once you take out the comments.
ACCEPT SERVICE=C SERVER REMOTEUSER=root 
ACCEPT SERVICE=C LPC=lpd,status,printcap
REJECT SERVICE=C
ACCEPT SERVICE=M SAMEHOST SAMEUSER
ACCEPT SERVICE=M SERVER REMOTEUSER=root
REJECT SERVICE=M
DEFAULT ACCEPT                  

I added hold and relese to the second line above.
ACCEPT SERVICE=C LPC=lpd,status,printcap,hold,release  
This lets any user pause and restart jobs.
lpd.perms seems to give an amazing degree of control over who can use the
print queue and how. The only problem is that people logged directly into
the linux network can pause and delete everybody's else's job, using the
above lpd.perms,  but windows users going through samba cannot. Well, I think 
I will put this problem to rest, at least for now.
Joel




On Wed, Nov 28, 2001 at 10:25:33PM -0500, Joel Hammer wrote:
> Well, the original post drifted away, so I added a new name, hoping this
> won't be overlooked.
> This is due to two things:
> First, when lpd starts up, it reads lpd.perms, which may reside in
> /etc/lpd.perms, other etc locations, and/or in the print queue itself.
> lpd.perms is dense, beyond me for now, but, if you make it a one line
> configuration file:
> DEFAULT ACCEPT
> then you allow everyone to access the full range of lpc and other commands.
> Not very secure but this is troubleshooting. Make sure your firewall is up.
> Second, unlike linux, which allows everyone then to alter print jobs in the
> queue, windows only allows the owner of the file to alter the print job,
> even with DEFAULT ACCEPT as above. Ergo, in a windows environment, this
> DEFAULT ACCEPT may not be too serious. A windows user cannot for example
> cancel any print jobs other than the ones he owns under the name he logged
> into windows with, and, he cannot stop the queue, etc, as far as I can see.
> (I would definitely check this out for yourself. By day I examine
> gallbladders for a living.) 
> So, if the user name in windows is the same as the user name that samba is
> working with, and I have made lpd.perms a one line open door as above,
> then I can pause and resume jobs. Yeaah!.
> However, if the windows user name is different from the user name in samba,
> and it will be different if you have a guest login like ftp, then the windows
> user cannot pause and resume jobs.  Windows won't let them.
> Now, there may be errors in this explanation, since I cannot exhaustively
> try every combination of variables and still keep my day job,  but, that is
> what I have done and it works.
> It is somewhat shocking that a linux tech support hotline wouldn't have
> thought of lpd.perms as the reason for this. After all, they do this for
> their bread and butter.
> Joel
> 
> 
> 
> 
> On Mon, Nov 26, 2001 at 12:48:41PM -0600, Tony Ricker wrote:
> > All,
> > 	I have the following in my smb.comf for printing commands...
> > 
> > # NOTE: If you have a BSD-style print system there is no need to 
> > # specifically define each individual printer
> > [printers]
> >    comment = All Printers
> >    path = /var/spool/samba
> >    browseable = no
> >    print ok = yes
> >    print command = /usr/bin/lpr -P%p -r %s
> >    lpq command = /usr/bin/lpq -P%p
> >    lprm command = /usr/bin/lprm -P%p %j
> >    lppause command = /usr/sbin/lpc hold %p %j
> >    lpresume command = /usr/sbin/lpc release %p %j
> >    queuepause command = /usr/sbin/lpc -P%p stop
> >    queueresume command = /usr/sbin/lpc -P%p start
> > 
> > I got this from a tech guy from Red Hat. When I try to pause a print
> > job, it says "You do not have sufficient privaliges to modify this job."
> > I did a chmod 777 on /usr/bin and /usr/sbin to no avail. Red Hat support
> > (oxymoron) says that they have no idea as to what would be causing this
> > (windoze or linux). Any ideas?  Has anyone ran into this? System config
> > is Red Hat 7.1 with samba 2.2.2
> > 
> > Cheers,
> > 
> > Tony
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list