[Samba] "CREATOR OWNER" with samba
Joris De Pooter
joris.de.pooter at atempo.com
Tue Aug 2 09:38:06 GMT 2005
Gerald (Jerry) Carter a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Joris De Pooter wrote:
>
> | It's me again,
> |
> | Today, I saw one of my user couldn't delete its own print job.
> | I think there's a problem with unix access rights, because
> | from my linux box as root I was able to delete that job
> | with lprm command.
> |
> | Here's a truncated listing of my /var/spool/cups directory :
> |
> | -rw------- 1 root lp 630 Aug 1 17:26 c13354
> | -rw-r----- 1 root lp 38346 Aug 1 17:22 d13352-001
> |
> | As you can see, the job d13352-001 is owned by root:lp
> | although my user is logged (with winbind) as tartenpion.
> | Is this the reason why my user tartenpion can't delete his
> | own job ? I think this is strange, and moreover Cups is
> | setup to run as lp:lp
> |
> | What's the good way to fix this ?
> | Thanks for any help, cheers !
>
> Newer versions of Samba should run the lprm command as root
> if you pass the print_access_check(). Have you tested
> the 3.0.14a release? I don't remember when I fixed that bug.
>
Hello Jerry,
I was using Samba 3.0.10 and i've just upgraded to samba 3.0.14b
(which appears to be a 3.0.14a when I look in the logs)
Still no luck : my jobs are undeletable, beside by root himself.
I have however a behaviour that I haven't before : sometimes I
can delete a job but soon after it gets renamed with "remote
downlevel document" and still can't be deleted
Can you tell what does print_access_check() checks ? Maybe I will
find out where the problem is.
Anyway, i join a copy of my smb.conf with the relevant parameters
[global]
security = domain
name resolve order = wins bcast
load printers = yes
printing = cups
lppause command = /usr/bin/lp -i%j -Hhold
lpresume command = /usr/bin/lp -i%j -Hresume
lprm command = /usr/bin/lprm -P%p %j
template homedir = /dev/null
template shell = /bin/false
[print$]
comment = Drivers Imprimantes
path = /var/lib/samba/printers
write list = @"mydomain+domain admins"
guest ok = no
browseable = yes
read only = yes
inherit permissions = yes
[printers]
comment = Toutes les imprimantes
path = /var/spool/samba
guest ok = no
printable = yes
browseable = yes
Cheers!
--
Joris De Pooter
Tél.: +33(0)164868319
More information about the samba
mailing list