nobody uid printing

William Knox wknox at mitre.org
Thu Dec 9 12:02:35 GMT 1999 

Chris,
The way that we handle the situation here is as follows -

security = user
map to guest = Bad User
print command = /usr/local/bin/lpr -P%p -U%U %s; rm -fr %s

The lpr we are using is LPRng, which since 3.6.5 (I believe that is the
correct version) has had the capability to allow specified non-root
users (in this case nobody) to use the -U flag, which sets the user
information in the banner.

With regards to switching to 'security = user' in respect to your other
shares, you will then have to set up accounts on the box in order to
allow access.

-- 
			Bill Knox
			Operating Systems Programmer/Analyst
			The MITRE Corporation

Christopher Dingle wrote:
> 
> Hi,
> 
> Background info: running samba 2.0.5a on Solaris 2.6
> Security = share
> 
> This is the printer share definition, note no guest or public definition.
> 
> [printers]
>    comment = All Printers
>    browseable = no
> # Set public = yes to allow user 'guest account' to print
>    path = /var/spool/samba
>    printable    = yes
>    createmode   = 0700
> 
> Basically the situation is this:
> 
> I used to have the printers share defined to allow guest to print. However,
> everyone's jobs were coming out with a header page that listed "nobody" as the
> owner. Since the guest parameter was set to nobody this makes sense if guest
> tries to print. What confounded me was that everyone's jobs came out this way.
> So I tried to set guest ok = no and see what would happen. Now when the PC
> users would attempt to print it prompted them for a passwd. If they typed
> the correct passwd that corresponded with the correct unix username that samba
> was attempting to guess, then the print job would come out and with the correct
> username. I know that the PC clients don't send usernames and that in share mode
> samba  attempts to guess the user. This has worked well enough, but the security of
> this setup is wanting, for obvious reasons and anyway it's icky.
> 
> What I would like to do is this:
> 
> Perhaps change security = user. However, I am wondering how this would impact
> users' ability to access their shares. In some cases, there is a valid users
> list for a given share. What are the implications of security = user in terms
> of this? Would this solve my problem?
> 
> What I want is for users to be able to access the printers without having to
> enter a passwd, and also have the header page display the correct username.
> This may sound trivial, but it hasn't seemed so to me. I've tried tuning a
> number of different configuration parameters in smb.conf, defining %u for a
> given connection, etc.
> 
> I was new to samba administration about 6 months ago. I hope this question is
> not terribly obtuse.
> 
> Thanks in advance for any help or suggestions.
> 
> Chris
> 
> --
> Christopher M. Dingle
> Unix SysAdmin
> Smithsonian Astrophysical Observatory
> High Energy Astrophysics Division
> http://hea-www.harvard.edu

More information about the samba mailing list