[Samba] "CREATOR OWNER" with samba

Tue Aug 2 09:38:06 GMT 2005

Gerald (Jerry) Carter a écrit :
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Joris De Pooter wrote:
> 
> | It's me again,
> |
> | Today, I saw one of my user couldn't delete its own print job.
> | I think there's a problem with unix access rights, because
> | from my linux  box as root I was able to delete that job
> | with lprm command.
> |
> | Here's a truncated listing of my /var/spool/cups directory :
> |
> | -rw-------  1 root lp   630 Aug  1 17:26 c13354
> | -rw-r-----  1 root lp 38346 Aug  1 17:22 d13352-001
> |
> | As you can see, the job d13352-001 is owned by root:lp
> | although my user is logged (with winbind) as tartenpion.
> | Is this the reason why my user tartenpion can't delete his
> | own job ? I think this is strange, and moreover Cups is
> | setup to run as lp:lp
> |
> | What's the good way to fix this ?
> | Thanks for any help, cheers !
> 
> Newer versions of Samba should run the lprm command as root
> if you pass the print_access_check().  Have you tested
> the 3.0.14a release?  I don't remember when I fixed that bug.
> 

Hello Jerry,

I was using Samba 3.0.10 and i've just upgraded to samba 3.0.14b 
(which appears to be a 3.0.14a when I look in the logs)
Still no luck : my jobs are undeletable, beside by root himself.
I have however a behaviour that I haven't before : sometimes I 
can delete a job but soon after it gets renamed with "remote 
downlevel document" and still can't be deleted

Can you tell what does print_access_check() checks ? Maybe I will 
find out where the problem is.

Anyway, i join a copy of my smb.conf with the relevant parameters

[global]
         security = domain
         name resolve order = wins bcast

         load printers = yes
         printing = cups

         lppause command = /usr/bin/lp -i%j -Hhold
         lpresume command = /usr/bin/lp -i%j -Hresume
         lprm command = /usr/bin/lprm -P%p %j

         template homedir = /dev/null
         template shell = /bin/false

[print$]
         comment = Drivers Imprimantes
         path = /var/lib/samba/printers
         write list = @"mydomain+domain admins"
         guest ok = no
         browseable = yes
         read only = yes
         inherit permissions = yes

[printers]
         comment = Toutes les imprimantes
         path = /var/spool/samba
         guest ok = no
         printable = yes
         browseable = yes

Cheers!

-- 
Joris De Pooter
Tél.: +33(0)164868319