[Samba] Problem with job removal
Arthur Guez
joyman555 at gmail.com
Mon May 29 22:27:36 GMT 2006
Hi,
We've been stuck with this problem for a while now and we believe I tried
enough potential solutions to justify my posting here.
We're using samba 3.0.14a in Sarge in order to allow printing from Windows
workstations (The authentication works with AD+Kerberos+Winbind) to a set of
shared printers. Printing works perfectly but we would like to allow users
to have control over the jobs (most importantly remove jobs) they submit and
them only. Unfortunately this does not seem to work with any of the
configurations we've tried. When a job is cancelled, it is replaced in the
windows queue by a job called "remote downlevel document"
Here are the relevant sections of our smb.conf file: (without any of the
hacks we attempted)
[printers]
comment = All Printers
path = /var/spool/lpd
printable = yes
printing = lprng
load printers = yes
printcap name = /etc/printcap
guest ok = no
print command = /usr/bin/lpr -P%p -r %s
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/lprm -P%p %j
lppause command = /usr/sbin/lpc hold %p %j
lpresume command = /usr/sbin/lpc release %p %j
queuepause command = /usr/sbin/lpc stop %p
queueresume command = /usr/sbin/lpc start %p
One of the things we've tried to do was to replace the lrprng commands
called by samba with setuid programs which call the same commands but
specify the user using the -U option.
This works for lpr as desired but for some unknown reason it seems that the
program that should be called instead of lprm is only called at times when a
user tries to remove a "remote downlevel document". (When called on a
"normal" job, it gets turned into a remote downlevel, but the program is NOT
called)
Here is the same file as above, configured for the above method:
(we're using the default lpd.perms)
[printers]
comment = All Printers
path = /var/spool/lpd
printable = yes
printing = lprng
load printers = yes
printcap name = /etc/printcap
guest ok = no
print command = /usr/bin/setlpr "%U@%M" "%p" "%s"
lpq command = /usr/bin/lpq -P%p
lprm command = /usr/bin/setlprm "%U@%M" "%p" "%j"
...
and the programs look like this: (they are setuid)
setuid(0)
system("lprm -U%s -P%s %s", arg1, arg2, arg3);
Also, we tried to modify the source, but we were surprised by the fact that
samba is doing so much permission checking, isn't that the role of lprng ?
Any kind of help would be greatly appreciated, thanks in advance.
Arthur
NOTE: Our users are of the form "CAMPUS\username". I don't know if the
backslash can cause a problem, but without using the -U option, the owner
appears as "CAMPUS\username" in lpq but just "username" in the windows
queue, and then "CAMPUS\username" in the windows queue when it is a remote
downlevel document. When using our programs with the -U option it's just
"username" everywhere.
More information about the samba
mailing list