[Samba] Issues with print command group membership

John W jwdevel at gmail.com
Wed Aug 7 10:51:39 MDT 2013


I have a Samba print share set up, with a "print command" specified
that just cats the file to /dev/ulpt0. This share is accessed by the
guest Samba account, which I have set to be the 'smbguest' username.

I can manually run the print command as root, and the file prints.
I can manually run the print command as 'smbguest' (through sudo) and
the file prints.

However, when run the command through Samba itself (by printing over
the network from another machine), I get:

    cannot create /dev/ulpt0: Permission denied

This is the same message I would get if I don't have write permissions
to the device.
The device itself has the following permissions:

    $ ls -l /dev/ulpt*
    crw-rw----  1 root  print    0, 142 Aug  5 22:31 /dev/ulpt0

The 'smbguest' account is in the 'print' group, as evidenced below:

    $ groups smbguest
    smbguest smbguestgroup print

so it should be able to write to ulpt0. In fact, it can, when the
command is run through sudo -u smbguest ...

However, when the Samba 'print command' itself is run, the group
membership *only* includes the 'smbguest' group. I altered the print
command to write a log message including the output of `groups`, and
it writes merely 'smbguest', rather than the above three groups.

Is there a general explanation for this, or is this just some weird
Samba idiosyncrasy? I would expect, since Samba is running the command
as the user 'smbguest', that it would have full group membership, but
all my evidence points to that not being the case.

Or maybe there is something more fundamental I'm missing?

I have also tried using 'force group = print', but that does not seem
to have any effect for me. I was following the advice from this post:

Is it a bug?
Something I don't understand?

Any help would be appreciated, thanks.

More information about the samba mailing list