> [EMAIL PROTECTED] wrote : >> > Le Samedi 18 Octobre 2003 11:43, Buchan Milne a écrit : >> >> No significant advantage over CUPS (AFAIR). >> > >> > So would you prefer cups for a printer not shared (for both security >> and size reasons) ? >> >> I have no such printers ;-). > > unlike many people (such as standalone desktops) ;-)
Huh? What is that? ;-) (sorry, but no place I have been recently has less than 2 computers, and if you have 2 computers and a printer ...). > >> Till probably has some other reasons ... > > I wonder which ones. > > > I found this script: > /etc/dynamic/scripts/functions.script > > check_activated $0 > > MODE=660 > OWNER=lp.sys > > if [ -x /usr/sbin/update-alternatives ]; then > TYPE=`/usr/sbin/update-alternatives --display lpr 2> /dev/null | > grep > currently | cut -f 6 -d ' '` > case "$TYPE" in > *lpd) MODE=660; OWNER=lp.lp;; > *cups) MODE=660; OWNER=lp.sys;; > *pdq) MODE=666;; # should be done via pam_console > esac > fi > ... > > Is pdq less secure than others for this ? In some ways yes, in others, no. PDQ doesn't have a spooler, so all users need to be able to print. Currently it looks like this is just done by makeing the print devices world-writeable. As the comment says, pam_console (see /etc/security/console.perms) would be better, which is how a lot of other devices are managed. Of course, PDQ doesn't have a daemon running with elevated priveleges (like CUPS does). So, with PDQ you are allowing any logged in user to send any data they like to the machine, with CUPS you are allowing any remote user (unless you do some work securing it) to send data to port 631 on your machine. Worst case scenario for PDQ is someone sends data to your printer that does it some harm (or uses your paper). With CUPS, they could again elevated priveleges, *and* waste all your paper ;-). For a single-user, non-networked machine, PDQ is better. But, for a network, CUPS is just so much easier (easier than Windows printing since you just plug a machine in the network and it finds all printers, and you don't have to worry about printer drivers etc). Regards, Buchan
