Your message dated Mon, 11 Aug 2008 20:13:45 +0200
with message-id <[EMAIL PROTECTED]>
and subject line #372270 smbclient: smbspool's kerberos support is broken by
CUPS 1.2 unless chmoded 0700
has caused the Debian Bug report #372270,
regarding smbclient: smbspool's kerberos support is broken by CUPS 1.2 unless
chmoded 0700
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
372270: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=372270
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: smbclient
Version: 3.0.22-1
Severity: wishlist
The problem is as follows:
CUPS 1.2 setuids its backends to a safe user (lp on Debian) unless the
backend is chmod 0700.
CUPS 1.1 ran its backends as whatever user cupsd was running as (root on
Debian)
(Apparently this change wasn't important enough to appear in the
CUPS 1.2 changelogs)
/usr/bin/smbspool (called via symlink from /usr/lib/cups/backends/smb)
will not run setuid (libsmb rejects this, quite sensibly)
As noted in #371143, RunAsUser in /etc/cupsd.conf has no effect as of
CUPS 1.2.
smbspool needs to be root to read mode 600 /tmp/krb5cc*, to be able to
submit print jobs to Active Directory-based print servers without
putting the username and password into the Device URI.
The problem is of course that making smbspool 0700 in the .deb means it
can't be used by non-priviliged users, which is pretty much everyone
except those trying to use the kinda-hacky kerberos support in smbspool.
So this becomes wishlist... And mybe slightly documentation for the
next poor soul to spend all afternoon beating cups with a stick. ^_^
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (950, 'unstable'), (900, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-686
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
--
Paul "TBBle" Hampson, [EMAIL PROTECTED]
Shorter .sig for a more eco-friendly paperless office.
pgp9fphE8Jjty.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Hello,
I'm closing this bug report because the reporter didn't answered sind
March 2008. http://bugs.debian.org/372270
If you think this is wrong tell us (and we will reopen it again).
--
Noèl Köthe <noel debian.org>
Debian GNU/Linux, www.debian.org
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
--- End Message ---
