Didier 'OdyX' Raboud [2012-11-10 12:48 +0100]: > * Have cupsd run as lp user
We had done that in Debian for several years for security reasons. We had a huge patch to make most of cups work as user "lp", but at some point I gave up: it caused too many bugs, didn't work with a lot of third-party drivers, and broke with every new upstream release. Upstream has never bought into the idea of running the main server as an unprivileged system user unfortunately. So this is possible in principle, but will mean a huge maintenance overhead. > * Forbid any changes to the config file from the webinterface That would drop a huge piece of functionality. > * Another idea ? cupsd could temporarily drop privileges to lp when reading log files; with that you are restricted to reading world-readable files as well as cups' own files, which should be fine? Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
