tag 427559 confirmed retitle 427559 cupsys: make backend permissions behaviour compatible to upstream thanks
Hi Kurt, Kurt Pfeifle [2007-06-04 23:19 +0200]: > * you have changed cupsd to run as user cupsys, while upstream CUPS > developers have dropped this again (and they gave very good reasons > for that) when they released 1.2.0. I had lots of conversations about this with upstream, and none of the reasons he gave justified running cups as root, but that's a different story. > * in previous upstream versions when cupsd ran as an unprivileged user, > it was possible to use "RunAsUser No" in cupsd.conf -- you have re- > applied that old patch without keeping the user option to not follow > your default. Right, because upstream does not want to reintroduce it, so I don't want to make incompatible configuration file options. > * you have removed the possibility to run individual backends as root > (by simply giving them 0700 permissions and root ownership). You can still do that, and it's done by default with lpd. The backends needs to be set to root:lp 4754. Most of your problems seem to come from incompatible behavior of backend permissions. I agree that we need to do something about it. Documenting it would be one possibility, but I think it is even better to change our cups to become compatible with upstream again wrt. backend permissions. This could be done by a single suid root 'backend runner' instead of having lots of suid root backends. Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org
signature.asc
Description: Digital signature