Subject: /var/spool/lpd permissions
To: None <current-users@NetBSD.ORG>
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
List: current-users
Date: 07/09/1998 08:19:48
I've poked around a bit and can't find where the /var/spool/lpd (and
children's) permissions are originally set.

I just came across a problem where a third-party filter (lprps)
complained about "can't write status: permission denied".  It turned
out to be the /var/spool/lpd/lp/status file, and it wanted something
that was daemon writable.  Changing the owner of the spool directory
and the files in it from root.wheel to daemon.daemon made it happy.

My question now, is did I ham-fist the permissions at one point, or
did some netbsd install set them up incorrectly?  I can't find where
the example directories come from.

Furthermore, is daemon.daemon even correct for the file/directory
permissions?  Does it open up any exploits (like symlink hacks from
daemon that otherwise couldn't be done via a different program in a
different directory???)

The lpd filters seem to run with daemon permission, and this one
(lprps) tries to be clever and puts the postscript errors/info mesgs
into the status file.  Its a nice feature and I'd hate to have to hack
it out.

-wolfgang
-- 
Wolfgang Rupprecht  		<wolfgang+gnus@spam.free.or.die.wsrcc.com>  
http://www.wsrcc.com/wolfgang/