Wolfgang Rupprecht wrote:
> 
> I've poked around a bit and can't find where the /var/spool/lpd (and
> children's) permissions are originally set.
> 
> I just came across a problem where a third-party filter (lprps)
> complained about "can't write status: permission denied".  It turned
> out to be the /var/spool/lpd/lp/status file, and it wanted something
> that was daemon writable.  Changing the owner of the spool directory
> and the files in it from root.wheel to daemon.daemon made it happy.
> 
> My question now, is did I ham-fist the permissions at one point, or
> did some netbsd install set them up incorrectly?  I can't find where
> the example directories come from.

Take a look at /etc/mtree.  I think it contains files which list the
"proper" permissions for everything.
 
> Furthermore, is daemon.daemon even correct for the file/directory
> permissions?  Does it open up any exploits (like symlink hacks from
> daemon that otherwise couldn't be done via a different program in a
> different directory???)

That I just don't know.

I hope this helps.

Later.

-- 
Colin Wood                                 cwood@ichips.intel.com
Component Design Engineer - PMD                 Intel Corporation
-----------------------------------------------------------------
I speak only on my own behalf, not for my employer.