Colin Wood writes:
> Take a look at /etc/mtree.  I think it contains files which list the
> "proper" permissions for everything.

Thanks. I'd glanced at that file, but for some reason it didn't click.
(I was expecting a file with permissions on each line.)

If I'm reading it correctly, /var/spool/lpd defaults to root.wheel .

In /usr/src/usr.sbin/lpr/lpd/lpd.c we find:

 * Strategy to maintain protected spooling area:
 *	1. Spooling area is writable only by daemon and spooling group
 *	2. lpr runs setuid root and setgrp spooling group; it uses
 *	   root to access any file it wants (verifying things before
 *	   with an access call) and group id to know how it should
 *	   set up ownership of files in the spooling area.
 *	3. Files in spooling area are owned by root, group spooling
 *	   group, with mode 660.
 *	4. lpd, lpq and lprm run setuid daemon and setgrp spooling group to
 *	   access files and printer.  Users can't get to anything
 *	   w/o help of lpq and lprm programs.

It appears that the code at one point assumed that the spool would be
daemon writable.  Some place along the line things seem to have become
more restrictive...

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
	  Never trust a program you don't have sources for.