[cups.bugs] [MOD] STR #1349: RunAsUser support: regressions from 1.1.x, aux groups fix

martin.pitt.canonical martin.pitt at canonical.com
Tue Nov 29 06:05:22 PST 2005


[STR New]

Compared to 1.1.23, version 1.2 introduced some regressions in the
RunAsUser support. In addition, one important fix is still not done
upstream for running cupsd as non-root in a sensible manner.

I fixed the outstanding things in Ubuntu, where it now works pretty well.
Do you consider applying the patches upstream?

1. 1.2 regression: scheduler/conf.c: Use CUPS_DEFAULT_GROUP instead of
"root" for Group, just as in 1.1.x.

--- cupsys-1.1.99.b1.r4841~/scheduler/conf.c
+++ cupsys-1.1.99.b1.r4841/scheduler/conf.c
@@ -371,7 +371,7 @@
   * Find the default group (nobody)...
   */

-  group = getgrnam("root");
+  group = getgrnam(CUPS_DEFAULT_GROUP);
   endgrent();

   if (group != NULL)

2. 1.2 regression: Generate a certificate even when running as normal
user:

--- cupsys-1.1.99.b1.r4841~/scheduler/main.c
+++ cupsys-1.1.99.b1.r4841/scheduler/main.c
@@ -818,8 +819,7 @@
     * Update the root certificate once every 5 minutes...
     */

-    if ((current_time - RootCertTime) >= RootCertDuration &&
RootCertDuration &&
-        !RunUser)
+    if ((current_time - RootCertTime) >= RootCertDuration &&
RootCertDuration)
     {
      /*
       * Update the root certificate...


3. Use initgroups() instead of setgroups() to run in all auxiliary groups
the cups user is put into. This is necessary since the privilege to access
parallel/USB ports (lp), serial ports (dialout), and shadow passwords
(shadow) are distributed over different groups.

--- cupsys-1.1.99.b1.r4841~/scheduler/main.c
+++ cupsys-1.1.99.b1.r4841/scheduler/main.c
@@ -52,6 +52,7 @@
 #include <sys/resource.h>
 #include <syslog.h>
 #include <grp.h>
+#include <pwd.h>

 #if defined(HAVE_MALLOC_H) && defined(HAVE_MALLINFO)
 #  include <malloc.h>
@@ -440,7 +441,7 @@
   if (RunAsUser)
   {
     setgid(Group);
-    setgroups(1, &Group);
+    initgroups(getpwuid(User)->pw_name, Group);
     setuid(User);
   }

Link: http://www.cups.org/str.php?L1349
Version: 1.2-current





More information about the cups-devel mailing list