[cups.bugs] [LOW] STR #2211: "Export Printers to Samba" doesn'tworkfornewly added printers
Christoph Peus
cp at uni-wh.de
Tue Jan 30 15:05:39 PST 2007
Michael Sweet wrote:
> Christoph Peus wrote:
>> ...
>> Have you perhaps misunderstood me? I suggest to make this command part
>> of the "Export Printers to Samba" feature, and you can be sure that
>> *every* administrator, who clicks that button wants to share the
>> printer via Samba.
>
> We can't depend on sudoers being configured this way, and we'd have
> to open the account that the CGIs run under ("lp" with the default
> configuration on Linux), which is a HUGE security hole.
You don't have to depend on a special sudoers configuration. If this
configuration doesn't exist, the system will behave exactly like it
behaves now: the "sudo smbcontrol..." command will fail and the sysadmin
has to send the reload-config command to samba manually. If it *is*
configured this way - which is completely the sysadmins responsibility -
the user lp is permitted to make samba reload the config and nothing
else. I can't see the security hole here. But it's your software, so I
have to respect your decision.
>> Would you *please* reconsider implemeting this feature? :)
>
> Sorry, no.
But it's opensource software too. So I did it myself... ;-)
*** cgi-bin/admin.c.org 2006-08-24 17:55:42.000000000 +0200
--- cgi-bin/admin.c 2007-01-30 14:00:31.000000000 +0100
***************
*** 2111,2116 ****
--- 2111,2119 ----
* Do export...
*/
+ fputs("DEBUG: Make samba recognize newly added printers...\n",
stderr);
+ system("sudo smbcontrol smbd reload-config");
+
fputs("DEBUG: Export printers...\n", stderr);
if (export_all)
More information about the cups-devel
mailing list