[cups.general] privilege separation, what is it,and does cupsd use it?
wtautz
wtautz at cs.uwaterloo.ca
Mon Jul 31 11:14:14 PDT 2006
Michael Sweet wrote:
> wtautz wrote:
>> ...
>> I notice that sshd is running as root . Does debian make it run as
>> non-root? No, it runs as root. And yet we see cupsd running as cupsys
>> user? Seems contradictory to the claim that all daemons should run as
>> non root user in order to be secure. It seems rather presumptuous for
>> outside distributions to hack upstream sources in a not so thought
>> out manner, or perhaps I'm just misguided? I've heard that
>> Debian/Etch runs cupsd as root? Can anyone confirm?
>
> There is a bit of a double-standard. In the case of sshd, it *must*
> run as root in order to do its job. CUPS, on the other hand, can run
> as an ordinary user (I do it all the time for testing purposes), but
> you lose a lot of functionality by doing so.
>
> The best thing you can do is complain to your Linux distribution of
> choice. Be polite and explain why the changes they've made are
> causing problems for you. Escalate your complaints to the top (CEO,
> president, whatever) if you have to.
>
I think Kurt and I have pestered some of the Ubuntu guys ;-)
Do think most of the problems you face in loss of functionality
when running cupsd as a non root user can be overcome in the
long run? I guess there are lot of issues since you have to worry
about many different platforms :-)
walter
More information about the cups
mailing list