[cups.general] Q. Proper way to startup cupsd as a non-root useras opposed to debian hacks?

Michael Sweet mike at easysw.com
Tue Jun 6 08:22:36 PDT 2006


Klaus Singvogel wrote:
> wtautz wrote:
>> Michael, Does cups allow running as a non-root user? Obviously
>> I know I could just start it up as a non-root user but that clearly
>> implies it would have limited capabilities from the start.
>>
>> Most daemons that run as a non-root user usually start up
>> as root and then exec a child with lesser priviledges *after*
>> they checked things like permissions and the like.
> 
> I (SUSE) endorse this proposal too (again :). The objections of our
> security team would be reduced then, and we might provide an enabled
> daemon after installation in the future (= means without a required
> interaction from the user).

And I, again, reject this proposal on the grounds that it a) leaves
you with a crippled cupsd and b) increases the potential security
vulnerabilities in CUPS.

SuSE has AppArmor, right?  Use it!

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Internet Printing and Document Software          http://www.easysw.com




More information about the cups mailing list