[cups.general] Q. Proper way to startup cupsd as a non-root user asopposed to debian hacks?
wtautz
wtautz at cs.uwaterloo.ca
Tue Jun 6 10:26:10 PDT 2006
Michael Sweet wrote:
> wtautz wrote:
>
>> Michael, Does cups allow running as a non-root user? Obviously
>> I know I could just start it up as a non-root user but that clearly
>> implies it would have limited capabilities from the start.
>>
>> Most daemons that run as a non-root user usually start up
>> as root and then exec a child with lesser priviledges *after*
>> they checked things like permissions and the like.
>
>
> Actually, it is a crap shoot whether the daemon will do this
> for you, however for CUPS we MUST run as root in order to do
> many common things. As I covered in my presentation at the
> Linux Printing Summit this year, running as an unprivileged
> user is actually *less* secure with CUPS, as you lose the
> privilege separation between scheduler and filters which have
> a lot less auditing done on them...
Are the slides for this presentation available online?
More information about the cups
mailing list