[cups.general] Q. Proper way to startup cupsd as a non-root user asopposed to debian hacks?
Kurt Pfeifle
kpfeifle at danka.de
Tue Jun 6 10:38:29 PDT 2006
wtautz <wtautz at cs.uwaterloo.ca> wrote (Tuesday 06 June 2006 19:26):
> Michael Sweet wrote:
>
>> wtautz wrote:
>>
>>> Michael, Does cups allow running as a non-root user? Obviously
>>> I know I could just start it up as a non-root user but that clearly
>>> implies it would have limited capabilities from the start.
>>>
>>> Most daemons that run as a non-root user usually start up
>>> as root and then exec a child with lesser priviledges *after*
>>> they checked things like permissions and the like.
>>
>>
>> Actually, it is a crap shoot whether the daemon will do this
>> for you, however for CUPS we MUST run as root in order to do
>> many common things. As I covered in my presentation at the
>> Linux Printing Summit this year, running as an unprivileged
>> user is actually *less* secure with CUPS, as you lose the
>> privilege separation between scheduler and filters which have
>> a lot less auditing done on them...
>
> Are the slides for this presentation available online?
All slides are available here:
http://groups.osdl.org/workgroups/dtl/desktop_architects/desktop_printing
Specifically, Mike's "CUPS 1.2 Overview" one is here:
http://groups.osdl.org/apps/group_public/download.php/2251/print-summit-cups-1.2-overview.pdf
Cheers,
Kurt
More information about the cups
mailing list