permission of lpd, ipp, mdns changes
Doil Lee
doillee at gmail.com
Wed Nov 7 05:22:32 PST 2007
Thanks for the quick and clear answer. Actually, the problem I have is as follows:
1. I made my own backend and created link files with original backend file names which points to my backend and moved original backends in safe place.
2. As a result, cups scheduler always calls my backend, after I grab some information I call the original backend. This worked fine until Mac OS 10.4.x which uses CUPS 10.1.x, where lpd, ipp, mdns has 755 permission.
3. Now when I fork and execv to launch mdns from my backend, I always get 'Permission denied' error. Of course this works fine for pap backend.
It would be really appreciated if you could shed some light on this issue.
Thanks,
Doil Lee
> Doil Lee wrote:
> > Hi,
> >
> >>From Mac OS Leopard release, I've found that permission of lpd, ipp, mdns backends has been changed from 755 to 700. Is there any specific reason for the change?
>
> Yes, beginning with CUPS 1.2, backends with world execute permissions
> are run as the user "lp" (or "_lp", as is used on Leopard) while
> backends without world execute permisssions are run as root. This
> further limits what is running as root while simultaneously preventing
> users from running these backends (which require root access) directly.
>
> The lpd backend needs root access to reserve a privileged IP source
> port (a requirement of RFC 1179).
>
> The IPP backend needs root access to access authentication
> credentials, both the proxy kind introduced in CUPS 1.2 (username,
> password, and domain) and Kerberos credentials which were introduced
> in CUPS 1.3.
>
> The mdns backend needs root access since it runs the lpd or IPP
> (or socket) backends based on the type of connection supported by
> the remote end.
>
> --
> ______________________________________________________________________
> Michael R Sweet Senior Printing System Engineer
>
More information about the cups
mailing list