Xauth running in an interactive CUPS shell

Helge Blischke h.blischke at acm.org
Wed Mar 2 06:53:25 PST 2011


Cups Seg wrote:

> Hello,
> 
> I have written a cups backend that uses a tool to send a printing job to
> an X Client. The way it works is simple, the tool checks for which display
> that client is connected to and then executes the tool with two switches,
> display names and filename.
> 
> In order to achieve this, with xauth in use, I have had to inject the
> MIT-COOKIE into the lp users .Xauthoirty file. I'm doing this with an ugly
> method of sudo, not very secure, but working. I dont mind to much as it's
> an segregated environemtn.
> 
> However, when I execute the util, after doing su - lp (Yes, I changed the
> shell to a working one), I am able to run the utility and it uses the
> MIT-COOKIE. However, when I try to run "lp filename" as another user, and
> execute the backend script, I get the following error message :
> 
> D [02/Mar/2011:13:19:24 +0000] [Job 6] elpr - Exceed Remote Print Utility,
> Version 13.7 D [02/Mar/2011:13:19:24 +0000] [Job 6]
> D [02/Mar/2011:13:19:24 +0000] [Job 6] Successful socket connection to
> app01.wa.vs.jepphost.com:11 D [02/Mar/2011:13:19:24 +0000] [Job 6]
> XOpenDisplay Failed reason: "No protocol specified D [02/Mar/2011:13:19:24
> +0000] [Job 6] " D [02/Mar/2011:13:19:24 +0000] [Job 6] Could not open
> display: "hostname.domain.tld:11"
> 
> This per say doesn't mean that the tool doesn't work, but that the lp user
> doesn't pick up it's .Xauthority file before sending of the job.
> 
> Does anyone know how I can get the lp user to use the .Xauthority file?

Wouldn't it be easier for the backend to become the requesting-user and 
connect to the (remote) display as that?

Helge





More information about the cups mailing list