[cups] Question about CUPS 1.6.3 on RHEL SELINUX 7.0 (Presently "Permissive")
Helge Blischke
helgeblischke at web.de
Mon Feb 23 02:01:25 PST 2015
You need to investigate the following SELinux settings:
1. Check out what SELinux user is associated with the operating system user „lp“.
2. Check the role, objects and rules defined for that SELinux user
3. Modify the rules/objects to make your destination directory accessible
(writable) for this SELinux user.
Note that a modification like this might be repeated after system updates.
> Am 23.02.2015 um 00:32 schrieb Kevin King <kevin at precisonline.com>:
>
> The problem I'm having isn't really a printer, but rather a script that
> I've setup to print to a file. We use this script on all our Linux systems,
> but this is the first time on RHEL 7. The script is an interface script
> for a printer (0) that just copies a file from the spool directory to a tmp
> directory.
>
> #!/bin/ksh
> # This printer will output the spooler job to /tmp/spool.
>
> ENTRY=$1
> USER=$2
> FILE=$6
> NEWFILE=/tmp/spool/${USER}-${ENTRY}
>
> echo cp ${FILE} ${NEWFILE} >&2
>
> cp ${FILE} ${NEWFILE}
> chmod 777 ${NEWFILE}
>
> exit 0
>
> This was then created as a printer 0 using this:
>
> lpadmin -p 0 -v file:/dev/null -i /tmp/0
>
> (/tmp/0 is this script.)
>
> Note how all this does is copy the CUPS spooler entry to /tmp/spool and
> give it a name of "user-job#". I have an extra "echo" in there for testing
> but that's inconsequential.
>
> /tmp exists. /tmp/spool exists. Both are wide open in terms of permissions:
>
> sh-4.2# ls -ld /tmp /tmp/spool
> drwxrwxrwt. 23 root root 4096 Feb 21 18:38 /tmp
> drwxrwxrwx 2 root root 6 Feb 21 18:38 /tmp/spool
>
> I should note that the script runs fine - no errors - when run outside of
> the context of CUPS. It also runs in CUPS 1.7.2 on an Ubuntu system and on
> CUPS 1.4.2 on RHEL.
>
> In CUPS, however, here's what happens (from the error_log in CUPS) First
> up, here's the output of the first echo that I added to show the command
> that is about to run:
>
> D [21/Feb/2015:18:26:47 -0500] [Job 60] cp /var/spool/cups/d00060-001
> /tmp/spool/root-60
>
> And then this:
>
> D [21/Feb/2015:18:26:47 -0500] [Job 60] cp: cannot create regular file
> '/tmp/spool/root-60': No such file or directory
> D [21/Feb/2015:18:26:47 -0500] [Job 60] chmod: cannot access
> '/tmp/spool/root-60': No such file or directory
>
> This appears to be telling me that CUPS interface scripts (presently
> configured to run as the lp user) has no visibility to the /tmp directory.
> I've also tried updating a log with:
>
> echo "i am here" > /tmp/out.log
>
> But nothing ever shows up, as if /tmp is entirely missing.
>
> I've gone as far as to enable the lp user to login so that I could verify
> that it can see and write to the /tmp/spool directory. The lp user can see
> the /tmp and /tmp/spool directories, and can write freely to them. So it
> doesn't appear to be a limitation to permissions or that specific user.
>
> But what could it be? I'm running out of options to check. This exact
> script works brilliantly on RHEL 6.6/CUPS 1.4.2 and also on Ubuntu 14.04
> LTS/CUPS 1.7.2. On this one system, however, it's as if /tmp just doesn't
> exist.
>
> Any ideas?
>
> -K
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://www.cups.org/mailman/listinfo/cups
More information about the cups
mailing list