The cupsd.conf portion in relation to the cups digest password file is below. Although, I am not sure how this would affect how the ownership is being changed and how the file is being overwritten. If I was to just make changes with one user the everything works as I would expect. Unfortunately, we need to have the ability for multiple users to make changes.
Code:
<Policy default>
<Limit >
Order allow,deny
Allow All
</Limit>
<Limit Cancel-Job CUPS-Move-Job Hold-Job Pause-Printer Purge-Jobs Release-Job Restart-Job Resume-Printer>
AuthType BasicDigest
Require user @support
</Limit>
<Limit All>
Allow all
</Limit>
</Policy>
If I was to just make changes with one user, then everything works as I would expect. Unfortunately, we need to have the ability for multiple users to make changes.
Like I said, lppasswd is usually a setuid executable -- meaning, it would always be running as the same user no matter who called it. Perhaps that's why it's misbehaving.
Two obvious fixes:
1) sudo. Create a sudo rule which allows people in the lp group to call lppasswd as some other user. Doesn't have to be root. Then they do sudo -u username /usr/bin/lppasswd ... and it always runs as the same user.
2) If this is the only thing you use lppasswd for, you could make the lppasswd program setuid(as is traditional). Again, it doesn't have to be owned by root.
Code:
# In case you mess up the program somehow
tar -cf ~/lp-backup.tar /usr/bin/lppasswd
chown cups:lp /usr/bin/lppasswd
chmod u+x /usr/bin/lppasswd
Then it should always be called by the cups user. (Or whichever user you set it as.)
For now in my testing I took the advice of setting up sudo and I also had to apply the SUID on lppasswd for the user and the group to get it to work correctly. I appreciate all the help Corona.
Code:
-rwsr-sr-x 1 root lp 14640 Feb 25 2010 /usr/bin/lppasswd
Are you sure you need the group-sticky bit? I'm not sure what that even means, if anything, when running an executable...
If you're using sudo, you don't need setuid. If you're using setuid, you shouldn't need sudo. Combining both approaches is liable to be a big security hole.
You should remove read permissions for lp and world. Executable is enough.
If it doesn't work, please show exactly what you did.
I have about 1500 rows (encoded b64(b64(md5($pass))) algorythm) in a file.
I would like reverse the b64 into md5 hash format.
How could I do that from command line? So I need only the correct md5 hash formats.
These row format:
4G5qc2WQzGES6QkWAUgl5w
P9tKxonBOg3ymr8vOBLnDA... (1 Reply)
Hi All
Appreciate your help.
Here is the scenario:
1. Five months back we configured md5 authentication with network devices and NTP server and it worked fine.
2.Last week all of a sudden the network devices are out of sync.
3.We changed the md5 key and it started working.
... (0 Replies)
Hi all,
unable to print from linux box. Earlier it used to work fine.
The print job is sitting in the queue and not going to printer.
Removed queue job and tried again but no luck.
Tried "cupsenable" but ended up with no success.
I tried to print two text files as "root" with "lp " command... (0 Replies)
Hello everyone,
I am looking to basically creating md5sum files for all iso files in a directory and archive the resulting md5 files into a single archive in that very same directory.
I worked out a clumsy solution such as:
#find files for which md5sum are to be created and store the... (1 Reply)
Hi Gurus,
I have small issue...
I used to pass the passwd for sudo commands like below,
gzcat ~/passwd.gz | sudo su - <villin> >> eof
------
-----
------
eof
And it was able to login into "villin" sudo account successfully. But now, I'm using the same in another script for the... (2 Replies)
Hi Folks,
I have Solaris 10, latest release.
We have passwd aging set in /etc/defalut/passwd.
I have an account that passwd should never expire. Acheived by emptying associated users shadow file entries for passwd aging.
When I reset the users passwd using passwd command, it re enables... (3 Replies)
I am trying to compare two identical files by using md5 command, but cant get the right command parameters Please help me with any examples. All I want is to know how to compare two identical files which are residing on two different machines in my local network, for example:
Host_A -... (6 Replies)
I think it's a problem of gtar, but i'm note sure...
I use gtar to create an archive from a directory
then i use md5 to get an md5 string for the archive
bzip2 to compress the archive
and md5 again for the compressed archive.
I send the file to my backup machine.
When i download the... (1 Reply)
06-08-2012
