[Pkg-samba-maint] Bug#459243: samba: cupsaddsmb doesn't work as non-root
Luca Capello
luca at pca.it
Fri Jan 4 22:50:10 UTC 2008
Package: samba
Version: 3.0.24-6etch9
Severity: normal
Hello,
since /var/lib/samba/printers is owned by root:root and it's 755, thus
cupsaddsmb fails to work as a non-root user. In the example below
- user luca belongs to the lpadmin group
- /etc/samba/smb.conf is a plain etch one with
########## Printing ##########
printer admin = @lpadmin
[print$]
write list = @lpadmin
=====
root at tinello:/home/luca# cupsaddsmb -v -U luca -H localhost -a
Password for luca required to access localhost via SAMBA:
Running command: smbclient //localhost/print$ -N \
-A /var/spool/cups/tmp/4778dc059c251 -c 'mkdir W32X86;put [...]'
WARNING: The "printer admin" option is deprecated
Domain=[TINELLO] OS=[Unix] Server=[Samba 3.0.24]
NT_STATUS_ACCESS_DENIED making remote directory \W32X86
Failed to open \W32X86/HP_Color_LaserJet_CM1017_MFP.ppd: NT_STATUS_OBJECT_PATH_NOT_FOUND
Failed to open \W32X86/ps5ui.dll: NT_STATUS_OBJECT_PATH_NOT_FOUND
Failed to open \W32X86/pscript.hlp: NT_STATUS_OBJECT_PATH_NOT_FOUND
Failed to open \W32X86/pscript.ntf: NT_STATUS_OBJECT_PATH_NOT_FOUND
Failed to open \W32X86/pscript5.dll: NT_STATUS_OBJECT_PATH_NOT_FOUND
Unable to copy Windows 2000 printer driver files (1)!
root at tinello:/home/luca# ls -l /var/lib/samba
total 84
-rw------- 1 root root 8192 Jan 1 2007 account_policy.tdb
-rw------- 1 root root 8192 Jan 1 2007 group_mapping.tdb
-rw------- 1 root root 8192 Jan 1 2007 ntdrivers.tdb
-rw------- 1 root root 696 Jan 1 2007 ntforms.tdb
-rw------- 1 root root 8192 Jan 1 2007 ntprinters.tdb
-rw------- 1 root root 16384 Dec 26 22:20 passdb.tdb
drwxr-xr-x 2 root root 4096 Jan 1 2007 perfmon
drwxr-xr-x 2 root root 4096 Dec 30 12:06 printers
-rw------- 1 root root 16384 Jan 1 2007 registry.tdb
-rw------- 1 root root 8192 Jan 1 2007 secrets.tdb
root at tinello:/home/luca# chown -R root:lpadmin /var/lib/samba/printers/
root at tinello:/home/luca# chmod -R 775 /var/lib/samba/printers/
root at tinello:/home/luca# cupsaddsmb -v -U luca -H localhost -a
Password for luca required to access localhost via SAMBA:
Running command: smbclient //localhost/print$ -N \
-A /var/spool/cups/tmp/4778dc3e09070 -c 'mkdir W32X86;put [...]'
WARNING: The "printer admin" option is deprecated
Domain=[TINELLO] OS=[Unix] Server=[Samba 3.0.24]
putting file /var/spool/cups/tmp/4778dc3c8d069 as \W32X86/HP_Color_LaserJet_CM1017_MFP.ppd (644.2 kb/s) (average 644.2 kb/s)
putting file /usr/share/cups/drivers/ps5ui.dll as \W32X86/ps5ui.dll (2014.9 kb/s) (average 1350.7 kb/s)
putting file /usr/share/cups/drivers/pscript.hlp as \W32X86/pscript.hlp (2311.6 kb/s) (average 1425.6 kb/s)
putting file /usr/share/cups/drivers/pscript.ntf as \W32X86/pscript.ntf (13277.6 kb/s) (average 5646.9 kb/s)
putting file /usr/share/cups/drivers/pscript5.dll as \W32X86/pscript5.dll (23449.9 kb/s) (average 7136.7 kb/s)
Running command: smbclient //localhost/print$ -N \
-A /var/spool/cups/tmp/4778dc3e09070 \
-c 'put /usr/share/cups/drivers/cups6.ini W32X86/cups6.ini;put [...]'
WARNING: The "printer admin" option is deprecated
Domain=[TINELLO] OS=[Unix] Server=[Samba 3.0.24]
putting file /usr/share/cups/drivers/cups6.ini as \W32X86/cups6.ini (70.3 kb/s) (average 70.3 kb/s)
putting file /usr/share/cups/drivers/cupsps6.dll as \W32X86/cupsps6.dll (12272.2 kb/s) (average 6171.9 kb/s)
putting file /usr/share/cups/drivers/cupsui6.dll as \W32X86/cupsui6.dll (13350.3 kb/s) (average 8565.1 kb/s)
Running command: rpcclient localhost -N \
-A /var/spool/cups/tmp/4778dc3e09070 -c 'adddriver "Windows NT x86" [...]'
WARNING: The "printer admin" option is deprecated
Printer Driver HP_Color_LaserJet_CM1017_MFP successfully installed.
Running command: rpcclient localhost -N \
-A /var/spool/cups/tmp/4778dc3e09070 \
-c 'setdriver HP_Color_LaserJet_CM1017_MFP HP_Color_LaserJet_CM1017_MFP'
WARNING: The "printer admin" option is deprecated
Succesfully set HP_Color_LaserJet_CM1017_MFP to driver HP_Color_LaserJet_CM1017_MFP.
root at tinello:/home/luca#
=====
I thought this was a wishlist, but then I came to the conclusion that
this is a real bug, since a default smb.conf has "invalid users = root"
and clearly states that even other non-root users can manage printers
(drivers and properties).
I used the lpadmin group because it's created on postinst by cupsys (and
cupsys-client) and thus it sounds the best group to me.
Thx, bye,
Gismo / Luca
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-k7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages samba depends on:
ii deb 1.5.11etch1 Debian configuration management sy
ii lib 2.2.41-1 Access control list shared library
ii lib 2.4.32-1 Extended attribute shared library
ii lib 2.3.6.ds1-13etch4 GNU C Library: Shared libraries
ii lib 1.39+1.40-WIP-2006.11.14+dfsg-2etch1 common error description library
ii lib 1.2.7-4etch2 Common UNIX Printing System(tm) -
ii lib 1.4.4-3 the GNU TLS library - runtime libr
ii lib 1.4.4-7etch4 MIT Kerberos runtime libraries
ii lib 2.1.30-13.3 OpenLDAP libraries
ii lib 0.79-5 Pluggable Authentication Modules f
ii lib 0.79-5 Runtime support for the PAM librar
ii lib 0.79-5 Pluggable Authentication Modules l
ii lib 1.10-3 lib for parsing cmdline parameters
ii log 3.7.1-3 Log rotation utility
ii lsb 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
ii net 4.29 Basic TCP/IP networking system
ii pro 1:3.2.7-3 /proc file system utilities
ii sam 3.0.24-6etch9 Samba common files used by both th
ii zli 1:1.2.3-13 compression library - runtime
Versions of packages samba recommends:
pn smbldap-tools <none> (no description available)
-- debconf information:
samba/run_mode: daemons
samba/tdbsam: false
samba/generate_smbpasswd: true
More information about the Pkg-samba-maint
mailing list