The printer system maintains protected spooling areas so
that users can't circumvent printer accounting or remove
files other than their own.
- Only the print-manager daemon can spool print jobs.
The spooling area is writable only by a daemon user and daemon group.
- The lpr program runs with the user ID,
root, and the group ID, daemon.
Running as root lets lpr
read any file required. Accessibility is verified by calling
access()
(see the QNX Neutrino C Library Reference).
The group ID is used in setting up proper ownership of files in the spooling
area for lprrm.
- Users can't modify control files.
Control files in a spooling area are made with daemon
ownership and group ownership daemon. Their mode is
0660. This ensures that users can't modify control files and
that no user can remove files except through lprrm.
- Users may alter files in the spool directory only via the print utilities.
The spooling programs—lpd,
lprq, and lprrm—run setuid to
root and setgid to group daemon to
access spool files and printers.
- Local access to queues is controlled with the rg entry
in the /etc/printcap file:
:rg=lprgroup:
Users must be in the group lprgroup to submit jobs
to the specified printer. The default is to allow all users access.
Note that once the files are in the local queue, they can be printed
locally or forwarded to another host, depending on the configuration.
- The print manager authenticates all remote clients.
The method used is the same as the authentication scheme for
rshd
(see the Utilities Reference).
The host on which a client resides must be present in
/etc/hosts.equiv
or /etc/hosts.lpd,
and the request message must come from a reserved port number.
Note:
Other utilities, such as
rlogin,
also use
/etc/hosts.equiv to determine which hosts are equivalent.
The
/etc/hosts.lpd file is used only to control
which hosts have access to the printers.
To allow access only to those
remote users with accounts on the local host, use the rs field
in the printer's entry in /etc/printcap:
:rs: