SUMMARY: restrict access to the UNIX printer-queue

From: <Phetphone_Chanthavong_at_bedison.com>
Date: Tue, 20 Apr 1999 12:53:02 -0400

     Original question:

     Hello every one,

     Is there a way to restrict the public access to print any files to the unix
     printer-queue, but only allow only a particular group of people to print
     to it.

     Thanks,
     -PC
--------------------------------------------------------------------------------
Responded:

     Jiri Landkammer:
     ---------------
     I have a solution for remote printer. You must created /etc/hosts.lpd
     file where first field on line is server and second is user name which
     can use the printer. The second field need not entered (maybe).
     -------------------------------------------------------------------
     Stephan Branchoux:
     ------------------
     you can define a rectricted_group in /etc/group
     
     and use it in /etc/printcap:
     
     For example in printcap file :
     15|lp0|hpsiup:\
     :rg=restricted_siup:\
     :lf=/usr/adm/lperr15:\
     :lp=:\
     :rm=hpsiup:\
     :rp=texte:\
     :sd=/usr/spool/lpd15:\
     :sh:
     #
     
     and in /etc/group file :
     
     # grep restrict /etc/group
     restricted_siup:*:5000:root,user1,user2 #
     -------------------------------------------------------
     
     Cy Landkammer:
     --------------
     asiest way is to chgrp the lpr command. There is already in an lpr
     group in my /etc/group file, access would be restricted according to
     the permissions on a group basis.
     
     Alternatives are:
     
     Create a wrapper for the lpr command that checks the users group
     memberships, or use an acl list under C2 to control access to the lpr
     command.
     
     To create a wrapper make a script to do the checking and call lpr from
     it. Move lpr to another location or put the script in the users path
     first. Using setuid on the script and changing the ownership of lpr
     can restrict access to lpr even further.
     
     In ksh something like this would do as a wrapper:
     
     for USERGROUP in `groups $LOGNAME`; do
         case $USERGROUP in
         print) : /bin/lpr $1 $2 $3 $4 $5 $6 ;;
     done
     
     ---------------------------------------------------------------------
     
     Well, I only choose the method from Stephan and it works great. By,
     the way :rg is not supported docs feature by Compaq, but maybe other
     system V UNIX.
     
     Thanks,
     -PC
     
      
Received on Tue Apr 20 1999 - 16:57:39 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:39 NZDT