Thanks to:
Mandell Degerness and Ann Majeske for responding.
The official answer came from Compaq support:
Checking the code and lpc man page, I found it uses getuid to figure out who is running it...
real uid is going to be the user, not root, so setuid won't work. ACL won't work because the code checks internally to see who is running it. dop will also fail.
These all have to do with permissions to run the program which you already have, since you can do lpc stat. lpc enable is flagged in lpc.c as a priviledged command, and anyone but root is stopped. I doubt sudo can defeat this either.
The man page for lpc states
"ERRORS
The following diagnostic messages are possible.
...
Privileged command
Command may be executed by the superuser only.
The system admin guide references the same thing... have to be superuser to run, say, lpc disable. Don't see any reference to a supported way around it.
> -----Original Message-----
> From: Brown, Tony
> Sent: Wednesday, April 03, 2002 10:19 AM
> To: tru64-unix-managers_at_ornl.gov
> Subject: ACL help requested.
>
> Managers,
>
> I recently set up ACL's for the user support ...
>
> # pwd
> /usr/sbin
> # getacl lpc
> #
> # file: lpc
> # owner: root
> # group: bin
> #
> user::rwx
> user:support:rwx
> group::--x
> other::--x
> #
>
> However ...
>
> # su - support
> serverhere.blah.org> /usr/sbin/lpc
> lpc> status lp170
> lp170:
> printer is on remote host ISAPPS3 with name text
> queuing is disabled
> printing is disabled
> no entries
> no daemon present
> lpc> enable lp170
> ?Privileged command
> lpc>
>
> Any Ideas? Thanks in advance,
>
> Tony Brown
> Systems Administrator
> Northwestern Medical Faculty Foundation
> 680 North Lake Shore Drive, Suite 1108
> Chicago, IL 60611
> tbrown2_at_nmff.org
> 312-695-3975
>
Received on Wed Apr 03 2002 - 20:45:42 NZST