[OpenAFS] AFS access rights and novell printer queues.

Derek Atkins warlord@MIT.EDU
09 Oct 2002 09:54:24 -0400


lp_D_ needs it?  Or lpr?  If the former, you are out of luck.  Are you
really expecting the lpd to run in some authenticated PAG?  How would
it authenticate?  What would stop some user from gaining root on a
cluster machine and abusing that authentication?

If it's the latter, and it's really lp_R_ that needs the file, then
you just need to make sure the users are running in a PAG or that lpr
is NOT setuid -- so it uses the user's authentication.

Another choice you have it is setup a network lpr-queue that has its
OWN netware-print password, so Unix people print to the lpr queue and
it forwards on to the netware queue.

-derek

Daniel Sw=E4rd <excds@kth.se> writes:

> The users which will be using the Linux environment I've setup are going
> to have to print to Novell printer queues. To accompling that I'm using
> nprint (from ncpfs). The problem is that nprint in conjunction with lpd
> requires that the users have a ".nwclient" file in their homedirectory.
> The ".nwclient" is supposed to contain username/password for their
> Novell account.
>=20
> How can I make the file readable only to root on the clients, so lpd can
> read it? If the ACL is "system:anyuser rl" AFS ignores the Unix file
> rights (600) and the file is worldwide readable. Should I set up a
> separate usergroup for whatever user that runs lpd?
>=20
> 	/Daniel
>=20
>=20
>=20
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info

--=20
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available