LPRng Reference Manual: 24 Sep 2004 (For LPRng-3.8.28) | ||
---|---|---|
Prev | Chapter 5. LPRng Clients - lpr, lprm, lpq, lpc, lpstat | Next |
Options used:
allow_user_setting=privileged users
When an client program sends a command to the lpd server it may need to provide the name of the user who is originating the request for service. This name is obtained by looking up the UID of the user running the client in the appropriate user information database; if the information is not found the UID is used instead. Also, the client machine hostname may also be needed. This is usually determined by using a DNS lookup and trying to determine if there is a canonical or Fully Qualified Domain Name for the host and using this.
The lpr -U name@host (and for lpq, lprm, and lpc) option allows privileged users to cause the client software to use the name value as the originator and host as the machine name. This allows privileged users to impersonate other users. This is most useful for programs such as Samba and PCNFS, which need to act as proxies for users.
By default, ROOT (UID 0) is the only user that can masquerade as another user. The allow_user_setting=name,name... configuration option can be used to specify a list of names or UIDs that can also perform masquerading. For example, if the Samba server was running as user samba, then allow_user_setting=samba would allow it to specify the name of print job originator as a remote user, and the remote user would not need a login account on the system.