Well,
I'm having some odd permissions created when I install a shared printer from
a samba server. No matter what the remote host is I'll always end up with
the following permissions on printers when installed on a client.
http://www.strangeness.org/security.jpg
I've got the drivers to update perfectly and now this is my last hurdle in
setting up the print server. It seems to work okay but I still don't like
the way it creates the permissions. I've tried searching google and finding
somewhat related issues but they never seem to get anywhere so I'm hoping
someone can help me find the answer.
Here's some related information about the server and config:
samba 2.2.7
#======================= Global Settings
====================================[global]
workgroup = xxxxxxxxx
netbios name = xxxxxxxx
server string = Samba Server %v
printcap name = /etc/printcap
load printers = yes
printing = lprng
guest account = nobody
log file = /var/log/samba/%m.log
max log size = 0
security = domain
password server = xxxxxxxxxx
encrypt passwords = yes
update encrypted = yes
smb passwd file = /etc/samba/smbpasswd
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
remote browse sync = xxx.xxx.xxx.xxx
local master = yes
os level = 66
preferred master = yes
wins server = xxx.xxx.xxx.xxx
dns proxy = no
show add printer wizard = yes
printer admin = xxxxxxxx
[print$]
path = /var/spool/samba/printers
guest ok = yes
browseable = yes
read only = yes
; since this share is configured as read only, then we need
; a 'write list'. Check the file system permissions to make
; sure this account can copy files to the share. If this
; is setup to a non-root account, then it should also exist
; as a 'printer admin'
write list = jstrange
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writeable = no
printable = yes
No real idea but: This manage printers and manage documents stuff. Is this anything that is reported by unix or lprng? What does manage documents mean? The ability to run lprm and the like. What does manage printers mean? The ability to run queueresume or queuepause? I don't know how samba and lprng could report this information. Maybe cups allows this sort of thing to be reported, but I know nothing about cups. Joel On Thu, May 29, 2003 at 03:01:57PM -0400, Strange, John wrote:> Well, > > I'm having some odd permissions created when I install a shared printer from > a samba server. No matter what the remote host is I'll always end up with > the following permissions on printers when installed on a client. > > http://www.strangeness.org/security.jpg > > I've got the drivers to update perfectly and now this is my last hurdle in > setting up the print server. It seems to work okay but I still don't like > the way it creates the permissions. I've tried searching google and finding > somewhat related issues but they never seem to get anywhere so I'm hoping > someone can help me find the answer. > > Here's some related information about the server and config: > > samba 2.2.7 > > #======================= Global Settings > ====================================> [global] > workgroup = xxxxxxxxx > netbios name = xxxxxxxx > server string = Samba Server %v > printcap name = /etc/printcap > load printers = yes > printing = lprng > guest account = nobody > log file = /var/log/samba/%m.log > max log size = 0 > security = domain > password server = xxxxxxxxxx > encrypt passwords = yes > update encrypted = yes > smb passwd file = /etc/samba/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > remote browse sync = xxx.xxx.xxx.xxx > local master = yes > os level = 66 > preferred master = yes > wins server = xxx.xxx.xxx.xxx > dns proxy = no > show add printer wizard = yes > printer admin = xxxxxxxx > > [print$] > path = /var/spool/samba/printers > guest ok = yes > browseable = yes > read only = yes > ; since this share is configured as read only, then we need > ; a 'write list'. Check the file system permissions to make > ; sure this account can copy files to the share. If this > ; is setup to a non-root account, then it should also exist > ; as a 'printer admin' > write list = jstrange > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writeable = no > printable = yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba
Joel, You are just looking at the security permissions based on what win2k sees once you install the printer from the print server. It comes up with a bad UID/SID of some sort and I'm not sure where it's getting it. Once I figured that out I should be able to fix the problem that I'm seeing. - John -----Original Message----- From: Joel Hammer [mailto:Joel@HammersHome.com] Sent: Thursday, May 29, 2003 6:47 PM To: Strange, John; samba@lists.samba.org Subject: Re: [Samba] Weird permissions on samba shared printers No real idea but: This manage printers and manage documents stuff. Is this anything that is reported by unix or lprng? What does manage documents mean? The ability to run lprm and the like. What does manage printers mean? The ability to run queueresume or queuepause? I don't know how samba and lprng could report this information. Maybe cups allows this sort of thing to be reported, but I know nothing about cups. Joel On Thu, May 29, 2003 at 03:01:57PM -0400, Strange, John wrote:> Well, > > I'm having some odd permissions created when I install a shared printerfrom> a samba server. No matter what the remote host is I'll always end up with > the following permissions on printers when installed on a client. > > http://www.strangeness.org/security.jpg > > I've got the drivers to update perfectly and now this is my last hurdle in > setting up the print server. It seems to work okay but I still don't like > the way it creates the permissions. I've tried searching google andfinding> somewhat related issues but they never seem to get anywhere so I'm hoping > someone can help me find the answer. > > Here's some related information about the server and config: > > samba 2.2.7 > > #======================= Global Settings > ====================================> [global] > workgroup = xxxxxxxxx > netbios name = xxxxxxxx > server string = Samba Server %v > printcap name = /etc/printcap > load printers = yes > printing = lprng > guest account = nobody > log file = /var/log/samba/%m.log > max log size = 0 > security = domain > password server = xxxxxxxxxx > encrypt passwords = yes > update encrypted = yes > smb passwd file = /etc/samba/smbpasswd > socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 > remote browse sync = xxx.xxx.xxx.xxx > local master = yes > os level = 66 > preferred master = yes > wins server = xxx.xxx.xxx.xxx > dns proxy = no > show add printer wizard = yes > printer admin = xxxxxxxx > > [print$] > path = /var/spool/samba/printers > guest ok = yes > browseable = yes > read only = yes > ; since this share is configured as read only, then we need > ; a 'write list'. Check the file system permissions to make > ; sure this account can copy files to the share. If this > ; is setup to a non-root account, then it should also exist > ; as a 'printer admin' > write list = jstrange > [printers] > comment = All Printers > path = /var/spool/samba > browseable = no > guest ok = no > writeable = no > printable = yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: http://lists.samba.org/mailman/listinfo/samba-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba