From peter@spxgate.servplex.com  Tue Dec 10 06:39:59 2002
Return-Path: <peter@spxgate.servplex.com>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id E930937B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Dec 2002 06:39:59 -0800 (PST)
Received: from spxgate.servplex.com (ip66-105-58-82.z58-105-66.customer.algx.net [66.105.58.82])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3E63443EBE
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Dec 2002 06:39:59 -0800 (PST)
	(envelope-from peter@spxgate.servplex.com)
Received: (from root@localhost)
	by spxgate.servplex.com (8.12.6/8.11.1) id gBAEq6Xw088039;
	Tue, 10 Dec 2002 08:52:06 -0600 (CST)
	(envelope-from peter)
Message-Id: <200212101452.gBAEq6Xw088039@spxgate.servplex.com>
Date: Tue, 10 Dec 2002 08:52:06 -0600 (CST)
From: Peter Elsner <peter@spxgate.servplex.com>
Reply-To: Peter Elsner <peter@spxgate.servplex.com>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: lpc problem.  Only root can modify despite man page info.
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         46163
>Category:       bin
>Synopsis:       lpc(8) problem.  Only root can modify despite man page info.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gad
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Dec 10 06:40:01 PST 2002
>Closed-Date:    
>Last-Modified:  Wed May 21 22:02:32 UTC 2008
>Originator:     Peter Elsner <peter@servplex.com>
>Release:        FreeBSD 4.7-STABLE i386
>Organization:
ServPlex Corporation
>Environment:
System: FreeBSD spxgate.servplex.com 4.7-STABLE FreeBSD 4.7-STABLE #0: Wed Nov 20 07:48:39 CST 2002 root@spxgate.servplex.com:/home/obj/usr/src/sys/SPXGATE i386

>Description:

I think lpc might have a small bug...

According to the man page, lpc is a privlidged command...

?Privileged command  you must be a member of group "operator" or root
to
execute this command

So I added a handful of users to the 'operator' group.  This way they
should be able to send lpc commands to the printers.  This works... 
Each user was able to disable/enable, down/up printers etc... no
problem, until root disabled and then re-enabled a printer.  Now each
person can no longer disable or re-enable printers.  Only root can...

So something changes when root disabled and enables a printer, so that
no one else afterwards (other than root) can disable or enable a
printer.

>How-To-Repeat:

Add yourself to the operator group and issue an lpc disable printername
Then issue an lpc enable printername
This works fine, now su to root, and issue the same 2 commands, again it 
works fine, now exit back to your user account, and issue the commands
again.  This time, you'll find out that it doesn't work any longer, only 
root can now disable/enable printername from this point on.

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->gad 
Responsible-Changed-By: johan 
Responsible-Changed-When: Thu Dec 19 10:51:49 PST 2002 
Responsible-Changed-Why:  
Over to lpc maintainer. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=46163 

From: Garance A Drosehn <drosehn@rpi.edu>
To: freebsd-gnats-submit@FreeBSD.org, peter@spxgate.servplex.com
Cc:  
Subject: Re: misc/46163: lpc problem.  Only root can modify despite man page info.
Date: Mon, 27 Jan 2003 23:03:06 -0500

 Yes, I realized there was a problem with the handling of that 
 operator-group when I recently updated lpc/cmds.c (see the comment 
 before set_qstate() in common/common.c).  Fixing it "The Right Way(tm)" 
 would take more work than I have the time to do right now, but I will 
 see if there is some simple way which would at least improve on the way 
 it works.  From what I remember, the problem is a bit more complicated 
 than it initially appears.
 
 -- 
 Garance Alistair Drosehn     =      gad@gilead.netel.rpi.edu
 Senior Systems Programmer               or   gad@FreeBSD.org
 Rensselaer Polytechnic Institute;             Troy, NY;  USA
 
>Unformatted:
