From kheuer@gwdu60.gwdg.de  Thu Jan 14 01:09:17 1999
Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.10.60])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA11330
          for <FreeBSD-gnats-submit@freebsd.org>; Thu, 14 Jan 1999 01:09:16 -0800 (PST)
          (envelope-from kheuer@gwdu60.gwdg.de)
Received: (from kheuer@localhost)
	by gwdu60.gwdg.de (8.9.0/8.9.0) id KAA26298;
	Thu, 14 Jan 1999 10:08:05 +0100 (CET)
Message-Id: <199901140908.KAA26298@gwdu60.gwdg.de>
Date: Thu, 14 Jan 1999 10:08:05 +0100 (CET)
From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
Reply-To: kheuer@gwdu60.gwdg.de
To: FreeBSD-gnats-submit@freebsd.org
Subject: lpr uses wrong username (3.0-R)
X-Send-Pr-Version: 3.2

>Number:         9485
>Category:       bin
>Synopsis:       lpr uses wrong username (3.0-R)
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    wollman
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jan 14 01:10:00 PST 1999
>Closed-Date:    Fri Feb 5 08:09:53 PST 1999
>Last-Modified:  Fri Feb  5 08:10:08 PST 1999
>Originator:     Konrad Heuer
>Release:        FreeBSD 3.0-RELEASE i386
>Organization:
Gesellschaft fuer wissenschaftliche Datenverarbeitung mbH
		 Goettingen
>Environment:

	Typical 3.0-RELEASE installation ; -current also buggy.

>Description:

	The lpr command may use an unappropriate user name when setting
	up a print job if called from a shell spawned by su or by
	a daemon process like smbd (Samba). Thus printer accounting
	is impossible. The `-r' option of lpr isn't reliable, too,
	since lpr may not have the permissions to remove a printed file.

>How-To-Repeat:

	Login on a 3.0-R system as root and stop an arbitrary printer
	queue to make sure that you've time enough to look a the queue.
	Print a file (lpr). The su to a normal user and print again.
	Take a look at the queue by lpq. Both jobs are owned by root.

>Fix:
	
	Workaround: To run the `lpr' binary of 2.2.x-Release.

>Release-Note:
>Audit-Trail:

From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
To: kheuer@gwdu60.gwdg.de
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: bin/9485: lpr uses wrong username (3.0-R)
Date: Thu, 14 Jan 1999 10:34:06 -0500 (EST)

 <<On Thu, 14 Jan 1999 10:08:05 +0100 (CET), Konrad Heuer <kheuer@gwdu60.gwdg.de> said:
 
 > 	Login on a 3.0-R system as root and stop an arbitrary printer
 > 	queue to make sure that you've time enough to look a the queue.
 > 	Print a file (lpr). The su to a normal user and print again.
 > 	Take a look at the queue by lpq. Both jobs are owned by root.
 
 This was intentional -- all files are printed under the login of the
 user, unless no login context is present, in which case it falls back
 to the old mechanism.  See setlogin(2).  The intent is to make life
 easier for large sites where many people have root access and still
 want to distinguish their print requests.
 
 -GAWollman
 
 --
 Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
 wollman@lcs.mit.edu  | O Siem / The fires of freedom 
 Opinions not those of| Dance in the burning flame
 MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick

From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/9485: lpr uses wrong username (3.0-R)
Date: Fri, 15 Jan 1999 08:42:08 +0100 (CET)

 On Thu, 14 Jan 1999, Garrett Wollman wrote:
 
 > > 	Login on a 3.0-R system as root and stop an arbitrary printer
 > > 	queue to make sure that you've time enough to look a the queue.
 > > 	Print a file (lpr). The su to a normal user and print again.
 > > 	Take a look at the queue by lpq. Both jobs are owned by root.
 > 
 > This was intentional -- all files are printed under the login of the
 > user, unless no login context is present, in which case it falls back
 > to the old mechanism.  See setlogin(2).  The intent is to make life
 > easier for large sites where many people have root access and still
 > want to distinguish their print requests.
 
 I agree, that seems to be desirable. But what's about Samba? The smbd
 process is run by root, and all print jobs accepted by smbd are now owned
 by root. That's not acceptable for a lot of people I think (and for me too
 :-) since I want to build a large printer server for many people). 
 
 Regards
 
 //
 // Konrad Heuer                                  ____            ___  _______ 
 // Gesellschaft fr wissenschaftliche           / __/______ ___ / _ )/ __/ _ \
 //    Datenverarbeitung mbH Gttingen          / _// __/ -_) -_) _  |\ \/ // /
 // Am Faberg, D-37077 Gttingen              /_/ /_/  \__/\__/____/___/____/ 
 // Deutschland (Germany)                      ----- The Power to Serve -----
 //                                                http://www.freebsd.org
 // kheuer@gwdu60.gwdg.de
 //
 

From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
Date: Fri, 15 Jan 1999 09:00:55 +0100 (CET)
Subject: Re II: bin/9485: lpr uses wrong username (3.0-R)

 On Thu, 14 Jan 1999, Garrett Wollman wrote:
 
 > <<On Thu, 14 Jan 1999 10:08:05 +0100 (CET), Konrad Heuer <kheuer@gwdu60.gwdg.de> said:
 > 
 > > 	Login on a 3.0-R system as root and stop an arbitrary printer
 > > 	queue to make sure that you've time enough to look a the queue.
 > > 	Print a file (lpr). The su to a normal user and print again.
 > > 	Take a look at the queue by lpq. Both jobs are owned by root.
 > 
 > This was intentional -- all files are printed under the login of the
 > user, unless no login context is present, in which case it falls back
 > to the old mechanism.  See setlogin(2).  The intent is to make life
 > easier for large sites where many people have root access and still
 > want to distinguish their print requests.
 
 Sorry, I forgot to mention in my previous reply that although smbd is
 started at system startup as usual (no login session involved) all print
 jobs are owned by root. 
 
 Regards
 
 //
 // Konrad Heuer                                  ____            ___  _______ 
 // Gesellschaft fr wissenschaftliche           / __/______ ___ / _ )/ __/ _ \
 //    Datenverarbeitung mbH Gttingen          / _// __/ -_) -_) _  |\ \/ // /
 // Am Faberg, D-37077 Gttingen              /_/ /_/  \__/\__/____/___/____/ 
 // Deutschland (Germany)                      ----- The Power to Serve -----
 //                                                http://www.freebsd.org
 // kheuer@gwdu60.gwdg.de
 //
 

From: Konrad Heuer <kheuer@gwdu60.gwdg.de>
To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: bin/9485: lpr uses wrong username (3.0-R)
Date: Mon, 18 Jan 1999 13:21:02 +0100 (CET)

 On Thu, 14 Jan 1999, Garrett Wollman wrote:
 
 > <<On Thu, 14 Jan 1999 10:08:05 +0100 (CET), Konrad Heuer
 > <kheuer@gwdu60.gwdg.de> said: 
 > 
 > > 	Login on a 3.0-R system as root and stop an arbitrary printer
 > > 	queue to make sure that you've time enough to look a the queue.
 > > 	Print a file (lpr). The su to a normal user and print again.
 > > 	Take a look at the queue by lpq. Both jobs are owned by root.
 > 
 > This was intentional -- all files are printed under the login of the
 > user, unless no login context is present, in which case it falls back
 > to the old mechanism.  See setlogin(2).  The intent is to make life
 > easier for large sites where many people have root access and still
 > want to distinguish their print requests.
 > 
 
 I didn't get any further reply so I have to send a message again. I've got
 the impression you are involved in the new code of the lpr/lpd subsystem
 in 3.0-RELEASE, or at least, you know who is.
 
 The whole thing is very very serious for my application. I've build a
 number of printer servers which run under FreeBSD, and the number
 increases and should further increase. Three servers are the central
 printer servers in the computer center of the university of Goettingen and
 several Max-Plack-Institutes. The older systems with 2.2.x-RELEASE behave
 very well. Now I've to boxes with SCSI controllers not supported before
 3.0-R; thus I have to use it. I *must* be able to do printer accounting
 and I must be able to do queue control (see lpc problem bin/9362). I will
 help to look at the code if it is necessary but I really need a positive
 feedback of one of the FreeBSD developers that the bugs I've reported
 are recognized as what they are -- bugs.
 
 Regards
 
 //
 // Konrad Heuer                                  ____            ___  _______ 
 // Gesellschaft fr wissenschaftliche           / __/______ ___ / _ )/ __/ _ \
 //    Datenverarbeitung mbH Gttingen          / _// __/ -_) -_) _  |\ \/ // /
 // Am Faberg, D-37077 Gttingen              /_/ /_/  \__/\__/____/___/____/ 
 // Deutschland (Germany)                      ----- The Power to Serve -----
 //                                                http://www.freebsd.org
 // kheuer@gwdu60.gwdg.de
 //
 
 
 
State-Changed-From-To: open->feedback 
State-Changed-By: wollman 
State-Changed-When: Mon Feb 1 11:54:11 PST 1999 
State-Changed-Why:  
I believe my recent fix to lpr.c will provide the behavior you want, 
by using the superuser-only `-U' flag to lpr.  (PR 9729 suggests 
that Samba either already uses this, or can be made to do so.) 
Can you please try it? 


Responsible-Changed-From-To: freebsd-bugs->wollman 
Responsible-Changed-By: wollman 
Responsible-Changed-When: Mon Feb 1 11:54:11 PST 1999 
Responsible-Changed-Why:  
I think I fixed it. 
State-Changed-From-To: feedback->closed 
State-Changed-By: wollman 
State-Changed-When: Fri Feb 5 08:09:53 PST 1999 
State-Changed-Why:  
Submitter reports problem fixed. 
>Unformatted:
