topic Re: LP Administrators in Operating System - HP-UX

LP Administrators

kevin Keegan — Wed, 21 Jun 2000 08:58:23 GMT

How can I make a user an LP Administrator ? i.e. - so the user can run lpshut and lpsched commands.

Thank you.

Re: LP Administrators

Alex Glennie — Wed, 21 Jun 2000 10:11:48 GMT

when executing the command "lpsched" the following error occurs:

LP: Administrator not in password file ..... is this your problem ? If so :

This error can be caused by any of the following:

1. No entry in /etc/passwd for lp. To correct this problem
insert the following line into /etc/passwd:

lp:*:9:2: LP spooler :/usr/spool/lp:/bin/csh

2. A corrupt /usr/lib/lpsched file. To correct this problem
retrieve the /usr/lib/lpsched file off a valid backup
tape or the HP-UX installation tape.

3. The permission on the file /etc/passwd. To correct this
problem execute the command:

chmod 444 /etc/passwd

PS Has last nights poor performance in Euro 2000 caused you to take up Unix Admin and give up managing the English football team ? ;)

Re: LP Administrators

Andreas Voss — Wed, 21 Jun 2000 10:13:03 GMT

Hi,

if you want to provide lpshut/lpsched rights to normal users you have to make a setuid program which starts lpshut/lpshed with the sufficient rights.
Here my solution:
Write a little c program:
main(argc, argv)
int argc;
char **argv;
{
setuid(9); /* lp user */
setgid(2); /* bin group */
if(strstr(argv[0], "lpshut"))
execlp("/usr/sbin/lpshut", "lpshut", 0);
if(strstr(argv[0], "lpsched"))
execlp("/usr/sbin/lpsched", "lpsched", 0);
}

Compile the c source and put the executable for e. g. in /usr/local/bin/mylpshut
make a hard link to mylpsched:
ln /usr/local/bin/mylpshut /usr/local/bin/mylpsched
Change the owner to root:
chown root /usr/local/bin/mylpshut
Set the suid bit:
chmod 4111 /usr/local/bin/mylpshut

Now everybody can lpshut/lpsched with the new mylpshut/mylpsched.

The c program is quick and dirty:
no optional arguments are given to the original lpshut/lpsched.
It's free for you to add more features to it.

Greetings

Andrew

Re: LP Administrators

Alex Glennie — Wed, 21 Jun 2000 10:14:10 GMT

my mistake for 10.20 I have the following entry in /etc/passwd :

lp:*:9:7::/var/spool/lp:/sbin/sh

good luck !

Re: LP Administrators

Rick Garland — Wed, 21 Jun 2000 12:52:07 GMT

As an option, check into sudo.
This will give the specified user(s) the rights to run specified programs as root.

Can be obtained from the porting archive.

Re: LP Administrators

melvyn burnard — Wed, 21 Jun 2000 14:26:42 GMT

why not take a look at the Restricted SAM faciility?
This allows you to set up a restricted verion of SAM, based on the user, and you configure what they can and cannot do.
sam -r is used to set this up for you.
man sam will also explain it for you.