topic Printing in Operating System - HP-UX

Printing

carl_46 — Tue, 18 Jul 2000 15:03:01 GMT

I want to allow the operators to manage the spooler, lpsched, lpfence, lpmove, etc, without giving root access. If I assign the operators a login with the sam gid as lp or create a user account with the same uid as lp will this allow them manipulate the print spooler?

Regards

Re: Printing

Antoanetta Naghiu — Tue, 18 Jul 2000 15:13:28 GMT

You can try that or just add the operators login to a secondary group, lp. See newgrp command. Do not forget to check permission for group in the lp command and files, directories and also, create the link to logingroup file under /etc. (ln -s /etc/group /etc/logingroups)

Re: Printing

RikTytgat — Tue, 18 Jul 2000 15:50:41 GMT

Hi,

I would certainly not create users with the same uid as lp. This is very bad practice.

What I would suggest you to do is check out the 'sudo' command. This can be configured to authorize specified users to execute specified commands.

Check out 'http://eigen.ee.ualberta.ca/hppd/hpux/Sysadmin/sudo-1.6.2b1/'

Bye,
Rik.

Re: Printing

Rick Garland — Tue, 18 Jul 2000 16:07:19 GMT

Check out sudo. This will not only allow specific users access to the lp files, but can also be made to allow a different set of users access to some other area that requires root access. This will prevent the root login from passed around. sudo has good logging facilities as well.

Don't use the UID of lp for users. NOT GOOD.

Re: Printing

RikTytgat — Tue, 18 Jul 2000 16:13:43 GMT

Hi,

The URL in my previous reply is correct, but when you click it, nothing happens. This is because of the trailing '

I'm sorry for that.

Rik.

Re: Printing

Stacey Rippetoe — Tue, 18 Jul 2000 16:49:19 GMT

I hear you saying you don't want to give root access but take a look at giving root access for a specific function (that's basically what your doing) use sam -r as root and you can assign root privlidges for just the spooler to whatever user(s) you decide.

S.