https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670815#M915946 Hi,<BR /><BR />The /usr/bin/lp script should be 0755 and owned by root since it must be an executable script. <BR /><BR />The /usr/bin/lp.bin script should retain its permissions and be 4555 (4 for setuid) and owned by root.<BR /><BR />There is no security implications (ie. security level will be same as before the change) because you are not modifying the binary (known now as /usr/bin/lp.bin and previously as /usr/bin/lp) or its permissions. In addition, the shell script has no setuid/setgid bits on (thus not subjected to buffer overflow vulnerability issues which cause root compromises).<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Mon, 25 Feb 2002 07:28:20 GMT Steven Sim Kok Leong 2002-02-25T07:28:20Z https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670812#M915943 Is it possible to restrict the printing<BR />of documents to number of pages or size<BR />of documents. For example, restrict the <BR />user to print only 10 pages or 1mb size<BR />of docs in HPUX 11. Mon, 25 Feb 2002 06:47:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670812#M915943 Madanagopalan S 2002-02-25T06:47:14Z https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670813#M915944 Hi,<BR /><BR />You can write a wrapper script for lp. I did this once for SAP print jobs so that if they exceed a certain size, they are not printed.<BR /><BR />I don't have it with my off-hand but it is something like this (simplied version assuming straightforward lp with only filename as parameter):<BR /><BR /># mv /usr/bin/lp /usr/bin/lp.bin<BR /># vi /usr/bin/lp<BR /><BR />#!/sbin/sh<BR />size=`ll $1|awk '{print $5}`<BR />if [ "$size" -gt "2048" ]<BR />then<BR /> echo $1 is too large for printing<BR /> exit 1<BR />else<BR /> /usr/bin/lp.bin $*<BR />fi<BR /><BR />You can modify this wrapper script to suit your needs.<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Mon, 25 Feb 2002 07:01:55 GMT https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670813#M915944 Steven Sim Kok Leong 2002-02-25T07:01:55Z https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670814#M915945 Hi steven (May I call u so),<BR /> lp command is suid program. If I write<BR />some shell script for this lp, is there<BR />any security issue other than binary. Mon, 25 Feb 2002 07:21:23 GMT https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670814#M915945 Madanagopalan S 2002-02-25T07:21:23Z https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670815#M915946 Hi,<BR /><BR />The /usr/bin/lp script should be 0755 and owned by root since it must be an executable script. <BR /><BR />The /usr/bin/lp.bin script should retain its permissions and be 4555 (4 for setuid) and owned by root.<BR /><BR />There is no security implications (ie. security level will be same as before the change) because you are not modifying the binary (known now as /usr/bin/lp.bin and previously as /usr/bin/lp) or its permissions. In addition, the shell script has no setuid/setgid bits on (thus not subjected to buffer overflow vulnerability issues which cause root compromises).<BR /><BR />Hope this helps. Regards.<BR /><BR />Steven Sim Kok Leong Mon, 25 Feb 2002 07:28:20 GMT https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670815#M915946 Steven Sim Kok Leong 2002-02-25T07:28:20Z https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670816#M915947 Hi Steven,<BR /> Thanks for your idea.<BR /> <BR /> I have developed the script and its working<BR />fine with notification also..<BR /><BR />Thanks .<BR /><BR /><BR /> Mon, 25 Feb 2002 08:10:53 GMT https://community.hpe.com/t5/operating-system-hp-ux/printer-access/m-p/2670816#M915947 Madanagopalan S 2002-02-25T08:10:53Z