System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How to find out who/when disabled a printer queue

 
Manuel Urena
Advisor

How to find out who/when disabled a printer queue

Hi all,

As I recently found out /usr/bin/disable has the setuid bit on and it's owned by lp. So as you know, this means that anybody could disable a printer queue to the chagrin of the UNIX SA.

So is there a way to find out when and who disabled a particular printer queue? Or at least find out the history of when it was disabled/enabled?

I know that by doing lpstat -p you can get when it was last enabled/disabled. What I'm talking about is really the history/log of when the printer queue had been enabled/disabled or changed status throughout time. I was trying to see if I could parse or understand the information /var/spool/lp/pstatus but as you know this is a binary file.

Thanks in advance,

Manuel
2 REPLIES
Bill Hassell
Honored Contributor

Re: How to find out who/when disabled a printer queue

Yes, any user can disable a printer. But a printer script that returns non-zero can also disable a printer. There are many ways to connect to a printer, some have no status checking at all. The printer could be out of paper or have a printer jam -- some scripts will detect this and exit with a non-zero value to disable the printer. So without a significant rewrite of the lp spooler code, there is no way to determine who or what exactly caused the printer to become disabled.

If you suspect that someone actually typed the command: disable printer_name, then you can write a wrapper script to replace disable. This script would then log the user ID, the IP address, date/time, etc and then disable the printer.

Or you can grep through all the shell history files:

grep disable /home/*/.sh_history

NOTE: EVERY login must have a shell history file setup and working. And it should retain at least 1000 lines, 10,000 lines for root. Without this file, it will be very difficult to track sysadmin problems caused by users.



Bill Hassell, sysadmin
Manuel Urena
Advisor

Re: How to find out who/when disabled a printer queue

Bill,

Thanks much for your insightful answer and the information and suggestions.

Manuel