1833829 Members
2125 Online
110063 Solutions
New Discussion

Printing

 
carl_46
Advisor

Printing

I want to allow the operators to manage the spooler, lpsched, lpfence, lpmove, etc, without giving root access. If I assign the operators a login with the sam gid as lp or create a user account with the same uid as lp will this allow them manipulate the print spooler?

Regards
5 REPLIES 5
Antoanetta Naghiu
Esteemed Contributor

Re: Printing

You can try that or just add the operators login to a secondary group, lp. See newgrp command. Do not forget to check permission for group in the lp command and files, directories and also, create the link to logingroup file under /etc. (ln -s /etc/group /etc/logingroups)
RikTytgat
Honored Contributor

Re: Printing

Hi,

I would certainly not create users with the same uid as lp. This is very bad practice.

What I would suggest you to do is check out the 'sudo' command. This can be configured to authorize specified users to execute specified commands.

Check out 'http://eigen.ee.ualberta.ca/hppd/hpux/Sysadmin/sudo-1.6.2b1/'

Bye,
Rik.
Rick Garland
Honored Contributor

Re: Printing

Check out sudo. This will not only allow specific users access to the lp files, but can also be made to allow a different set of users access to some other area that requires root access. This will prevent the root login from passed around. sudo has good logging facilities as well.

Don't use the UID of lp for users. NOT GOOD.
RikTytgat
Honored Contributor

Re: Printing

Hi,

The URL in my previous reply is correct, but when you click it, nothing happens. This is because of the trailing '

I'm sorry for that.

Rik.
Stacey Rippetoe
Advisor

Re: Printing

I hear you saying you don't want to give root access but take a look at giving root access for a specific function (that's basically what your doing) use sam -r as root and you can assign root privlidges for just the spooler to whatever user(s) you decide.

S.