Bug 16687

Summary: LPR does not work over NFS
Product: [Retired] Red Hat Linux Reporter: Christopher Wong <chris>
Component: lprAssignee: Crutcher Dunnavant <crutcher>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-08-21 19:10:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christopher Wong 2000-08-21 17:45:58 UTC 
Hi there. I have a diskless Linux box that mounts its root filesystem
over NFS from another Linux box. I recently spent some time getting
lpr working locally on the diskless box. The main problem I
encountered was that the lpr client -- when not run as root -- kept
getting permission errors writing files. I am using lpr-0.50-4 from
RedHat 6.2. Looking at lpr.c, I found that there is a number of places
where the code goes like this (paraphrased):

seteuid(euid); // set suid privileges
setegid(egid);
// create/open file
seteuid(uid); // revert to caller's privileges
setegid(gid);
// do stuff with opened file descriptor

This is fine for locally mounted filesystems, where permissions are
apparently applied only when the file is created. This does not work
over NFS, however, as permissions are checked with every access. And
on my diskless box, /var/spool/lpd is mounted over NFS.

To make lpr work, I have hacked lpr.c to not drop suid privileges
after opening the spool and control files, but I know this is a risky
thing to do with an SUID executable. I realize that lpr will eventually be replaced by 
lprng, but it might be a good idea to check if lprng may have similar 
problems (lprng's lpr may no longer write spool files, but its version
lpd might have similar issues).
Comment 1 Bernhard Rosenkraenzer 2000-08-21 17:51:21 UTC 
Having /var NFS mounted without no_root_squash is a bad thing(tm)
in the first place, some applications insist on lock files/pid files
in /var/run etc.
Comment 2 Christopher Wong 2000-08-21 19:10:24 UTC 
Additional clarification on bero's comments: this problem occurs on an
NFS-mounted filesystem that is mounted WITH no_root_squash. The lpr problem
comes not from NFS squashing root privileges, but from the client 
surrendering root privileges using seteuid/setegid.
Comment 3 Bill Nottingham 2000-08-22 16:05:32 UTC 
This is fixed in a later lpr package.