Hide Forgot
Hi there. I have a diskless Linux box that mounts its root filesystem over NFS from another Linux box. I recently spent some time getting lpr working locally on the diskless box. The main problem I encountered was that the lpr client -- when not run as root -- kept getting permission errors writing files. I am using lpr-0.50-4 from RedHat 6.2. Looking at lpr.c, I found that there is a number of places where the code goes like this (paraphrased): seteuid(euid); // set suid privileges setegid(egid); // create/open file seteuid(uid); // revert to caller's privileges setegid(gid); // do stuff with opened file descriptor This is fine for locally mounted filesystems, where permissions are apparently applied only when the file is created. This does not work over NFS, however, as permissions are checked with every access. And on my diskless box, /var/spool/lpd is mounted over NFS. To make lpr work, I have hacked lpr.c to not drop suid privileges after opening the spool and control files, but I know this is a risky thing to do with an SUID executable. I realize that lpr will eventually be replaced by lprng, but it might be a good idea to check if lprng may have similar problems (lprng's lpr may no longer write spool files, but its version lpd might have similar issues).
Having /var NFS mounted without no_root_squash is a bad thing(tm) in the first place, some applications insist on lock files/pid files in /var/run etc.
Additional clarification on bero's comments: this problem occurs on an NFS-mounted filesystem that is mounted WITH no_root_squash. The lpr problem comes not from NFS squashing root privileges, but from the client surrendering root privileges using seteuid/setegid.
This is fixed in a later lpr package.