On 2011-04-13 17:43, Mike Gabriel wrote:
Hi Morty,
On Mi 13 Apr 2011 16:46:00 CEST Moritz Struebe wrote:
I also don't really see why x2goprint needs to be root.
The cups-x2go/x2goprint principle is as follows:
o cups-x2go can run on x2goserver or on another print server o cups creates a PDF (as root) o cups-x2go scp-copies the file to x2gprint@x2goserver which might be local o cups-x2go calls x2goprint on x2goserver o x2goprint (as user x2goprint) will pick up the print job o ... move it to /tmp/... o chown to the x2go session user o ... and move the print job to the x2goclient (sshfs)
=> the chown part needs root privs...
Maybe we should really start thinking about a non-sudo way of getting the print job from the cups server to the x2goserver to the client...
I put some basic research into this, and what I found out by now is:
- Using Cups there is no way of generating the PDF locally if the server is remote.
- Therefore I see no way around: x2goserver -> cups-server -> x2goserver -> client
I don't think we can get around the ugly thing of the cups-server connecting back to the x2go-server, but I do think we can get around sudo using the sbit/suidperl once again. If we have a script in the user home that is executed as the user, we can use that to pipe the pdf to the appropriate folder. This file can be created by the client or one of the server-scripts and can even be deleted if the client does not support printing. This way there is no need to become root and the worst thing that can happen is, that the quota of the home is exceeded. No root, though.
Any thoughts?
Morty
-- Dipl.-Ing. Moritz 'Morty' Struebe (Wissenschaftlicher Mitarbeiter) Lehrstuhl für Informatik 4 (Verteilte Systeme und Betriebssysteme) Friedrich-Alexander-Universität Erlangen-Nürnberg Martensstr. 1 91058 Erlangen
Tel : +49 9131 85-25419 Fax : +49 9131 85-28732 eMail : struebe@informatik.uni-erlangen.de WWW : http://www4.informatik.uni-erlangen.de/~morty