There is no particular reason to install cupsd with mode 0500, and it does even make sense to run cupsd as a non-root process in some cases (e.g. freenx-server does this).
Actually, there are a LOT of good reasons for installing cupsd mode 0500, most notably that it prevents a class of attacks that can be installed by malicious software. It also prevents bug reports about custom configurations not working when somebody tries running cupsd as a non-root user and suddenly loses support for most types of authentication, LPD, and usually all local devices.
I'll add a configure-time option (--with-cupsd-perm) so you can specify different permissions, but the default will still be 0500.
--- config-scripts/cups-defaults.m4 (revision 10326)
+++ config-scripts/cups-defaults.m4 (working copy)
@@ -3,7 +3,7 @@
dnl
dnl Default cupsd configuration settings for CUPS.
dnl
-dnl Copyright 2007-2011 by Apple Inc.
+dnl Copyright 2007-2012 by Apple Inc.
dnl Copyright 2006-2007 by Easy Software Products, all rights reserved.
dnl
dnl These coded instructions, statements, and computer programs are the
@@ -25,7 +25,7 @@
AC_SUBST(LANGUAGES)
dnl Mac OS X bundle-based localization support
-AC_ARG_WITH(bundledir, [ --with-bundledir set Mac OS X localization bundle directory ],
+AC_ARG_WITH(bundledir, [ --with-bundledir set Mac OS X localization bundle directory ],
CUPS_BUNDLEDIR="$withval",
if test "x$uname" = xDarwin -a $uversion -ge 100; then
CUPS_BUNDLEDIR="/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A"
@@ -50,6 +50,12 @@
AC_SUBST(CUPS_CONFIG_FILE_PERM)
AC_DEFINE_UNQUOTED(CUPS_DEFAULT_CONFIG_FILE_PERM, 0$CUPS_CONFIG_FILE_PERM)
+dnl Default permissions for cupsd
+AC_ARG_WITH(cupsd_file_perm, [ --with-cupsd-file-perm set default cupsd permissions, default=0500],
michaelrsweet commentedDec 22, 2009
Version: 1.6-feature
CUPS.org User: twaugh.redhat
There is no particular reason to install cupsd with mode 0500, and it does even make sense to run cupsd as a non-root process in some cases (e.g. freenx-server does this).
Original report:
https://bugzilla.redhat.com/show_bug.cgi?id=546004
The text was updated successfully, but these errors were encountered: