[redhat-lspp] I am getting lots of push back on devallocator.
Linda Knippers
linda.knippers at hp.com
Fri Jul 14 20:40:48 UTC 2006
Klaus Weidner wrote:
> On Fri, Jul 14, 2006 at 02:38:02PM -0400, Linda Knippers wrote:
>
>>George Wilson wrote:
>>
>>>It is to allow a user to allocate a printer for exclusive use. Because
>>>relabeling is a privileged operation, we need an intermediary to do the
>>>work on the user's behalf.
>>
>>I don't think we need this for printers. Do we really want to
>>support users allocating personal printer devices? I've assumed
>>that an admin would configure the printer devices with devallocator
>>and then use the lpadmin or other cups utilities to create printer
>>queues for them. I don't think this is something a regular user
>>does.
>>
>>I don't think we have personal printer queues with CUPS
>>today (do we?) and I didn't think we needed them for LSPP, even if
>>TSOL supports that feature. I think even with Trusted Solaris, the
>>user has to have the right authorizations to perform the operation.
>
>
> It sounds as if the printers in question would not be under the control
> of CUPS, and the user would just send data to the printer directly. Is
> that the way it's supposed to work?
We don't want printers that aren't under the control of CUPS. In fact,
the plan is to make sure that the printer device special files can't be
accessed by normal users by having them owned by lp/lp and using the
standard DAC checks.
> In that case, I can see the need for a trusted app to do the switching,
> but I don't see how to meet the LSPP requirements for human readable
> labels on the printed output in that case. (Single level devices don't
> need those, but I don't think that really applies to a printer relabeled
> on a non-admin's behalf.)
I don't think we need a trusted app for to switch devices for printing.
There may be other devices where this is desirable but not printers.
-- ljk
>
> -Klaus
More information about the redhat-lspp
mailing list