FreeBSD Manual Pages

home | help
LPD.PERMS(5)			lpd.perms file			  LPD.PERMS(5)

NAME
       lpd.perms - permissions control file for	the LPRng line printer spooler
       system

DESCRIPTION
       The  file  lpd.perms  is	used to	provide	permission information for the
       LPRng Printer spooler system.  Blank lines and all characters  after  a
       hash  sign  (``#'')  to the end of line are ignored.  If	a hash sign is
       desired in the permission information, it  should  be  escaped  with  a
       backslash  (``\'').   All  other	 lines	specify	 permissions entry and
       should be of the	following form:
	      ACCEPT [[not] key	= value[,value]* ]*
	      REJECT [[not] key	= value[,value]* ]*
	      DEFAULT ACCEPT
	      DEFAULT REJECT

       Each LPD	service	request	is checked against the entries in the  permis-
       sions database or file.	The following is a typical permissions file:
	      #	Set default permissions
	      DEFAULT ACCEPT
	      #	Reject any connections from outside our	subnet
	      REJECT SERVICE=X NOT REMOTEIP=130.191.0.0/255.255.0.0
	      #	Only accept spooling (LPR) from
	      #	Engineering Lab	or the Dean's office
	      REJECT SERVICE=R NOT REMOTEHOST=*.eng.sdsu.edu,dean.sdsu.edu
	      #	Do not accept forwarded	jobs for printing
	      REJECT SERVICE=R FORWARD
	      #	Allow only the administrators control access
	      ACCEPT SERVICE=C,M REMOTEHOST=spooler.eng.sdsu.edu REMOTEUSER=root,papowell
	      ACCEPT SERVICE=C,M SERVER	REMOTEUSER=root,papowell
	      #	Allow only the user on the same	host who spooled job to	remove it
	      ACCEPT SERVICE=M SAMEUSER	SAMEHOST
	      #	Allow users to check status
	      ACCEPT SERVICE=C LPC=status
	      #	Require	connection for other operations	over UNIX socket
	      #	not TCP/IP port.  Effectively requiring	them to	be made	from the
	      #	localhost
	      ACCEPT SERVICE=C UNIXSOCKET
	      REJECT SERVICE=C

	      #	Variation - accept all spooled jobs,  but then apply
	      #	 permissions checking when job is printed.  Allows
	      #	 prevents remote spoolers from locking up trying resend
	      #	 same request
	      ACCEPT SERVICE=R
	      REJECT SERVICE=P NOT REMOTEHOST=*.eng.sdsu.edu,dean.sdsu.edu

       Permission checking is done by using a set of keys (or fields) with as-
       sociated	 values	 to check for permission.  The SERVICE key has value P
       for printing (i.e.- unspooling),	R for spooling (i.e.- LPR request),  P
       for  printing  (i.e.,  after  job  has been spooled), C printer control
       (i.e. - LPC), M for removal (i.e.- LPRM request), and Q for  queue  in-
       formation  (i.e.-  LPQ  request).   The X key is	used when checking for
       connection information.

       Initially, all of the keys have undefined or NULL values, and  are  as-
       signed  values during the permissions checking process.	When a connec-
       tion is made to the server, it assigns The REMOTEHOST (alias  REMOTEIP)
       key  the	 list  of IP addresses and hostnames determined	by doing a re-
       verse Domain Name Service (DNS) lookup on the remote host's IP address.
       If the reverse DNS fails, then only the IP address will be  used.   The
       REMOTEPORT  (PORT is an alias for REMOTEPORT) is	assigned the port num-
       ber of the connection origination.  The UNIXSOCKET key will  match  (be
       true)  if the connection	is over	a UNIX socket.	By convention, this is
       from the	localhost.  Finally, the SERVICE value is assigned X, and  the
       lpd server will check the database to see if the	connection is accepted
       or rejected.

       The  server will	then read the request information from the connection.
       If the request is for an	authenticated data transfer, the  server  will
       invoke  the appropriate authentication mechanism	which will assign AUTH
       a true (or matching) value, AUTHTYPE the	type  of  authentication,  AU-
       THUSER  the  authenticated user id value, which may differ from the ac-
       tual user name, and AUTHFROM the	authenticated  identification  of  the
       originator of the request, which	may be a server	if the request is for-
       warded.

       Next, the SERVICE value is set to R, C, M, or Q depending on whether it
       is  an LPR, LPC,	LPRM, or LPQ request, and the LPC value	set to the re-
       quested LPC command if it was an	LPC request.  If the request contained
       a user name, then REMOTEUSER is set to this name.  If the request  con-
       tained a	printer	name, then PRINTER is set to the printer name.	If the
       request	is  a print request, then the HOST value is set	to the list of
       host names and IP addresses given by a DNS lookup of the	value in the H
       field of	the job.  The database is scanned again	to  determine  if  the
       operation  can  be  performed  on the requested queue.  To simplify the
       rule writing, if	the operation requires modification or checking	of in-
       dividual	jobs, such as the LPC, LPQ, or LPRM commands, then the various
       checks that depend on jobs will succeed in this step.

       Finally,	if the operation requires modification or checking of individ-
       ual jobs, such as the LPC, LPQ, or LPRM commands,  then	the  specified
       print  queue  is	scanned, and for each job in the print queue, the HOST
       and USER	values are set to the host and user values in the control file
       for the job.

       The database is checked as follows.  Each line of the permissions  file
       is  scanned for key names and values, and these are matched against the
       request keys information.  When all matches on a	line  are  made,  then
       search  terminates  with	 the  specified	action (ACCEPT/REJECT).	 If no
       match is	found the default permission value is used.  The  DEFAULT  key
       is  used	 to specify the	current	default	permission to be used for suc-
       cessful matches or if there is no match after scanning the entire  per-
       missions	database.

       The  following keys provide some	additional checking capabilities.  The
       REMOTEGROUP entry checks	that the REMOTEUSER value appears in  a	 group
       or  netgroup  entry in the system database, and the GROUP entry for the
       USER value.  For	example, GROUP=student*,staff* would check to  see  if
       any  of	the group names	matching student* or staff* have the specified
       user name in them.   If	a  system  has	the  netgroups	capability,  a
       printer,	 group,	 or remotegroup	name starting with a @ will be treated
       as a netgroup name, and specified user name or printer will be  checked
       to see if it is in the group.

       The  SERVER  entry  will	be true	(match)	if the request originated from
       the print server.  The SAMEHOST is true (matches) if the	REMOTEHOST and
       HOST values have	a common  entry,  i.e.	-  are	the  same  host.   The
       SAMEUSER	 is true (matches) if the REMOTEUSER and USER values are iden-
       tical.  The AUTHSAMEUSER	is true	(matches) if the AUTHUSER  value  that
       originated  the	request	 and the AUTHUSER which	was used to transfer a
       job are identical.  AUTHJOB is true (matches) if	 the  job  was	trans-
       ferred  using  authentication.	The  FORWARD value is an alias for NOT
       SAMEHOST.

       The CONTROLLINE value can be used to determine if there is  a  matching
       line  in	 the control file.  This facility has been used	to ensure that
       jobs contain various information	fields in order	to be printed.

       Key	    Match Connect Job	Job    LPQ  LPRM  LPC
				  Spool	Print
       SERVICE	    S	  'X'	  'R'	'P'    'Q'  'M'	  'C,S'
       USER	    S	  -	  JUSR	JUSR   JUSR JUSR  JUSR
       HOST	    S	  RH	  JH	JH     JH   JH	  JH
       GROUP	    S	  -	  JUSR	JUSR   JUSR JUSR  JUSR
       REMOTEPORT   N	  PORT	  PORT	-      PORT PORT  PORT
       REMOTEUSER   S	  -	  JUSR	JUSR   JUSR CUSR  CUSR
       REMOTEHOST   S	  RH	  RH	JH     RH   RH	  RH
       UNIXSOCKET   V	  SK	  SK	SK     SK   SK	  SK
       REMOTEGROUP  S	  -	  JUSR	JUSR   JUSR CUSR  CUSR
       CONTROLLINE  S	  -	  CL	CL     CL   CL	  CL
       PRINTER	    S	  -	  PR	PR     PR   PR	  PR
       FORWARD	    V	  -	  SA	-      -    SA	  SA
       SAMEHOST	    V	  -	  SA	-      SA   SA	  SA
       SAMEUSER	    V	  -	  -	-      SU   SU	  SU
       SERVER	    V	  -	  SV	-      SV   SV	  SV
       AUTH	    V	  -	  AU	-      AU   AU	  AU
       AUTHTYPE	    S	  -	  AU	-      AU   AU	  AU
       AUTHUSER	    S	  -	  AU	-      AU   AU	  AU
       AUTHSAMEUSER S	  -	  AU	-      AU   AU	  AU
       AUTHFROM	    S	  -	  AU	-      AU   AU	  AU
       AUTHJOB	    V	  -	  AU	-      AU   AU	  AU
	 PORT is alias for REMOTEPORT
	 REMOTEIP is alias for REMOTEHOST
	 IP is alias for HOST

       KEY:
	  JH = HOST	     host in control file
	  RH = REMOTEHOST    connecting	host name/IP
	  JUSR = USER	     user in control file
	  CUSR = REMOTEUSER  user from control request
	  JIP= IP	     host/IP addr of host in control file
	  RIP= REMOTEIP	     host/IP addr of requesting	host
	  PORT=		     connecting	host origination port
	   SK=	match if connection over a UNIX	socket
	  CONTROLLINE=	     pattern match of control line in control file
	  FW= IP of source of request == IP of host in control file
	  SA= IP of source of request == IP of host in control file
	  SU= user from	request	== user	in control file
	  SA= IP of source of request == IP of server host
	  SV= matches if from same address as server
	  AU= value determined by server authentication	operation
			     AUTH is true if authenticated transfer,
			     TYPE is set to the	type of	authentication (kerberos, etc)
			     AUTHUSER is user authentication id
			     AUTHFROM is sender	authentication id (can be remote server)
			     AUTHSAMEUSER matches if remote user authentication	id matches original
			     user authentication id
			     AUTHJOB it	true if	print job has authentication
       Match: S	= string with wild card, IP = IP address[/netmask],
	  N = low[-high] number	range, V = exact value match
       SERVICE:	'X' - Connection request; 'R' -	lpr request from remote	host;
	   'P' - print job in queue; 'Q' - lpq request,	'M' - lprm request;
	   'C' - lpc spool control request; 'S'	- lpc spool status request
	  'U' -	administratively allowed user operation
       NOTE: when printing (P action), the remote and job check	values
	  (i.e.	- RUSR,	JUSR) are identical.

       The special key letter=patterns searches	the control file line starting
       with the	(upper case) letter, and is usually  used  with	 printing  and
       spooling	 checks.   For example,	C=A*,B*	would check that the class in-
       formation (i.e.-	line in	the control file starting with C) had a	 value
       starting	with A or B.

       A  permission  line consists of a list of tests and a result value.  If
       all of the tests	succeed, then a	match has been found and  the  permis-
       sion  testing completes with the	result value.  You use the DEFAULT re-
       served word to set the default ACCEPT/DENY  result.   The  NOT  keyword
       will reverse the	sense of a test.

       Each test can have one or more optional values separated	by commas. For
       example	USER=john,paul,mark has	3 test values.	The Match value	speci-
       fies how	the matching is	done.

       S = string type match - string match with glob.
	   Format:  string with	wildcards (*)
	       * matches 0 or more chars
	   Character comparison	is case	insensitive.
	   For example - USER=th*s matches uTHS, This, This, Theses

       IP = IP address and submask.  IP	address	must be	in dotted form.
	   Format: x.x.x.x[/y.y.y.y or /z]
	       x.x.x.x is IP address
	       y.y.y.y is optional submask, default is 255.255.255.255
	       z is a netmask with most	significant z bits set.
	   Match is done by IP address to a 32 bit value and using:
	       success = ((x ^ IP ) & y) == 0	(C language notation)
	   i.e.- only bits where mask is non-zero are used in comparison.
	   For example - IP=130.191.0.0/255.255.0.0 matches all	address	130.191.X.X
	   IP=130.191.0.0/16 has the same value.

       N = numerical range  -  low-high	integer	range.
	   Format: low[-high]
	   Example: PORT=0-1023	matches	a port in range	0 - 1023 (privileged)

       The authentication entries AUTH,	AUTHTYPE, AUTHUSER,  AUTHSAMEUSER  and
       AUTHFROM	can be used to check permissions for authenticated operations.
       AUTH  is	set (true) if authentication was done.	We can use this	to re-
       ject non-authenticated transfers:
       REJECT NOT AUTH
       The AUTHTYPE will match the authentication type being used or requested
       by the remote client or server.	 The  AUTHUSER	matches	 the  original
       client  authentication information used by the client to	make a request
       to the server, and the AUTHFROM matches the sender  authentication  in-
       formation.   The	 AUTHSAMEUSER  will match if the remote	client or user
       authentication id is the	same as	that used for the job generation.

LPC=OP
       The LPC=op entry	is useful to allow various users to  perform  adminis-
       tration operations.  The	following permissions entry would allows users
       to hold or release their	own jobs:
       ACCEPT SERVICE=C	SAMEUSER SAMEHOST LPC=release

DNS, IPV6, AND MULTIHOMED HOSTS
       There  is  a  subtle  problem with names	and IP addresses which are ob-
       tained for 'multi-homed hosts', i.e. - those with multiple Ethernet in-
       terfaces,  and for IPV6 (IP Version 6),	in which a host	can have  mul-
       tiple  addresses,   and for the normal host which can have both a short
       name and	a fully	qualified domain name.

       When performing an IP address match,  the entire	list of	 IP  addresses
       for  a  system will now be checked.  If one of these matches, then suc-
       cess is reported.  Similarly,   the  entire  list  of  host  names  and
       aliases	will  be checked.  If one of these matches,  then success will
       be reported.

FILES
       The files used by LPRng are set by values in the	printer	 configuration
       file.  The following are	a commonly used	set of default values.
       /usr/local/etc//lpd.conf			    LPRng configuration	file
       ${HOME}/.printcap			    user printer description file
       /etc/printcap				    printer description	file
       /usr/local/etc//lpd.perms		    permissions
       /var/run/lpd				    lock file for queue	control
       /var/spool/lpd				    spool directories
       /var/spool/lpd/QUEUE/control		    queue control
       /var/spool/lpd/QUEUE/log			    trace or debug log file
       /var/spool/lpd/QUEUE/acct		    accounting file
       /var/spool/lpd/QUEUE/status		    status file

SEE ALSO
       lpd.conf(5),  lpc(8),  lpd(8),  checkpc(8),  lpr(1),  lpq(1),  lprm(1),
       printcap(5), pr(1), lprng_certs(1), lprng_index_certs(1).

AUTHOR
       Patrick Powell <papowell@lprng.com>.

HISTORY
       LPRng is	a enhanced printer spooler system with	functionality  similar
       to  the	Berkeley  LPR  software.   The LPRng developer mailing list is
       lprng-devel@lists.sourceforge.net;      subscribe      by      visiting
       https://lists.sourceforge.net/lists/listinfo/lprng-devel	  or   sending
       mail to lprng-request@lists.sourceforge.net with	the word subscribe  in
       the body.
       The software is available via http://lprng.sourceforge.net

LPRng				  2006-12-09			  LPD.PERMS(5)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=lpd.perms&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
