https://bugzilla.novell.com/show_bug.cgi?id=752454 https://bugzilla.novell.com/show_bug.cgi?id=752454#c26 --- Comment #26 from Johannes Meixner <jsmeix@suse.com> 2012-03-28 13:12:55 UTC --- Proposal regarding "only install 'system-owned' drivers/PPDs": Test if all official openSUSE printer driver software packages (i.e. packages from official openSUSE respositories) are installed and if not, offer a dialog to let normal users choose which to install. Then install them as setuid-root background process. Afterwards restrict normal users to use only PPDs below /usr/share/cups/model/. Of course normal users can then not set up printers which require a driver which is not provided by openSUSE. E.g. HP printers which require a proprietary plugin to be downloaded from HP and installed, see the output of # lpinfo -m | grep 'proprietary' By the way, regarding comment #22: I do not understand why "Not even allow them to install socket:// printers only real hardware"? For me a network printer is "real hardware". What is the security issue with network printers? If a network printer is directly accessible via TCP socket, all normal users can send any data to it. Therefore I do not see a security issue when the same would be done as user "lp" via a print queue. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.