Hello, On Jun 24 15:36 1xx wrote (excerpt):
The needs to print on a virtual printer exists.
Why? What should "a virtual printer" actually mean for the user? What final user's goal is solved by "a virtual printer"? I mean this questions very seriously, see "Background Information regarding Print as PDF versus Save as PDF" at http://en.opensuse.org/SDB:Printing_to_PDF and in https://features.opensuse.org/312322 (excerpt): ------------------------------------------------------------------ Johannes Meixner wrote: (3 years ago) ... Regarding making a PDF file from applications or from the desktop: ... If this is the acutal reason for this feature request, please file either bug reports or feature requests for the particular applications or desktops which can no longer make PDFs. ... Tim Edwards wrote: (3 years ago) As Johannes Meixner pointed out most apps already have this functionality without requiring going down the hacky route of having a CUPS pdf 'printer' setup. It just looks complicated (and therefore buggy) and exposes the system to all sorts of potential security issues, Opensuse should ship as secure as is reasonable for a desktop system. ------------------------------------------------------------------ For me a printer is a piece of hardware that produces a printout and for me a printout is a piece of printed paper. I only need a printer when my final goal is to have a piece of printed paper. Personally I don't have a use case for "a virtual printer".
But, printing systems need root,
Not in general. Only the cupsd runs as root to do things that need root privileges. Filters and backends (see http://en.opensuse.org/SDB:CUPS_in_a_Nutshell) are usually run by the cupsd as user lp (switch user is one of the things why cupsd needs root privileges), see "man 7 backend": ------------------------------------------------------------------------ PERMISSIONS Backends without world execute permissions are run as the root user. Otherwise, the backend is run using the unprivileged user account, typically "lp". ------------------------------------------------------------------------ Regarding let a CUPS backend write its output into a file in a user's home directory: The user lp is not allowed to write into a user's home directory. The user root has unlimited permissions so that root can do everything but that does notably not mean that root is allowed to do everything. In particular root cannot protect himself from himself (only complicated kernel stuff like AppArmor can be used to cage root): --------------------------------------------------------------------- # id uid=0(root) gid=0(root) groups=0(root) # touch testy # chmod a-rw testy # ls -l testy ---------- 1 root root 0 Jun 24 09:54 testy # echo hello >>testy # ls -l testy ---------- 1 root root 6 Jun 24 09:55 testy # cat testy hello --------------------------------------------------------------------- Therefore unlimited permissions mean that root must be much more careful than a normal user not to do things that should not be done because there is no permission check that could protect root from doing something wrong. I think that root is not allowed to write into a user's home directory. I think only the user himself is allowed to write into his own home directory. Perhaps this way it might be allowed that a CUPS backend writes its output into a file in a user's home directory: When the CUPS backend runs as root it could switch user to the user/owner of a particular home directory and then write into that home directory as its owner. This way at least the user's own permission settings would apply when the CUPS backend writes as the user in his home directory. I am not at all a security expert so that I cannot decide if this way is really sufficiently secure or if it only looks like being secure but actually it isn't (e.g. because usually the user's own permission settings allow everything in his own home directory). Regardless of how it might be finally correctly implemented to write into a file in a user's home directory: I think first and foremost we need to understand and agree what final user's goal is solved by "a virtual printer". Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org