File: Tutorial.07.nrf

package info (click to toggle)
lprng-doc 3.4.1-3
  • links: PTS
  • area: main
  • in suites: hamm
  • size: 6,508 kB
  • ctags: 8
  • sloc: makefile: 139; perl: 62
file content (92 lines) | stat: -rw-r--r-- 2,508 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
.NH 1
lpd.perms File and  Permissions
.PP
The lpd server uses the
.L lpd.perms
file to control user access to services.
The following is an example
permissions file.
.DS
.L
# Sample permissions file
DEFAULT ACCEPT
# Root on server can do control operations
ACCEPT SERVICE=C SERVER USER=root
# The specified user on the server can do control operations
ACCEPT SERVICE=C SERVER USER=\fIuser\fP
# Do not allow any other users to do control operations
REJECT SERVICE=C
# Job Removal can be done by the same user on the originating host
ACCEPT SERVICE=M SAMEHOST SAMEUSER
# Also by root on the server
ACCEPT SERVICE=M SERVER USER=root
# Reject all other requests
REJECT SERVICE=M
# Reject requests from subnet 130.191.25.0 (24 bit Subnet mask)
REJECT IP=130.191.25.0/255.255.255.0
# or REJECT IP=130.191.25.0/24
# Printer t1: Accept all requests
PRINTER=t1 ACCEPT
.DE
.PP
The man page for
.L lpd.perms .
has a detailed description of the various fields and entries.
Each line in the permissions file is a test that is performed
against various information associated with a user request.
The tests are applied in sequence until a match is found;
the
.L ACCEPT
or
.L REJECT
keyword specifies of the request is accepted or rejected.
.PP
The
.L DEFAULT
keyword specifies the default action if no explicit match is found.
.PP
In addition to the main permissions file,
each spool queue can have an additional set of permissions tests
that can be applied to requests that have been accepted by the main
permissions file.
.PP
The
.L SERVICE
tag specifies the type of service for the match.
Note that not all service requests have the same amount of information
to be tested.
This is a consequence of the protocol used to send requests to the server.
In addition,
the
.L X
(connection) request is applied to all connections,
and can be used to restrict requests to only a limited range of host
systems.
.PP
When constructing a permissions file,
the most specific tests should be applied first,
then the most general.
The
.L REJECT
tests should precede the
.L ACCEPT ,
and a default for a particular action should immediately follow.
Here are a suggested set of exerises for the reader.
.Np
Modify the permissions file so that
print requests and job from
.L user
are rejected.
Answer:
.DS
.L
REJECT SERVICE=R,P USER=\fIuser\fP
.DE
.Np
Modify the permissions file to allow only hosts in the
IP address submask 130.191.130.0/255.255.255.0 to have access.
Answer:
.DS
.L
REJECT SERVICE=X NOT IP=130.191.130.0/255.255.255
.DE