[969] | 1 | # $Id$ |
---|
| 2 | |
---|
| 3 | PyKota - Print Quota for CUPS and LPRng |
---|
| 4 | |
---|
| 5 | (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
| 6 | This program is free software; you can redistribute it and/or modify |
---|
| 7 | it under the terms of the GNU General Public License as published by |
---|
| 8 | the Free Software Foundation; either version 2 of the License, or |
---|
| 9 | (at your option) any later version. |
---|
| 10 | |
---|
| 11 | This program is distributed in the hope that it will be useful, |
---|
| 12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
| 13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
| 14 | GNU General Public License for more details. |
---|
| 15 | |
---|
| 16 | You should have received a copy of the GNU General Public License |
---|
| 17 | along with this program; if not, write to the Free Software |
---|
| 18 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
| 19 | |
---|
| 20 | ==================================================================== |
---|
| 21 | |
---|
| 22 | These recommandations are there because as of April 28th 2003 |
---|
| 23 | PyKota doesn't enforce them. You may or may not follow them, |
---|
| 24 | depending on your user's IT knowledge, how much your trust them, |
---|
| 25 | etc... |
---|
| 26 | |
---|
| 27 | ==================================================================== |
---|
| 28 | |
---|
| 29 | How to improve PyKota's security : |
---|
| 30 | ---------------------------------- |
---|
| 31 | |
---|
| 32 | - Ensure that only the user your printing system is run as can |
---|
| 33 | execute the pykota filter. Depending on your system's configuration, |
---|
| 34 | this may give something like : |
---|
| 35 | |
---|
| 36 | $ chown lp.daemon /usr/bin/pykota |
---|
| 37 | $ chmod 700 /usr/bin/pykota |
---|
| 38 | |
---|
| 39 | If any user could run the pykota filter, then he theorically could |
---|
| 40 | forbid any other user to print by incorrectly charging them for |
---|
| 41 | pages they would never have printed. |
---|
| 42 | |
---|
| 43 | - Ensure that only the print quota administrator (e.g. root) can |
---|
| 44 | execute the edpykota and warnpykota commands. Depending on your |
---|
| 45 | system's configuration, this may give something like : |
---|
| 46 | |
---|
| 47 | $ chown root.root /usr/bin/edpykota /usr/bin/warnpykota |
---|
| 48 | $ chmod 700 /usr/bin/edpykota /usr/bin/warnpykota |
---|
| 49 | |
---|
| 50 | or |
---|
| 51 | |
---|
| 52 | $ chown root.lpadmin /usr/bin/edpykota /usr/bin/warnpykota |
---|
| 53 | $ chmod 750 /usr/bin/edpykota /usr/bin/warnpykota |
---|
| 54 | |
---|
| 55 | If any user could run warnpykota, then he could fill the mailboxes |
---|
| 56 | of all users who are above quota, by repeatedly running warnpykota. |
---|
| 57 | |
---|
| 58 | If any user could run edpykota, then he could, in the better case, |
---|
| 59 | set his account to noquota mode. In the worst case he could render |
---|
| 60 | PyKota and/or your printing system completely inoperative. |
---|
| 61 | |
---|
| 62 | - Ensure that no regular user can read PyKota's configuration file, |
---|
| 63 | but that both the print quota administrator and the user the |
---|
| 64 | printing system is run as can read it. Depending on your system's |
---|
| 65 | configuration, this may give something like : |
---|
| 66 | |
---|
| 67 | $ chown lp.lpadmin /etc/pykota.conf |
---|
| 68 | $ chmod 640 /etc/pykota.conf |
---|
| 69 | |
---|
| 70 | If the print quota administrator is root then he will always be |
---|
| 71 | able to read PyKota's configuration file. |
---|
| 72 | |
---|
| 73 | Letting any user read PyKota's configuration file may expose |
---|
| 74 | passwords or database information which would allow direct |
---|
| 75 | connections to it if the user can write and execute his own |
---|
| 76 | scripts or download and execute his own version of PyKota. |
---|
| 77 | |
---|
[971] | 78 | NB : If you use the printquota.cgi CGI script, ensure that |
---|
| 79 | the user this script is run as (e.g. nobody or www-data) |
---|
| 80 | can read PyKota's configuration file too, for example |
---|
| 81 | by putting www-data in the lpadmin group. |
---|
[992] | 82 | WARNING : putting www-data in the lpadmin group so that |
---|
| 83 | the CGI script can read the /etc/pykota.conf file is |
---|
| 84 | dangerous. If any user can create CGI scripts launchable |
---|
| 85 | as www-data then he could steal a copy of the /etc/pykota.conf |
---|
| 86 | file and learn database and database users' name and passwords. |
---|
| 87 | The best solution is probably to create a pykota system |
---|
| 88 | account and run the CGI script as this user using Apache's SuEXEC |
---|
| 89 | facility. Refer to Apache's documentation for details. |
---|
[971] | 90 | |
---|
[969] | 91 | - Secure your database connection : |
---|
| 92 | |
---|
| 93 | Depending on the database backend used (currently only PostgreSQL |
---|
| 94 | is supported), you may have to take additionnal measures to render |
---|
| 95 | your database more secure. Please refer to your database system's |
---|
| 96 | documentation on configuration to learn how to do so. This is out |
---|
| 97 | of the scope of the present document. |
---|
| 98 | |
---|
| 99 | Keep in mind that if you use a centralized database, you may have |
---|
| 100 | to restrict which hosts can access to it (i.e. the Print Servers). |
---|
| 101 | |
---|
| 102 | |
---|
| 103 | ==================================================================== |
---|