root / pykota / trunk / SECURITY @ 1106

Revision 1106, 5.0 kB (checked in by jalet, 21 years ago)

More Security information

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1# $Id$
2
3PyKota - Print Quota for CUPS and LPRng
4
5(c) 2003 Jerome Alet <alet@librelogiciel.com>
6This program is free software; you can redistribute it and/or modify
7it under the terms of the GNU General Public License as published by
8the Free Software Foundation; either version 2 of the License, or
9(at your option) any later version.
10
11This program is distributed in the hope that it will be useful,
12but WITHOUT ANY WARRANTY; without even the implied warranty of
13MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14GNU General Public License for more details.
15
16You should have received a copy of the GNU General Public License
17along with this program; if not, write to the Free Software
18Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA.
19
20====================================================================
21
22  These recommandations are there because as of April 28th 2003
23  PyKota doesn't enforce them. You may or may not follow them,
24  depending on your user's IT knowledge, how much your trust them,
25  etc...
26 
27====================================================================
28
29How to improve PyKota's security :
30----------------------------------
31
32  - In CUPS disable RAW printing, so that users can't bypass the accounting
33    filter.
34   
35  - Ensure that only the user your printing system is run as can
36    execute the pykota filter. Depending on your system's configuration,
37    this may give something like :
38   
39      $ chown lp.daemon /usr/bin/pykota
40      $ chmod 700 /usr/bin/pykota
41     
42    If any user could run the pykota filter, then he theorically could
43    forbid any other user to print by incorrectly charging them for
44    pages they would never have printed.
45   
46  - Ensure that only the print quota administrator (e.g. root) can
47    execute the edpykota and warnpykota commands. Depending on your
48    system's configuration, this may give something like :
49   
50      $ chown root.root /usr/bin/edpykota /usr/bin/warnpykota
51      $ chmod 700 /usr/bin/edpykota /usr/bin/warnpykota
52     
53    or   
54   
55      $ chown root.lpadmin /usr/bin/edpykota /usr/bin/warnpykota
56      $ chmod 750 /usr/bin/edpykota /usr/bin/warnpykota
57     
58    If any user could run warnpykota, then he could fill the mailboxes
59    of all users who are above quota, by repeatedly running warnpykota.
60   
61    If any user could run edpykota, then he could, in the better case,
62    set his account to noquota mode. In the worst case he could render
63    PyKota and/or your printing system completely inoperative.
64   
65  - Ensure that no regular user can read PyKota administrator's
66    configuration file, but that both the print quota administrator and
67    the user the printing system is run as can read it. Depending on
68    your system's configuration, this may give something like :
69   
70      $ chown lp.lpadmin /etc/pykota/pykotadmin.conf
71      $ chmod 640 /etc/pykota/pykotadmin.conf
72   
73    If the print quota administrator is root then he will always be
74    able to read PyKota's configuration file.
75   
76    Letting any user read PyKota administrator's configuration file may
77    expose passwords or database information which would allow direct
78    connections to it if the user can write and execute his own scripts
79    or download and execute his own version of PyKota.
80 
81    If you want to let users generate their own print quota reports,
82    then ensure that /etc/pykota/pykota.conf is readable by
83    everyone, but writeable only by the root user :
84   
85      $ chown root.root /etc/pykota/pykota.conf
86      $ chmod 644 /etc/pykota/pykota.conf
87     
88    NB : If you use the printquota.cgi CGI script, ensure that
89         the user this script is run as (e.g. nobody or www-data)
90         can read PyKota's configuration file /etc/pykota/pykota.conf
91         BUT can't read PyKota administrator's configuration file
92         /etc/pykota/pykotadmin.conf
93         Refer to Apache's documentation for details.
94 
95  - Secure your database connection :
96 
97    Depending on the database backend used, either PostgreSQL or
98    OpenLDAP, you may have to take additionnal measures to render
99    your database more secure. Please refer to your database system's
100    documentation on configuration to learn how to do so. This is out
101    of the scope of the present document which will only give basic
102    informations.
103   
104    Keep in mind that if you use a centralized database, you may have
105    to restrict which hosts can access to it (i.e. the Print Servers).
106   
107    For the PostgreSQL backend, PyKota already defines a user with
108    read/write access and another user with read-only access to
109    the Print Quota Database. PyKota doesn't set any passwords
110    for these users though, but doing it is recommanded, and
111    explained elsewhere in PyKota's documentation.
112   
113    For the OpenLDAP backend, YOU have to ensure that no regular
114    user can write to any PyKota specific attribute or objectClass.
115    Otherwise they could modify their quota at will.
116   
117====================================================================
Note: See TracBrowser for help on using the browser.