1 | # $Id$ |
---|
2 | |
---|
3 | PyKota - Print Quota for CUPS and LPRng |
---|
4 | |
---|
5 | (c) 2003 Jerome Alet <alet@librelogiciel.com> |
---|
6 | This program is free software; you can redistribute it and/or modify |
---|
7 | it under the terms of the GNU General Public License as published by |
---|
8 | the Free Software Foundation; either version 2 of the License, or |
---|
9 | (at your option) any later version. |
---|
10 | |
---|
11 | This program is distributed in the hope that it will be useful, |
---|
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
---|
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
---|
14 | GNU General Public License for more details. |
---|
15 | |
---|
16 | You should have received a copy of the GNU General Public License |
---|
17 | along with this program; if not, write to the Free Software |
---|
18 | Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. |
---|
19 | |
---|
20 | ==================================================================== |
---|
21 | |
---|
22 | These recommandations are there because as of April 28th 2003 |
---|
23 | PyKota doesn't enforce them. You may or may not follow them, |
---|
24 | depending on your user's IT knowledge, how much your trust them, |
---|
25 | etc... |
---|
26 | |
---|
27 | ==================================================================== |
---|
28 | |
---|
29 | How to improve PyKota's security : |
---|
30 | ---------------------------------- |
---|
31 | |
---|
32 | - In CUPS disable RAW printing, so that users can't bypass the accounting |
---|
33 | filter. |
---|
34 | |
---|
35 | - Ensure that only the user your printing system is run as can |
---|
36 | execute the pykota filter. Depending on your system's configuration, |
---|
37 | this may give something like : |
---|
38 | |
---|
39 | $ chown lp.daemon /usr/bin/pykota |
---|
40 | $ chmod 700 /usr/bin/pykota |
---|
41 | |
---|
42 | If any user could run the pykota filter, then he theorically could |
---|
43 | forbid any other user to print by incorrectly charging them for |
---|
44 | pages they would never have printed. |
---|
45 | |
---|
46 | - Ensure that only the print quota administrator (e.g. root) can |
---|
47 | execute the edpykota and warnpykota commands. Depending on your |
---|
48 | system's configuration, this may give something like : |
---|
49 | |
---|
50 | $ chown root.root /usr/bin/edpykota /usr/bin/warnpykota |
---|
51 | $ chmod 700 /usr/bin/edpykota /usr/bin/warnpykota |
---|
52 | |
---|
53 | or |
---|
54 | |
---|
55 | $ chown root.lpadmin /usr/bin/edpykota /usr/bin/warnpykota |
---|
56 | $ chmod 750 /usr/bin/edpykota /usr/bin/warnpykota |
---|
57 | |
---|
58 | If any user could run warnpykota, then he could fill the mailboxes |
---|
59 | of all users who are above quota, by repeatedly running warnpykota. |
---|
60 | |
---|
61 | If any user could run edpykota, then he could, in the better case, |
---|
62 | set his account to noquota mode. In the worst case he could render |
---|
63 | PyKota and/or your printing system completely inoperative. |
---|
64 | |
---|
65 | - Ensure that no regular user can read PyKota administrator's |
---|
66 | configuration file, but that both the print quota administrator and |
---|
67 | the user the printing system is run as can read it. Depending on |
---|
68 | your system's configuration, this may give something like : |
---|
69 | |
---|
70 | $ chown lp.lpadmin /etc/pykota/pykotadmin.conf |
---|
71 | $ chmod 640 /etc/pykota/pykotadmin.conf |
---|
72 | |
---|
73 | If the print quota administrator is root then he will always be |
---|
74 | able to read PyKota's configuration file. |
---|
75 | |
---|
76 | Letting any user read PyKota administrator's configuration file may |
---|
77 | expose passwords or database information which would allow direct |
---|
78 | connections to it if the user can write and execute his own scripts |
---|
79 | or download and execute his own version of PyKota. |
---|
80 | |
---|
81 | If you want to let users generate their own print quota reports, |
---|
82 | then ensure that /etc/pykota/pykota.conf is readable by |
---|
83 | everyone, but writeable only by the root user : |
---|
84 | |
---|
85 | $ chown root.root /etc/pykota/pykota.conf |
---|
86 | $ chmod 644 /etc/pykota/pykota.conf |
---|
87 | |
---|
88 | NB : If you use the printquota.cgi CGI script, ensure that |
---|
89 | the user this script is run as (e.g. nobody or www-data) |
---|
90 | can read PyKota's configuration file /etc/pykota/pykota.conf |
---|
91 | BUT can't read PyKota administrator's configuration file |
---|
92 | /etc/pykota/pykotadmin.conf |
---|
93 | Refer to Apache's documentation for details. |
---|
94 | |
---|
95 | - Secure your database connection : |
---|
96 | |
---|
97 | Depending on the database backend used, either PostgreSQL or |
---|
98 | OpenLDAP, you may have to take additionnal measures to render |
---|
99 | your database more secure. Please refer to your database system's |
---|
100 | documentation on configuration to learn how to do so. This is out |
---|
101 | of the scope of the present document which will only give basic |
---|
102 | informations. |
---|
103 | |
---|
104 | Keep in mind that if you use a centralized database, you may have |
---|
105 | to restrict which hosts can access to it (i.e. the Print Servers). |
---|
106 | |
---|
107 | For the PostgreSQL backend, PyKota already defines a user with |
---|
108 | read/write access and another user with read-only access to |
---|
109 | the Print Quota Database. PyKota doesn't set any passwords |
---|
110 | for these users though, but doing it is recommanded, and |
---|
111 | explained elsewhere in PyKota's documentation. |
---|
112 | |
---|
113 | For the OpenLDAP backend, YOU have to ensure that no regular |
---|
114 | user can write to any PyKota specific attribute or objectClass. |
---|
115 | Otherwise they could modify their quota at will. |
---|
116 | |
---|
117 | ==================================================================== |
---|