Univention Bugzilla – Full Text Bug Listing |
Summary: | Point-and-print Windows driver upload fails as member of Printer-Admins | ||
---|---|---|---|
Product: | UCS | Reporter: | Arvid Requate <requate> |
Component: | Samba | Assignee: | Felix Botner <botner> |
Status: | CLOSED FIXED | QA Contact: | Arvid Requate <requate> |
Severity: | normal | ||
Priority: | P3 | CC: | botner, denissen, gohmann, markus.daehlmann, stoeckigt, thorp-hansen |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.2-2-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | Bug Report | What type of bug is this?: | 5: Major Usability: Impairs usability in key scenarios |
Who will be affected by this bug?: | 3: Will affect average number of installed domains | How will those affected feel about the bug?: | 3: A User would likely not purchase the product |
User Pain: | 0.257 | Enterprise Customer affected?: | |
School Customer affected?: | Yes | ISV affected?: | |
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | 2016072221000163, 2016081221000519 | Bug group (optional): | |
Max CVSS v3 score: | |||
Bug Depends on: | 28517 | ||
Bug Blocks: | 41852 |
Description
Arvid Requate
2016-07-25 14:14:12 CEST
also requested at Ticket#2016081221000519 univention-samba4 c17fbc45938572b460be99898e4fdef2b78333bc 7e5785bde1497ac668504f25e81ccfc4baa4ea9a Added setfacl Printer-Admins to /var/lib/samba/drivers and the "known" sub directories. Looks like this now: -> ls -lad /var/lib/samba/drivers drwxrwsr-x+ 10 root Printer-Admins 4096 Sep 12 16:46 /var/lib/samba/drivers -> getfacl /var/lib/samba/drivers getfacl: Entferne führende '/' von absoluten Pfadnamen # file: var/lib/samba/drivers # owner: root # group: Printer-Admins # flags: -s- user::rwx group::rwx other::r-x default:user::rwx default:group::rwx default:group:Printer-Admins:rwx default:mask::rwx default:other::r-x Also tried to add Domain\ Admins group, but even after adding a acl to /var/lib/samba/drivers, setting SePrintOperatorPrivilege for my "Domain\ Admins user", adding Domain\ Admins to the print$ share write list, the user had not rights to create files in the drivers directory. => We really have to fix Bug #41848 so that the Printer-Admins (Print Operators) group can be used to delegate print admin tasks. I think we should also fix it during package update by adding a version dependent if block to postinst. OK done Ok. |