Printing and cups: KDE removes filter entrys!
1i5t5.duncan at cox.net
Mon Aug 16 08:18:45 BST 2010
Wilhelm posted on Sun, 15 Aug 2010 16:05:51 +0000 as excerpted:
> we are using cupsd / smbspool for printing to printers hosted on a
> remote windows printserver. Therefore the cups-clients need to to the
> filtering local. So I setup the local printers.conf to include the
> nessesary filter definitions. Up to this point all is well and printing
> The problem seems to be the KDE printer-mgr. If someone logs into the
> client using a KDE session, the kde startup procedure somehow removes
> the filter entrys from printers.conf and then I have printers.conf
> (modified, without the filter definitions) and printers.conf.0 (the
> previous working one).
> If I set cupsd to LogLevel debug, it says that it is modifying
> So, the question is: how do I prevent KDE from sending modifying
> requests to cupsd or how do I refuse those modifications ?
Note that I don't have a printer ATM, and even if I did, it'd very likely
be local printing only... As such, I don't know much about printing in
That said... there's a few more generic possibilities you may be able to
activate, depending on your installation. This list is arguably in
reverse order of likelihood to work... that's just the order I thought of
1) If you're running SELinux, you can setup the cupsd SELinux security
policy so it isn't allowed to write to printers.conf, only read it. (The
same may well be possible with app-armor and tomoko (sp?), I'm not sure.)
Since Fedora ships with SELinux active by default, if that's what you're
using, it should be a rather minor change.
2) If you're running ext2/3/4, consider setting the printers.conf file
immutable. As with the printer disclaimer above, I should mention that I
run reiserfs myself (and likely will until btrfs loses its dev status and
seems reasonably stable for a kernel or two), and thus haven't actually
ever had occasion to use ext2/3/4's immutable attribute (viewable with
lsattr, settable with chattr, see the manpages), but it or possibly
append-only sounds like it'd fit the bill to me. =:^)
3) This one I KNOW should work as I actually use it for various purposes
(chroots, etc) myself. Take a look at the mount --bind option, for
remounting part of a filesystem (may be a single file) elsewhere. The
idea is to remount either that dir, or just that file, as read-only. The
catch is that you can't change the mount options with mount --bind itself
-- it inherits the mount options of the original filesystem. However, you
CAN do the mount --bind, then do a remount -o remount,ro. Again, see the
manpage, this time for mount, in particular, the bind mounts section. If
the filesystem (even if it consists of a single bind-mount file) is
mounted read-only, neither cupsd nor anything else is going to write
anything on it using access to that mountpoint! =:^) Of course, assuming
the file is stored elsewhere on the original filesystem, so the mount --
bind isn't directly over top of itself, you can still modify it if desired
using the original location. But the point is, cupsd won't be accessing
it using that path, but rather, the bind-mount path, which is read-only,
so it will be unable to modify the file!
I'm quite sure there's actually a way to get kde to quit telling cupsd to
mess with it, but as I said, I don't have a printer ATM (and haven't had
since quite some time back in the kde3 era), so I don't happen to know the
specifics of that. But I DO know how to force a file to read-only if I
need to, using bind-mounts. As no one else seems to have answered so
far... well, you know at least one way to make it work, now, even if it's
rather like using a cannon to kill a fly. I've actually used it and know
it does work.
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
More info: http://www.kde.org/faq.html.
More information about the kde