<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta name="generator" content="HTML Tidy, see www.w3.org"> <title>User Identification</title> <meta name="GENERATOR" content= "Modular DocBook HTML Stylesheet Version 1.71 "> <link rel="HOME" title=" LPRng-HOWTO" href="index.htm"> <link rel="UP" title= "LPRng Clients - lpr, lprm, lpq, lpc, lpstat " href= "lprngclients.htm"> <link rel="PREVIOUS" title="Force Connection to Localhost " href="forcelocalhost.htm"> <link rel="NEXT" title="lpr - Job Spooler Program" href= "lpr.htm"> </head> <body class="SECT1" bgcolor="#FFFFFF" text="#000000" link= "#0000FF" vlink="#840084" alink="#0000FF"> <div class="NAVHEADER"> <table summary="Header navigation table" width="100%" border= "0" cellpadding="0" cellspacing="0"> <tr> <th colspan="3" align="center">LPRng-HOWTO: 8 Feb 2002 (For LPRng-3.8.6)</th> </tr> <tr> <td width="10%" align="left" valign="bottom"><a href= "forcelocalhost.htm" accesskey="P">Prev</a></td> <td width="80%" align="center" valign="bottom">Chapter 5. <b class="APPLICATION">LPRng</b> Clients - lpr, lprm, lpq, lpc, lpstat</td> <td width="10%" align="right" valign="bottom"><a href= "lpr.htm" accesskey="N">Next</a></td> </tr> </table> <hr align="LEFT" width="100%"> </div> <div class="SECT1"> <h1 class="SECT1"><a name="ALLOWUSERSETTING">5.9. User Identification</a></h1> <p>Options used:</p> <ul> <li> <p><tt class="LITERAL">allow_user_setting=</tt><i class= "EMPHASIS">privileged users</i></p> </li> </ul> <br> <br> <p>When an client program sends a command to the <b class= "APPLICATION">lpd</b> server it may need to provide the name of the user who is originating the request for service. This name is obtained by looking up the UID of the user running the client in the appropriate user information database; if the information is not found the UID is used instead. Also, the client machine hostname may also be needed. This is usually determined by using a DNS lookup and trying to determine if there is a canonical or Fully Qualified Domain Name for the host and using this.</p> <p>The <tt class="COMMAND">lpr -U name@host</tt> (and for <b class="APPLICATION">lpq</b>, <b class="APPLICATION">lprm</b>, and <b class="APPLICATION">lpc</b>) option allows privileged users to cause the client software to use the <tt class= "LITERAL">name</tt> value as the originator and <tt class= "LITERAL">host</tt> as the machine name. This allows privileged users to <i class="EMPHASIS">impersonate</i> other users. This is most useful for programs such as Samba and PCNFS, which need to act as proxies for users.</p> <p>By default, ROOT (UID 0) is the only user that can masquerade as another user. The <tt class= "LITERAL">allow_user_setting=name,name...</tt> configuration option can be used to specify a list of names or UIDs that can also perform masquerading. For example, if the Samba server was running as user <tt class="LITERAL">samba</tt>, then <tt class="LITERAL">allow_user_setting=samba</tt> would allow it to specify the name of print job originator as a remote user, and the remote user would not need a login account on the system.</p> </div> <div class="NAVFOOTER"> <hr align="LEFT" width="100%"> <table summary="Footer navigation table" width="100%" border= "0" cellpadding="0" cellspacing="0"> <tr> <td width="33%" align="left" valign="top"><a href= "forcelocalhost.htm" accesskey="P">Prev</a></td> <td width="34%" align="center" valign="top"><a href= "index.htm" accesskey="H">Home</a></td> <td width="33%" align="right" valign="top"><a href= "lpr.htm" accesskey="N">Next</a></td> </tr> <tr> <td width="33%" align="left" valign="top">Force Connection to Localhost</td> <td width="34%" align="center" valign="top"><a href= "lprngclients.htm" accesskey="U">Up</a></td> <td width="33%" align="right" valign="top"><b class= "APPLICATION">lpr</b> - Job Spooler Program</td> </tr> </table> </div> </body> </html>