PPD files in /etc/cups/ppd/ are sometimes not world-readable

[michaelrsweet]

Version: 2.1-current
CUPS.org User: till.kamppeter

Depending on whether the scheduler gets an IPP request for adding or modifying a print queue with a PPD file attached or with a printer model URI (from "lpinfo -m" output) the resulting PPD in /etc/cups/ppd/ is world-readable or not, and it seems that world-readable is the desired way.

Also the print dialog of the Chromium browser (Linux) hangs when the PPD of the selected printer is not world-readable.

If the IPP request has the PPD attached, the scheduler copies it to /etc/cups/ppd/ and explicitly sets the permissions to 0644 (scheduler/ipp.c, line 2651), so I assume that this is intended behavior. Ownerships are root.root in this case (probably UID and GID of the cupsd process).

If the IPP request has no attached PPD but only a model URI, the copy_model() function of scheduler/ipp.c is used which creates a temporary file (not world-readable) through which the PPD gets into /etc/cups/ppd/ and as nowhere permissions are set explicitly, the file ends up not world-readable which is probably not intended. Ownerships are also root.lp in this case.

I have a patch attached which fixes it by explicitly setting permissions and ownerships appropriately for the case that the IPP request has a model URI and no attached PPD file.

[michaelrsweet]

CUPS.org User: mike

First, the PPD file should have ConfigFilePerms applied, not a hardcoded 0644.

Second, please report a bug to Google on the Chromium browser - no application should assume the location of PPD files, as that is an implementation detail that is subject to change (and with IPP Everywhere it is conceivable that there will be no constant PPD file in coming releases of CUPS...) The cupsGetPPD API is provided for getting the PPD of a print queue and it what we expect them to use. Anything else WILL fail at some point.

[michaelrsweet]

CUPS.org User: mike

Looking at the code, the copy_model code is already doing the Right Thing(tm), but the code that copies the attached PPD file/interface script is not.

If you want configuration files readable by ordinary users, that needs to be set in the cups-files.conf file that you ship. The default is 0640 (group read) set with the "--with-config-file-perm" configure option.

What I'll do here is update the attachment code to use ConfigFilePerm so that they are consistent. Google needs to fix Chromium.

[michaelrsweet]

CUPS.org User: mike

Fixed in Subversion repository.

[michaelrsweet]

"scheduler-create-ppd-correct-permissions.patch":

--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -2702,6 +2702,8 @@

   cupsdLogMessage(CUPSD_LOG_DEBUG,
          "Copied PPD file successfully");

•  chmod(dstfile, 0644);
  

•  chown(dstfile, RunUser, getgid());
  

  }
  }

[michaelrsweet]

"str4703.patch":

Index: scheduler/ipp.c

--- scheduler/ipp.c (revision 12850)
+++ scheduler/ipp.c (working copy)
@@ -70,7 +70,7 @@
cups_array_t *exclude);
static int copy_banner(cupsd_client_t *con, cupsd_job_t *job,
const char *name);
-static int copy_file(const char *from, const char *to);
+static int copy_file(const char *from, const char *to, mode_t mode);
static int copy_model(cupsd_client_t *con, const char *from,
const char *to);
static void copy_job_attrs(cupsd_client_t *con,
@@ -2615,7 +2615,7 @@
* interfaces directory and make it executable...
*/

• if (copy_file(srcfile, dstfile))
• if (copy_file(srcfile, dstfile, ConfigFilePerm | 0110))
  {
  send_ipp_status(con, IPP_INTERNAL_ERROR,
  _("Unable to copy interface script - %s"),
  @@ -2625,7 +2625,6 @@

cupsdLogMessage(CUPSD_LOG_DEBUG,
"Copied interface script successfully");

• chmod(dstfile, 0755);
  }

  snprintf(dstfile, sizeof(dstfile), "%s/ppd/%s.ppd", ServerRoot,
  @@ -2638,7 +2637,7 @@

• ppd directory and make it readable by all...
  */

• if (copy_file(srcfile, dstfile))

• if (copy_file(srcfile, dstfile, ConfigFilePerm))
  {
  send_ipp_status(con, IPP_INTERNAL_ERROR,
  _("Unable to copy PPD file - %s"),
  @@ -2648,7 +2647,6 @@

cupsdLogMessage(CUPSD_LOG_DEBUG,
"Copied PPD file successfully");

• chmod(dstfile, 0644);
  }
  else
  {
  @@ -4336,7 +4334,8 @@

static int /* O - 0 = success, -1 = error /
copy_file(const char *from, / I - Source file */

•      const char _to)      /_ I - Destination file */
  

•      const char _to,      /_ I - Destination file */
  

• mode_t     mode)      /* I - Permissions */
  

  {
  cups_file_t src, / Source file /
  *dst; / Destination file */
  @@ -4353,7 +4352,7 @@
  if ((src = cupsFileOpen(from, "rb")) == NULL)
  return (-1);

• if ((dst = cupsFileOpen(to, "wb")) == NULL)

• if ((dst = cupsdCreateConfFile(to, mode)) == NULL)
  {
  cupsFileClose(src);
  return (-1);
  @@ -4377,7 +4376,7 @@

cupsFileClose(src);

• return (cupsFileClose(dst));
• return (cupsdCloseCreatedConfFile(dst, to));
  }

[michaelrsweet]

CUPS.org User: till.kamppeter

The problem of the Chromium browser mentioned here is solved now. It was a CUPS bug, this one:

https://www.cups.org/str.php?L4725

After applying the patch there the print dialog of Chromium works correctly, no need of world-readable PPD files.