Written by Urs-Jakob Rüetschi
as part of the pracc project.

The Pracc Security Concept

Pracc files are protected from arbitrary access by giving them a specific owner PRACCOWNER and a specific group PRACCGROUP. Pracc files have mode 0660; they need not be world-readable.

Programs that need to access pracc files are: the backend, the web interface pracc.cgi, and a number of command line tools.

The web interface uses two system groups to control pracc file operations: users in the group PRACCPEEK can view all pracc files but cannot change anything; users in the group PRACCPOKE can perform all administrative actions: creating, deleting, purging, editing, and viewing accounts.

Suggested Setup

The pracc backend shall be run as root by the CUPS scheduler. This is achieved by installing the backend with mode 0700.

For the web interface, there are two options: (1) add the user as which the web server runs to the group PRACCGROUP or (2) configure the web server such that it executes the pracc web interface pracc.cgi as user PRACCOWNER or as group PRACCGROUP.

For the command line tools, no special measures have to be taken. It is assumed that only those users execute them, that already have appropriate permissions to access pracc files.

Configuration and Defaults

PRACCOWNER (default: root)

Owner for pracc files. The default is fine.

PRACCGROUP (default: lpadmin)

Group for pracc files. Prefer a dedicated group over the default.

PRACCPEEK (default: pracc-watch)

Group of users that are allowed to observe, but not change, anything in the pracc system.

PRACCPOKE (default: pracc-admin)

Group of users that are allowed to observe and change anything in the pracc system.

These values can be changed prior to compilation by editing the Makefile in the source directory. After installation, the pracc-check command line tool can be used to check if the actual file permissions correspond to those configured.