Remove setuid root from lp*. lpr needs to be setuid daemon so the

files it creates are not owned by the user spooling them but the
others (lpc, lpq, lprm) can get away with setgid daemon.  lpd runs
as user daemon for most things, only changing its uid to 0 for
things that must be done as root.

For the time being, don't require connections to come from a reserved
port since lpq/lpr/lprm can't acquire that w/o setuid root.  In the
near future we will have a mechanism for select non-root processes
to grab reserved ports.

The upshot of this is that spool directories must be writable by
group daemon and the files within the spool dirs must be owned by
daemon.

8 files changed, 56 insertions, 57 deletions

diff --git a/usr.sbin/lpr/SMM.doc/0.t b/usr.sbin/lpr/SMM.doc/0.t
index fa37273edf2..ef3353c53f3 100644
--- a/usr.sbin/lpr/SMM.doc/0.t
+++ b/usr.sbin/lpr/SMM.doc/0.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 0.t,v 1.2 1997/01/17 15:54:15 millert Exp $
+.\" $OpenBSD: 0.t,v 1.3 2002/06/08 01:53:42 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -35,9 +35,9 @@
 .\"
 .if n .ND
 .TL
-4.3BSD Line Printer Spooler Manual
-.EH 'SMM:7-%''4.3BSD Line Printer Spooler Manual'
-.OH '4.3BSD Line Printer Spooler Manual''SMM:7-%'
+OpenBSD Line Printer Spooler Manual
+.EH 'SMM:7-%''OpenBSD Line Printer Spooler Manual'
+.OH 'OpenBSD Line Printer Spooler Manual''SMM:7-%'
 .AU
 Ralph Campbell
 .AI
@@ -47,20 +47,16 @@ Department of Electrical Engineering and Computer Science
 University of California, Berkeley
 Berkeley, CA  94720
 .AB
-.FS
-* UNIX is a trademark of Bell Laboratories.
-.FE
 This document describes the structure and installation procedure
-for the line printer spooling system
-developed for the 4.3BSD version
-of the UNIX* operating system.
+for the line printer spooling system included with the OpenBSD
+operating system.
 .de D?
 .ie \\n(.$>1 Revised \\$1 \\$2 \\$3
 .el DRAFT of \n(mo/\n(dy/\n(yr
 ..
 .sp 2
 .LP
-.D? June 8, 1993
+.D? May 31, 2002
 .AE
 .de IR
 \fI\\$1\fP\\$2
diff --git a/usr.sbin/lpr/SMM.doc/2.t b/usr.sbin/lpr/SMM.doc/2.t
index 9006ed037cf..c093bbc2cec 100644
--- a/usr.sbin/lpr/SMM.doc/2.t
+++ b/usr.sbin/lpr/SMM.doc/2.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 2.t,v 1.3 2002/05/18 23:03:04 millert Exp $
+.\" $OpenBSD: 2.t,v 1.4 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -51,7 +51,7 @@ database restarting any printers that have jobs.
 In normal operation
 .I lpd
 listens for service requests on multiple sockets,
-one in the UNIX domain (named ``/var/run/printer'') for
+one in the LOCAL domain (named ``/var/run/printer'') for
 local requests, and one in the Internet domain
 (under the ``printer'' service specification)
 for requests for printer access from off machine;
@@ -67,7 +67,7 @@ Clients communicate with
 using a simple transaction oriented protocol.
 Authentication of remote clients is done based
 on the ``privilege port'' scheme employed by
-\fIrshd\fP\|(8C) and \fIrcmd\fP\|(3X).
+\fIrshd\fP\|(8) and \fIrcmd\fP\|(3).
 The following table shows the requests 
 understood by
 .IR lpd .
diff --git a/usr.sbin/lpr/SMM.doc/3.t b/usr.sbin/lpr/SMM.doc/3.t
index 9fa0c94581f..0b1ea2d5973 100644
--- a/usr.sbin/lpr/SMM.doc/3.t
+++ b/usr.sbin/lpr/SMM.doc/3.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 3.t,v 1.2 1997/01/17 15:54:16 millert Exp $
+.\" $OpenBSD: 3.t,v 1.3 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -42,34 +42,26 @@ remove files other than their own.
 The strategy used to maintain protected
 spooling areas is as follows:
 .IP \(bu 3
-The spooling area is writable only by a \fIdaemon\fP user
-and \fIdaemon\fP group.
+The spooling area is writable only by \fIroot\fP and
+and the \fIdaemon\fP group.
 .IP \(bu 3
-The \fIlpr\fP program runs set-user-id to \fIroot\fP and
-set-group-id to group \fIdaemon\fP.  The \fIroot\fP access permits
-reading any file required. Accessibility is verified
-with an \fIaccess\fP\|(2) call.  The group ID
-is used in setting up proper ownership of files
-in the spooling area for \fIlprm\fP.
+The \fIlpr\fP program runs set-user-id to user \fIdaemon\fP and
+set-group-id to group \fIdaemon\fP.
 .IP \(bu 3
-Control files in a spooling area are made with \fIdaemon\fP
+The utility programs,
+\fIlpc\fP, \fIlpq\fP and \fIlprm\fP run set-group-id to group \fIdaemon\fP
+to access spool files.
+.IP \(bu 3
+Control and data files in a spooling area are made with \fIdaemon\fP
 ownership and group ownership \fIdaemon\fP.  Their mode is 0660.
-This insures control files are not modified by a user
+This ensures control files are not modified by a user
 and that no user can remove files except through \fIlprm\fP.
 .IP \(bu 3
-The spooling programs,
-\fIlpd\fP, \fIlpq\fP, and \fIlprm\fP run set-user-id to \fIroot\fP
-and set-group-id to group \fIdaemon\fP to access spool files and printers.
-.IP \(bu 3
-The printer server, \fIlpd\fP,
-uses the same verification procedures as \fIrshd\fP\|(8C)
-in authenticating remote clients.  The host on which a client
-resides must be present in the file /etc/hosts.equiv or /etc/hosts.lpd and
-the request message must come from a reserved port number.
-.PP
-In practice, none of \fIlpd\fP, \fIlpq\fP, or
-\fIlprm\fP would have to run as user \fIroot\fP if remote
-spooling were not supported.  In previous incarnations of
-the printer system \fIlpd\fP ran set-user-id to \fIdaemon\fP,
-set-group-id to group \fIspooling\fP, and \fIlpq\fP and \fIlprm\fP ran
-set-group-id to group \fIspooling\fP.
+The printer server, \fIlpd\fP, runs as \fIroot\fP but spends most
+of its time with the effective user-id set to \fIdaemon\fP and the
+effective group-id set to \fIdaemon\fP.  As a result, spool files
+it creates belong to user and group \fIdaemon\fP.  \fILpd\fP uses
+the same verification procedures as \fIrshd\fP\|(8) in authenticating
+remote clients.  The host on which a client resides must be present
+in the file /etc/hosts.equiv or /etc/hosts.lpd and the request
+message must come from a reserved port number.
diff --git a/usr.sbin/lpr/SMM.doc/4.t b/usr.sbin/lpr/SMM.doc/4.t
index 61f50513ca2..ac25492a897 100644
--- a/usr.sbin/lpr/SMM.doc/4.t
+++ b/usr.sbin/lpr/SMM.doc/4.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 4.t,v 1.3 2002/05/18 23:03:04 millert Exp $
+.\" $OpenBSD: 4.t,v 1.4 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -36,10 +36,10 @@
 .NH 1
 Setting up
 .PP
-The 4.3BSD release comes with the necessary programs 
+OpenBSD comes with the necessary programs 
 installed and with the default line printer queue
 created.  If the system must be modified, the
-makefile in the directory /usr/src/usr.sbin/lpr
+Makefile in the directory /usr/src/usr.sbin/lpr
 should be used in recompiling and reinstalling
 the necessary programs.
 .PP
@@ -65,11 +65,11 @@ Printers on serial lines
 When a printer is connected via a serial communication line
 it must have the proper baud rate and terminal modes set.
 The following example is for a DecWriter III printer connected
-locally via a 1200 baud serial line.
+locally via a 9600 baud serial line.
 .DS
 .DT
 lp|LA-180 DecWriter III:\e
-	:lp=/dev/lp:br#1200:fs#06320:\e
+	:lp=/dev/lp:br#9600:ms=onlcr,oxtabs,-parity:\e
 	:tr=\ef:of=/usr/libexec/lpr/lpf:lf=/var/log/lpd-errs:
 .DE
 The
@@ -79,8 +79,9 @@ be left out since ``/dev/lp'' is the default.
 The
 .B br
 entry sets the baud rate for the tty line and the
-.B fs
-entry sets CRMOD, no parity, and XTABS (see \fItty\fP\|(4)).
+.B ms
+entry sets NL to CR-NL mapping, expansion of tabs to spaces,
+and disables parity (see \fIstty\fP\|(1)).
 The
 .B tr
 entry indicates that a form-feed should be printed when the queue
@@ -162,7 +163,7 @@ used in printing \fItroff\fP\|(1) output.
 This filter is needed to set the device into print mode
 for text, and plot mode for printing
 .I troff
-files and raster images (see \fIva\fP\|(4V)).
+files and raster images (see \fIva\fP\|(4)).
 Note that the page length is set to 58 lines by the
 .B pl
 entry for 8.5" by 11" fan-fold paper.
diff --git a/usr.sbin/lpr/SMM.doc/5.t b/usr.sbin/lpr/SMM.doc/5.t
index 213eac8d3a5..baa639c0e08 100644
--- a/usr.sbin/lpr/SMM.doc/5.t
+++ b/usr.sbin/lpr/SMM.doc/5.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 5.t,v 1.2 1997/01/17 15:54:17 millert Exp $
+.\" $OpenBSD: 5.t,v 1.3 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -36,7 +36,7 @@
 .NH 1
 Output filter specifications
 .PP
-The filters supplied with 4.3BSD
+The filters supplied with OpenBSD
 handle printing and accounting for most common
 line printers, the Benson-Varian, the wide (36") and
 narrow (11") Versatec printer/plotters. For other devices or accounting
diff --git a/usr.sbin/lpr/SMM.doc/6.t b/usr.sbin/lpr/SMM.doc/6.t
index 22f24347feb..bac580f19f8 100644
--- a/usr.sbin/lpr/SMM.doc/6.t
+++ b/usr.sbin/lpr/SMM.doc/6.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 6.t,v 1.2 1997/01/17 15:54:18 millert Exp $
+.\" $OpenBSD: 6.t,v 1.3 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -94,3 +94,13 @@ places jobs at the top of a printer queue.  This can be used
 to reorder high priority jobs since
 .I lpr
 only provides first-come-first-serve ordering of jobs.
+.LP
+\fBup\fP and \fBdown\fP
+.IP
+\fIUp\fP and \fIdown\fP combine the functionality of \fIenable\fP
+and \fIstart\fP with \fIstart\fP and \fIstop\fP.  \fIUp\fP is
+equivalent to issuing the \fIstart\fP and \fIenable\fP commands,
+whereas \fIdown\fP is equivalent to issuing the \fIstop\fP and
+\fIdisable\fP commands.  \fIDown\fP also takes an optional message
+that will be written to the printer's status file.  This allows the
+administrator to indicate to users why the printer is out of service.
diff --git a/usr.sbin/lpr/SMM.doc/7.t b/usr.sbin/lpr/SMM.doc/7.t
index f7a85808285..2e83cd5f2e8 100644
--- a/usr.sbin/lpr/SMM.doc/7.t
+++ b/usr.sbin/lpr/SMM.doc/7.t
@@ -1,4 +1,4 @@
-.\" $OpenBSD: 7.t,v 1.3 2002/05/18 23:03:04 millert Exp $
+.\" $OpenBSD: 7.t,v 1.4 2002/06/08 01:53:43 millert Exp $
 .\"
 .\" Copyright (c) 1983, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -74,7 +74,7 @@ Usually it is enough to get a super-user to type the following to
 restart
 .IR lpd .
 .DS
-% /usr/lib/lpd
+% /usr/sbin/lpd
 .DE
 You can also check the state of the master printer daemon with the following.
 .DS
@@ -83,10 +83,10 @@ You can also check the state of the master printer daemon with the following.
 .IP
 Another possibility is that the
 .I lpr
-program is not set-user-id to \fIroot\fP, set-group-id to group \fIdaemon\fP.
+program is not set-user-id to \fIdaemon\fP, set-group-id to group \fIdaemon\fP.
 This can be checked with
 .DS
-% ls \-lg /usr/bin/lpr
+% ls \-l /usr/bin/lpr
 .DE
 .SH
 lpr: \fIprinter\fP\|: printer queue is disabled
diff --git a/usr.sbin/lpr/SMM.doc/spell.ok b/usr.sbin/lpr/SMM.doc/spell.ok
index bf31319943d..c7120549b5f 100644
--- a/usr.sbin/lpr/SMM.doc/spell.ok
+++ b/usr.sbin/lpr/SMM.doc/spell.ok
@@ -34,7 +34,7 @@ lpd.lock
 lpf
 lpf:lf
 lprgroup
-makefile
+Makefile
 mx
 offline
 pl