PyKota relies on two configuration files, named
These files must be placed into the home directory of system user
The permissions set on this directory and these files will determine who can use PyKota and how.
One thing you'll have to remember is that anyone who has read access to
pykotadmin.conf is considered to be a PyKota Administrator, and as such, can use any option of any PyKota command line tool. This is why you have
to be absolutely careful about not giving any access to this file to students for example.
pykotadmin.conf will contain the database username (or LDAP dn) and password needed to access to PyKota's datas in read+write mode. Although as we'll see later on, this file can also point PyKota to a database which is different than the one used by all users who can not read
pykotadmin.conf but can read
The other file,
pykota.conf will contain all non-database related configuration settings for PyKota, plus the database username (or LDAP dn) and password needed to access to PyKota's datas in readonly mode. So giving access to it to end users is usually no big deal, unless you don't want them to be able to see other users' account balance or quota information. The recommended way however is to
pykotadmin.conf from regular users.
Setting secure permissions :
$ chown -R pykota.pykota ~pykota
$ chmod 600 ~pykota/pykotadmin.conf
$ chmod 640 ~pykota/pykota.conf
Depending on your operating system, you might want to do this instead :
$ chown -R pykota.lpadmin ~pykota
$ chmod 640 ~pykota/pykotadmin.conf ~pykota/pykota.conf
Because the user your printing system is run as MUST be able to read both
pykotadmin.conf to be able to update PyKota's database each time an user prints something.