ConfigurationFiles

PyKota relies on two configuration files, named pykota.conf and pykotadmin.conf. These files must be placed into the home directory of system user pykota, usually /etc/pykota. The permissions set on this directory and these files will determine who can use PyKota and how.

One thing you'll have to remember is that anyone who has read access to pykotadmin.conf is considered to be a PyKota Administrator, and as such, can use any option of any PyKota command line tool. This is why you have to be absolutely careful about not giving any access to this file to students for example.

Usually, pykotadmin.conf will contain the database username (or LDAP dn) and password needed to access to PyKota's datas in read+write mode. Although as we'll see later on, this file can also point PyKota to a database which is different than the one used by all users who can not read pykotadmin.conf but can read pykota.conf.

The other file, pykota.conf will contain all non-database related configuration settings for PyKota, plus the database username (or LDAP dn) and password needed to access to PyKota's datas in readonly mode. So giving access to it to end users is usually no big deal, unless you don't want them to be able to see other users' account balance or quota information. The recommended way however is to protect both pykota.conf and pykotadmin.conf from regular users.

Setting secure permissions :

$ chown -R pykota.pykota ~pykota

$ chmod 600 ~pykota/pykotadmin.conf

$ chmod 640 ~pykota/pykota.conf

Depending on your operating system, you might want to do this instead :

$ chown -R pykota.lpadmin ~pykota

$ chmod 640 ~pykota/pykotadmin.conf ~pykota/pykota.conf

Because the user your printing system is run as MUST be able to read both pykota.conf and pykotadmin.conf to be able to update PyKota's database each time an user prints something.