How Xi-Text Uses File Permissions
Xi-Text operates as a system service with specific file ownership and permission requirements. The spooler daemon (spshed) and printer daemon (spd) must be able to read configuration, access spool files, and communicate through IPC mechanisms.
Correct permissions ensure:
- Scheduler can access job and printer data
- Users can submit and query jobs
- Security boundaries are maintained
- Accounting and logging function properly
Required User and Group
Spooler User : System user that owns Xi-Text processes and files : Default name: spooler : Must exist before installation
Spooler Group : Primary group for spooler user : Often same name: spooler : Used for group-level access control
Verify user exists:
bash
id spooler
Expected output:
uid=xxx(spooler) gid=xxx(spooler) groups=xxx(spooler)
Key Directories and Files
Spool Directory
Default location: /usr/spool/spd/
bash
drwxr-xr-x spooler spooler /usr/spool/spd/
Purpose: Working directory for active job data and system state
Contains:
- Job files (SP*, PF*, ER*)
- System state files (spshed_jfile, spshed_pfile)
- System log (spshed_reps)
- User permissions file (spufile)
- Memory-mapped files (if enabled)
Programs Directory
Default location: /usr/spool/progs/
bash
drwxr-xr-x spooler spooler /usr/spool/progs/
Purpose: Executables, configuration, and help files
Contains:
- Binary executables
- Message and help files (.help)
- Configuration file (Xitext-config)
- Printers directory
Printers Directory
Default location: /usr/spool/progs/printers/
bash
drwxr-xr-x spooler spooler /usr/spool/progs/printers/
Purpose: Printer definition directories
Contains subdirectories for each printer:
bash
drwxr-xr-x spooler spooler printers/ptr1/ drwxr-xr-x spooler spooler printers/ptr2/
Essential File Permissions
Spool Directory Files
Job files (SP, PF, ER*):**
bash
-rw------- spooler spooler SP0000123 -rw------- spooler spooler PF0000123 -rw------- spooler spooler ER0000123
- Permissions: 600 (owner read/write only)
- Security sensitive - contain user data
State files:
bash
-rw------- spooler spooler spshed_jfile -rw------- spooler spooler spshed_pfile -rw-r--r-- spooler spooler spshed_reps
- Job/printer state: 600 (owner only)
- Log file: 644 (readable by all for diagnostics)
User permissions:
bash
-rw-r--r-- spooler spooler spufile -rw-r--r-- spooler spooler sputmp
- Permissions: 644 (readable by all)
- Must be readable for permission checks
Memory-mapped files (if used):
bash
-rw------- spooler spooler spmm_jobi -rw------- spooler spooler spmm_jobd -rw------- spooler spooler spmm_ptrs -rw------- spooler spooler spmm_xfer
- Permissions: 600 (owner only)
Programs Directory Files
Executables:
bash
-rwxr-xr-x spooler spooler spshed -rwxr-xr-x spooler spooler spd -rwsr-xr-x spooler spooler spr -rwxr-xr-x spooler spooler spq
- Standard executables: 755 (executable by all)
- SUID programs: 4755 (spr, sqchange, etc.)
- Critical: Must have correct SUID permissions
- Enables users to submit jobs as themselves
Help and message files:
bash
-rw-r--r-- spooler spooler rest.help -rw-r--r-- spooler spooler spq.help -rw-r--r-- spooler spooler int-config
- Permissions: 644 (readable by all)
- Can be owned by other users, but must be readable
Configuration:
bash
-rw-r--r-- root root Xitext-config
- Permissions: 644 (readable by all)
- Often owned by root for system-wide settings
Printer Setup Files
Setup files:
bash
-rw-r--r-- spooler spooler printers/ptr1/default -rw-r--r-- spooler spooler printers/ptr1/a4 -rw-r--r-- spooler spooler printers/ptr1/.device
- Permissions: 644 (readable by all)
- Must be readable by spooler user
Alignment/help files:
bash
-rw-r--r-- spooler spooler printers/ptr1/.setpage -rw-r--r-- spooler spooler printers/ptr1/-Help
- Permissions: 644 (readable by all)
Checking Permissions
Quick Check Script
bash
#!/bin/bash
SPOOL_DIR="/usr/spool/spd"
PROGS_DIR="/usr/spool/progs"
echo "=== Spool Directory ==="
ls -ld ${SPOOL_DIR}
echo ""
echo "=== Key Spool Files ==="
ls -l ${SPOOL_DIR}/spshed_jfile 2>/dev/null || echo "spshed_jfile: not found"
ls -l ${SPOOL_DIR}/spshed_pfile 2>/dev/null || echo "spshed_pfile: not found"
ls -l ${SPOOL_DIR}/spshed_reps 2>/dev/null || echo "spshed_reps: not found"
ls -l ${SPOOL_DIR}/spufile 2>/dev/null || echo "spufile: not found"
echo ""
echo "=== Programs Directory ==="
ls -ld ${PROGS_DIR}
echo ""
echo "=== Key Executables ==="
ls -l ${PROGS_DIR}/spshed 2>/dev/null || echo "spshed: not found"
ls -l ${PROGS_DIR}/spd 2>/dev/null || echo "spd: not found"
ls -l ${PROGS_DIR}/spr 2>/dev/null || echo "spr: not found"
echo ""
echo "=== Printers Directory ==="
ls -ld ${PROGS_DIR}/printers 2>/dev/null || echo "printers: not found"
Individual File Checks
bash
# Check spool directory ls -la /usr/spool/spd/ # Check key files specifically ls -l /usr/spool/spd/spshed_jfile ls -l /usr/spool/spd/spshed_pfile ls -l /usr/spool/spd/spshed_reps # Check executables ls -l /usr/spool/progs/spshed ls -l /usr/spool/progs/spr # Check file sizes (zero-size indicates problems) du -h /usr/spool/spd/spshed_* # Verify your user context whoami groups
Fixing Permission Problems
⚠️ WARNING: Stop scheduler before fixing critical file permissions
bash
# Stop Xi-Text sstop -y
Fix Spool Directory
bash
# Directory ownership and permissions chown spooler:spooler /usr/spool/spd chmod 755 /usr/spool/spd # State files chown spooler:spooler /usr/spool/spd/spshed_jfile chown spooler:spooler /usr/spool/spd/spshed_pfile chmod 600 /usr/spool/spd/spshed_jfile chmod 600 /usr/spool/spd/spshed_pfile # Log file (readable by all) chown spooler:spooler /usr/spool/spd/spshed_reps chmod 644 /usr/spool/spd/spshed_reps # User permissions file chown spooler:spooler /usr/spool/spd/spufile chmod 644 /usr/spool/spd/spufile # Job files (if present) chown spooler:spooler /usr/spool/spd/SP* chmod 600 /usr/spool/spd/SP*
Fix Programs Directory
bash
# Directory chown spooler:spooler /usr/spool/progs chmod 755 /usr/spool/progs # Standard executables chown spooler:spooler /usr/spool/progs/spshed chown spooler:spooler /usr/spool/progs/spd chmod 755 /usr/spool/progs/spshed chmod 755 /usr/spool/progs/spd # SUID executables chown spooler:spooler /usr/spool/progs/spr chmod 4755 /usr/spool/progs/spr # Help files chown spooler:spooler /usr/spool/progs/*.help chmod 644 /usr/spool/progs/*.help
Fix Printers Directory
bash
# Main directory
chown spooler:spooler /usr/spool/progs/printers
chmod 755 /usr/spool/progs/printers
# Printer subdirectories
for pdir in /usr/spool/progs/printers/*/; do
chown -R spooler:spooler "$pdir"
chmod 755 "$pdir"
chmod 644 "$pdir"/*
done
Restart Xi-Text
bash
# After fixing permissions sstart
Symptoms of Permission Problems
Cannot Submit Jobs
Symptom: spr returns "permission denied"
Possible causes:
- spr missing SUID bit
- Spool directory not writable by spooler user
- Job files cannot be created
Check:
bash
ls -l /usr/spool/progs/spr ls -ld /usr/spool/spd
Cannot View Queue
Symptom: spq shows empty or "cannot access"
Possible causes:
- State files not readable
- User permissions file not accessible
Check:
bash
ls -l /usr/spool/spd/spshed_jfile ls -l /usr/spool/spd/spufile
Scheduler Won't Start
Symptom: sstart fails or spshed exits immediately
Possible causes:
- Cannot write to spool directory
- Cannot access IPC resources
- Executable permissions incorrect
Check:
bash
ls -l /usr/spool/progs/spshed ls -ld /usr/spool/spd tail -20 /usr/spool/spd/spshed_reps
Jobs Submitted But Don't Print
Symptom: Jobs appear in queue but never print
Possible causes:
- Printer setup files not readable
- Device files not accessible
- Daemon cannot execute printer scripts
Check:
bash
ls -l /usr/spool/progs/printers/ptr1/* ls -l /dev/lp0 # or appropriate device
Device File Permissions
Printer device files must be accessible to spooler user:
bash
# Serial port ls -l /dev/ttyS0 # Should allow read/write for spooler # Parallel port ls -l /dev/lp0 # Network devices typically don't need special permissions
Fix Device Permissions
bash
# Add spooler to appropriate group usermod -a -G dialout spooler # For serial ports usermod -a -G lp spooler # For parallel ports # Or make device readable/writable chmod 660 /dev/ttyS0 chown root:spooler /dev/ttyS0
Security Considerations
SUID Programs
Several Xi-Text programs must run SUID to function:
- spr - Submit jobs as user
- sqchange - Modify jobs
- sqdel - Delete jobs
Critical security requirement: These files must:
- Be owned by spooler user
- Have SUID bit set (4755)
- Not be modifiable by regular users
Never:
- Change ownership to root
- Remove SUID bit
- Make world-writable
Spool File Security
Job files contain user data and should be:
- Owned by spooler
- Mode 600 (not readable by others)
- Stored in protected directory
Configuration File Security
System configuration can be restricted:
bash
# Make config readable only by root and spooler chown root:spooler /usr/spool/progs/Xitext-config chmod 640 /usr/spool/progs/Xitext-config
Zero-Size Files
Zero-size spool files indicate write failures:
bash
# Check file sizes ls -lh /usr/spool/spd/spshed_jfile ls -lh /usr/spool/spd/spshed_pfile
Causes:
- Permission prevented write
- Disk full
- Filesystem corruption
- Scheduler crash during write
Recovery:
- Stop scheduler
- Fix underlying issue
- Remove zero-size files (they're unusable)
- Restart scheduler (recreates files)
Alternative Spool Locations
If using non-default spool directory:
bash
# Set in environment or config SPOOLDIR=/custom/spool/location export SPOOLDIR
Apply same permission requirements to custom location.
Related Articles
- Checking the System Log File - Diagnosing permission errors
- IPC Resource Management - IPC permission issues
- Checking File and Directory Permissions (Xi-Batch) - Similar concepts for Xi-Batch
Documentation Reference
For complete file structure details, see:
- Xi-Text Administration Guide, Chapter: Files Used by Xi-Text
- Xi-Text Administration Guide, Chapter: Ownership and Permissions