Bug#762981: The first user should be a member of the lpadmin group
[David Prévot]
> In order to be able to actually administrate the printers (CUPS),
> the first user has to be added to the lpadmin group. It would be
> nice if that was done by default (on tjener, where CUPS is
> installed).
Note, the first user exist only in LDAP and Kerberos, while the
lpadmin group is a local group in /etc/group on each individual
machine.
We strive in Debian Edu to control access and privileges using LDAP
groups, to ensure that changes done in LDAP take effect on every
relvant machine in the Debian Edu network. If a new admin show up,
the user is added to the appropriate LDAP group and the user become an
admin on each machine.
The first user get all its privileges because it is a member of the
LDAP group granting privileges, not because it is the first user. If
the first user leave the school and another person take over the
administrative role, it is enough to update the group membership in
LDAP for this to take effect on the entire installation. We should
look for a way to get the same effect for CUPS administration.
--
Happy hacking
Petter Reinholdtsen
Reply to: