[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help Needed Adding Printer

On Sunday 10 February 2002 01:28 pm, you wrote:
> >
> > given that he can't login to cups admin with the root
> > password,itseemsthat should be properly investigated and resolved before
> > adding any otheruserto any other group. if no solution emerges, he'd be
> > betteroffreinstallingcups and going through the setup process with the
> > current problem in mind. it's really not in the system's interest to have
> > a package running that doesn't comply with the rules of operation to
> > which it shouldadhere,especiallywhen root privileges are involved.
> You may be right.  I'm a CUPS novice, not expert.  But, from somewhere, I
> had concluded that noone, not even root, would be allowed by CUPS to admin
> CUPS until their user name had been added to the lpadmin group.
> I'd love to know if that's true or not, for myself. Do you factually know
> if my previous suggestion/statement is true or false?
> Have you set CUPS up?
> (If true, currently, then maybe the Debian CUPS installer should add root
> to the lpadmin group as part of the CUPS install procedure?)

first off, before i forget to mention it, please don't cc to me. rather, keep 
it on the list. 

it's my understanding that group lpadmin is created by the installation of 
cups, with root as the only default member. 

in this case, where root suddenly no longer has access to cups, some part of 
the cups installation has obviously been somehow compromised. given that, it 
makes no sense whatsoever to enable another user access to a process that 
refuses root access before the reason or cause for that refusal is 

if group lpadmin no longer recognizes its only user, then what might else be 
going on? lpadmin belongs to root and suddenly rejects root? that's like 
arriving home to find to find you suddenly can't open the door of some room 
in your house. it warrants investigation before you hand out any more house 
keys. in this case, since the disfunctional process, cups, and all it 
entails, can be removed and reinstalled, that provides a quick fix that is 
far more amenable to maintaining the security of the system than to give a 
non-root user root privileges to a process that is known to be compromised. 
it might also be advisable to remove the group lpadmin before the 

as for the statement that no-one can admin cups until their name has been 
added to cups, yes, that's true. i don't see where that statement was set in 
doubt in any part of this discussion. and to the question have i set up cups, 
the answer is yes.

Reply to: