--- Begin Message ---
Package: cupsys
Version: 1.2.1-2
Severity: important
The cups web interface (:631/admin), has a server section with the
following checkboxes:
x Show printers shared by other systems
Share published printers connected to this system
Allow remote administration
Allow users to cancel any job (not just their own)
x Save debugging information for troubleshooting
I put an 'x' in the "Share published printers connected to this system"
and clicked on "Change Settings". It then rewrote cupsd.conf and
reloaded cupsd.
This is where the problems began:
- the interface doesn't respect the Include directives in cupsd.conf
+ when reading the config, browsing was already on
+ when writing the config, it writes bits that are included into
cupsd.conf
- it totally screwed my network and authorisation configuration; I
had set it up for remote admin, but it disabled it all...
I've attached the configuration before and after the change.
Regards,
Roger
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.17
Locale: LANG=en_GB.UTF8, LC_CTYPE=en_GB.UTF8 (charmap=UTF-8)
Versions of packages cupsys depends on:
ii adduser 3.87 Add and remove users and groups
ii cdebconf [debconf-2.0] 0.102 Debian Configuration Management Sy
ii debconf [debconf-2.0] 1.5.1 Debian configuration management sy
ii gs-esp 8.15.1.dfsg.1-2 The Ghostscript PostScript interpr
ii libc6 2.3.6-15 GNU C Library: Shared libraries
ii libcupsimage2 1.2.1-2 Common UNIX Printing System(tm) -
ii libcupsys2 1.2.1-2 Common UNIX Printing System(tm) -
ii libdbus-1-2 0.61-6 simple interprocess messaging syst
ii libgnutls13 1.3.5-1.1 the GNU TLS library - runtime libr
ii libldap2 2.1.30-13 OpenLDAP libraries
ii libpam0g 0.79-3.1 Pluggable Authentication Modules l
ii libpaper1 1.1.18 Library for handling paper charact
ii libslp1 1.2.1-5 OpenSLP libraries
ii lsb-base 3.1-10 Linux Standard Base 3.1 init scrip
ii patch 2.5.9-4 Apply a diff file to an original
ii perl-modules 5.8.8-5 Core Perl modules
ii poppler-utils [xpdf-util 0.4.5-4 PDF utilitites (based on libpopple
ii procps 1:3.2.6-2.2 /proc file system utilities
ii zlib1g 1:1.2.3-11 compression library - runtime
Versions of packages cupsys recommends:
ii cupsys-client 1.2.1-2 Common UNIX Printing System(tm) -
ii foomatic-filters 3.0.2-20060530-1 linuxprinting.org printer support
pn smbclient <none> (no description available)
-- debconf information:
* cupsys/raw-print: false
* cupsys/ports: 631
* cupsys/backend: ipp, lpd, socket, usb
cupsys/portserror:
* cupsys/browse: true
Browsing on
Listen /var/run/cups/cups.sock
Listen localhost:631
Listen liet.home.whinlatter.ukfsn.org:631
#
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler. See "man cupsd.conf" for a complete description of this
# file.
#
# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel debug
# Administrator user group...
SystemGroup lpadmin
# Only listen for connections from the local machine.
# These settings are configured in /etc/cups/cups.d/ports.conf so that
# changing them does not require to change this file.
# Listen localhost:631
# Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
# The 'Browsing' setting is configured in /etc/cups/cups.d/browse.conf
# so that changing it does not require to change this file.
# Browsing Off
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Restrict access to the server...
<Location />
Order allow,deny
Allow localhost
Allow .home.whinlatter.ukfsn.org
Allow @IF(eth0)
# AuthType None
</Location>
# Restrict access to the admin pages...
<Location /admin>
Encryption Required
Order allow,deny
Allow localhost
Allow @IF(eth0)
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow localhost
Allow @IF(eth0)
</Location>
# Set the default printer/job policies...
<Policy default>
# Job-related operations must be done by the owner or an adminstrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an adminstrator to authenticate...
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
# Include files in /etc/cups/conf.d
Include /etc/cups/cups.d/ports.conf
Include /etc/cups/cups.d/browse.conf
#
#
# Show troubleshooting information in error_log.
LogLevel debug
SystemGroup lpadmin
# Enable printer sharing and shared printers.
Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
DefaultAuthType Basic
<Location />
# Allow shared printing...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Encryption Required
# Restrict access to the admin pages...
Order allow,deny
Allow localhost
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
# Restrict access to the configuration files...
Order allow,deny
Allow localhost
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel a job...
<Limit Cancel-Job>
Order deny,allow
Require user @OWNER @SYSTEM
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
Include /etc/cups/cups.d/ports.conf
Include /etc/cups/cups.d/browse.conf
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
--- /tmp/cupsd.conf.orig 2006-06-11 11:26:32.000000000 +0100
+++ /tmp/cupsd.conf.new 2006-06-11 11:26:52.000000000 +0100
@@ -1,89 +1,55 @@
-#
-#
-# Sample configuration file for the Common UNIX Printing System (CUPS)
-# scheduler. See "man cupsd.conf" for a complete description of this
-# file.
-#
-
-# Log general information in error_log - change "info" to "debug" for
-# troubleshooting...
+# Show troubleshooting information in error_log.
LogLevel debug
-
-# Administrator user group...
SystemGroup lpadmin
-
-# Only listen for connections from the local machine.
-# These settings are configured in /etc/cups/cups.d/ports.conf so that
-# changing them does not require to change this file.
-# Listen localhost:631
-# Listen /var/run/cups/cups.sock
-
-# Show shared printers on the local network.
-# The 'Browsing' setting is configured in /etc/cups/cups.d/browse.conf
-# so that changing it does not require to change this file.
-# Browsing Off
+# Enable printer sharing and shared printers.
+Browsing On
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
-
-# Default authentication type, when authentication is required...
DefaultAuthType Basic
-
-# Restrict access to the server...
<Location />
+ # Allow shared printing...
Order allow,deny
- Allow localhost
- Allow .home.whinlatter.ukfsn.org
- Allow @IF(eth0)
-# AuthType None
+ Allow @LOCAL
</Location>
-
-# Restrict access to the admin pages...
<Location /admin>
Encryption Required
+ # Restrict access to the admin pages...
Order allow,deny
Allow localhost
- Allow @IF(eth0)
</Location>
-
-# Restrict access to configuration files...
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
+ # Restrict access to the configuration files...
Order allow,deny
Allow localhost
- Allow @IF(eth0)
</Location>
-
-# Set the default printer/job policies...
<Policy default>
- # Job-related operations must be done by the owner or an adminstrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
-
- # All administration operations require an adminstrator to authenticate...
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
-
- # Only the owner or an administrator can cancel or authenticate a job...
- <Limit Cancel-Job CUPS-Authenticate-Job>
+ <Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
-
+ # Only the owner or an administrator can cancel a job...
+ <Limit Cancel-Job>
+ Order deny,allow
+ Require user @OWNER @SYSTEM
+ </Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
-
-# Include files in /etc/cups/conf.d
Include /etc/cups/cups.d/ports.conf
Include /etc/cups/cups.d/browse.conf
-
-#
-#
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
--- End Message ---
--- Begin Message ---
Source: cupsys
Source-Version: 1.2.1-3
We believe that the bug you reported is fixed in the latest version of
cupsys, which is due to be installed in the Debian FTP archive:
cupsys-bsd_1.2.1-3_i386.deb
to pool/main/c/cupsys/cupsys-bsd_1.2.1-3_i386.deb
cupsys-client_1.2.1-3_i386.deb
to pool/main/c/cupsys/cupsys-client_1.2.1-3_i386.deb
cupsys_1.2.1-3.diff.gz
to pool/main/c/cupsys/cupsys_1.2.1-3.diff.gz
cupsys_1.2.1-3.dsc
to pool/main/c/cupsys/cupsys_1.2.1-3.dsc
cupsys_1.2.1-3_i386.deb
to pool/main/c/cupsys/cupsys_1.2.1-3_i386.deb
libcupsimage2-dev_1.2.1-3_i386.deb
to pool/main/c/cupsys/libcupsimage2-dev_1.2.1-3_i386.deb
libcupsimage2_1.2.1-3_i386.deb
to pool/main/c/cupsys/libcupsimage2_1.2.1-3_i386.deb
libcupsys2-dev_1.2.1-3_i386.deb
to pool/main/c/cupsys/libcupsys2-dev_1.2.1-3_i386.deb
libcupsys2-gnutls10_1.2.1-3_all.deb
to pool/main/c/cupsys/libcupsys2-gnutls10_1.2.1-3_all.deb
libcupsys2_1.2.1-3_i386.deb
to pool/main/c/cupsys/libcupsys2_1.2.1-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 372727@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kenshi Muto <kmuto@debian.org> (supplier of updated cupsys package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 11 Jun 2006 11:51:01 +0000
Source: cupsys
Binary: cupsys-bsd libcupsys2-dev cupsys libcupsys2 libcupsys2-gnutls10 libcupsimage2-dev libcupsimage2 cupsys-client
Architecture: source i386 all
Version: 1.2.1-3
Distribution: unstable
Urgency: low
Maintainer: Debian CUPS Maintainers <pkg-cups-devel@lists.alioth.debian.org>
Changed-By: Kenshi Muto <kmuto@debian.org>
Description:
cupsys - Common UNIX Printing System(tm) - server
cupsys-bsd - Common UNIX Printing System(tm) - BSD commands
cupsys-client - Common UNIX Printing System(tm) - client programs (SysV)
libcupsimage2 - Common UNIX Printing System(tm) - image libs
libcupsimage2-dev - Common UNIX Printing System(tm) - image development files
libcupsys2 - Common UNIX Printing System(tm) - libs
libcupsys2-dev - Common UNIX Printing System(tm) - development files
libcupsys2-gnutls10 - Common UNIX Printing System(tm) - dummy libs for transition
Closes: 345973 365300 370611 371170 372198 372256 372291 372586 372696 372714 372727 373722 373839
Changes:
cupsys (1.2.1-3) unstable; urgency=low
.
[Kenshi Muto]
* Apply upstream svn change r5673.
- Remove unnecessary %s from dirsvc.c and will solve a mysterious
cupsd crash. Thanks Neil. (closes: #372696, #370611)
- Support again * character as IP address. (closes: #372291)
- Fixes wrong command line arguments to backend. (closes: #372586, #373839)
* Improve the wording of NEWS file, thanks Tomas (closes: #372256)
* 53_usr_share_ppd_support: Use /usr/share/ppd as PPD path.
(closes: #365300, #373722)
Make symlink /usr/share/ppd/cups-transitional-dir -> /usr/share/cups/ppd
for keeping a compatibility. We'll migrate all of PPD files to
/usr/share/ppd in the future.
* Revert to use single /etc/cups/cupsd.conf file for the configuration
instead of using separate files in /etc/cups/cups.d. The migration will
be done automatically. (closes: #345973, #372727)
* Apply correct permission modes to the files under /etc/cups at postinst
stage.
* Update debconf translations:
- Danish (closes: #371170)
- French (closes: #372714)
- Italian (closes: #372198)
Files:
fb7a7d04b5e739a49ef360e74c142e4e 1045 net optional cupsys_1.2.1-3.dsc
79f8eebcbbc378ec8bff05b1fa25cba4 130917 net optional cupsys_1.2.1-3.diff.gz
018ffe16e54923a935d94008977e3047 26352 libs optional libcupsys2-gnutls10_1.2.1-3_all.deb
dc4a1dc1f7afe1c76670c60be5f5fcd2 149584 libs optional libcupsys2_1.2.1-3_i386.deb
0305aba58a113f2091de63d4b93e4284 67494 libs optional libcupsimage2_1.2.1-3_i386.deb
8bd7d76314398ce4483243d7d379d0f5 2189880 net optional cupsys_1.2.1-3_i386.deb
68c8746af9c2123d2ff989f4047e257e 79434 net optional cupsys-client_1.2.1-3_i386.deb
b759b92b1111c8a7953b1304df68c4ba 25724 libdevel optional libcupsys2-dev_1.2.1-3_i386.deb
e36529fbc12b34eb475969272bb60e5e 6084 libdevel optional libcupsimage2-dev_1.2.1-3_i386.deb
f86fae2991ac513bc4bbbea1ee56dcfc 35926 net extra cupsys-bsd_1.2.1-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iEYEARECAAYFAkSZX8gACgkQQKW+7XLQPLGNHwCePQv1aj7i+5OX/c8qsip40UHZ
YggAnAtlHaNlqMb4i/+9KZZVYw5w83yz
=xfEI
-----END PGP SIGNATURE-----
--- End Message ---