[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1006468: marked as done (cups: misleading documentation regarding root login credentials)

Your message dated Sun, 14 Aug 2022 18:14:30 +0100
with message-id <14082022180719.859cd35405a7@desktop.copernicus.org.uk>
and subject line Re: Bug#1006468: cups: misleading documentation regarding root login credentials
has caused the Debian Bug report #1006468,
regarding cups: misleading documentation regarding root login credentials
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1006468: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006468
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: cups
Version: 2.4.1op1-1
Severity: normal

Hello,

On a fresh CUPS install, I logged into the web interface as root to add
a printer, and was denied with a 401 Forbidden error. The problem seems
to be that root is not a member of a group in @SYSTEM (which by default
only includes lpadmin). I understand that Debian has decided that this
is not a bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616718

but Debian's documentation seems quite misleading and inconsistent on
this point.

README.Debian states:

'Administration' is where you need to be to set up a local print queue.
At some point you will be required to authenticate. A User Name of 'root'
and root's password is always acceptable. Any other user must be a member
of the lpadmin group.

This clearly indicates that root does *not* need to be a member of the
lpadmin group.

OTOH, 'man cupsd.conf' is more accurate:

Note: The 'root'  user  is  not special and must be granted privileges
like any other user account.

I suggest that the language of the README be modified to resemble that
of the man page.

-- System Information:
Debian Release: bookworm/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.16.0-2-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cups depends on:
ii  cups-client            2.4.1op1-1
ii  cups-common            2.4.1op1-1
ii  cups-core-drivers      2.4.1op1-1
ii  cups-daemon            2.4.1op1-1
ii  cups-filters           1.28.12-1
ii  cups-ppdc              2.4.1op1-1
ii  cups-server-common     2.4.1op1-1
ii  debconf [debconf-2.0]  1.5.79
ii  ghostscript            9.55.0~dfsg-3
ii  libavahi-client3       0.8-5
ii  libavahi-common3       0.8-5
ii  libc6                  2.33-7
ii  libcups2               2.4.1op1-1
ii  libgcc-s1              12-20220222-1
ii  libstdc++6             12-20220222-1
ii  libusb-1.0-0           2:1.0.25-1
ii  poppler-utils          20.09.0-3.1
ii  procps                 2:3.3.17-6

Versions of packages cups recommends:
ii  avahi-daemon  0.8-5
ii  colord        1.4.6-1

Versions of packages cups suggests:
pn  cups-bsd                                   <none>
pn  cups-pdf                                   <none>
pn  foomatic-db-compressed-ppds | foomatic-db  <none>
pn  smbclient                                  <none>
ii  udev                                       250.3-2

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
tags 1006468 - patch
thanks



On Sat 05 Mar 2022 at 18:37:18 +0000, Brian Potkin wrote:

> tags 1006468 patch
> thanks
> 
> 
> 
> On Fri 25 Feb 2022 at 17:02:06 -0500, Celejar wrote:
> 
> > Package: cups
> > Version: 2.4.1op1-1
> > Severity: normal
> > 
> > Hello,
> 
> Thank you for your report, Celejar.
>  
> > On a fresh CUPS install, I logged into the web interface as root to add
> > a printer, and was denied with a 401 Forbidden error. The problem seems
> > to be that root is not a member of a group in @SYSTEM (which by default
> > only includes lpadmin). I understand that Debian has decided that this
> > is not a bug:
> > 
> > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616718
> > 
> > but Debian's documentation seems quite misleading and inconsistent on
> > this point.
> > 
> > README.Debian states:
> > 
> > 'Administration' is where you need to be to set up a local print queue.
> > At some point you will be required to authenticate. A User Name of 'root'
> > and root's password is always acceptable. Any other user must be a member
> > of the lpadmin group.
> > 
> > This clearly indicates that root does *not* need to be a member of the
> > lpadmin group.
> 
> This is an accurate reflection of the situation for Debian distributions
> up to and including bullseye. It is not the case on bookworm with cups
> 2.4.1op1-1. Please see #1006727:
> 
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006727
>  
> > OTOH, 'man cupsd.conf' is more accurate:
> > 
> > Note: The 'root'  user  is  not special and must be granted privileges
> > like any other user account.
> > 
> > I suggest that the language of the README be modified to resemble that
> > of the man page.
> 
> The thrust of the README is to point out that a user needs to be a
> member of the lpadmin group, so a possible documentation change is:
> 
>   'Administration' is where a user needs to be to set up a local print
>    queue. At some point authentication will be required. For this to
>    be successful the user must be a member of the lpadmin group.
> 
> The assumption here is that "SystemGroup root lpadmin" is implemented.

The latter has taken place and, on reflection, the documentation is
accurate. Hence closing.

Cheers,

Brian.

--- End Message ---
Reply to: