[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CUPS Admin (was Re: [Fwd: Re: No printing at all!])

On Fri, 2004-02-27 at 22:07, CW Harris wrote:
> On Fri, Feb 27, 2004 at 07:54:08PM +0000, Clive Menzies wrote:
> > On (27/02/04 13:00), Wolfgang Pfeiffer wrote:
> > > On Wed, 2004-02-25 at 19:18, Clive Menzies wrote:
> > > > On (25/02/04 17:23), Alisdair wrote:
> <snip>
> > > Here's the URL  for CUPS where the documentation for authentication
> > > stuff starts, IINM:
> > > 
> > > <http://localhost:631/sam.html#AuthClass>
> > > 
> > > And here's a
> > > /etc/cups/cupsd.conf
> > > that allows only users in group foo, on one machine with several users,
> > > to manage the CUPS printing system, and only after he or she provided
> > > their username/passwd ...
> > > 
> > > [ /etc/groups file ....
> > > adduser <user-login-name> foo
> > > ... login ... logout .. IIRC ]
> > > 
> > > I didn't test so far whether this also works on a network connected to
> > > some printer, but I'd believe it could work ... not being sure on that
> > > ..
> 
> As I understand, you can specify in cupsd.conf the network or hosts that
> are allowed to have admin privs.  (The "Allow From" directive).
> 
> > > 
> > > At least here on 
> > > http://localhost:631
> > > on a single machine with several users: after some initial tests it
> > > seems to work:
> > > 
> > > Here's the corresponding cupsd.conf:
> > > --------------------------- 
> > > LogLevel debug
> > > Printcap /var/run/cups/printcap
> > > <Location />
> > > Order Deny,Allow
> > > Deny From All
> > > Allow From 127.0.0.1
> > > </Location>
> > > <Location /admin>
> > > AuthType Basic
> > > AuthClass Group
> > > AuthGroupName foo
> > > Order Deny,Allow
> > > Deny From All
> > > Allow From 127.0.0.1
> 
> Here is where you can control where admin privs are allowed from.
> 
> > > </Location>
> > > ----------------------------------
> > > 
> > > So with this last cupsd.conf it seems you don't need to be root to
> > > change your CUPS settings and you can decide who of the users on a
> > > machine will be able to to change these settings ... 
> > > 
> > > I swear I love this crap, at least some times ..... :)
> 
> <grin>  Yeah. So many things are beautiful...when they are working
> right! </grin>
> 
> > > 
> > > PS:
> > > I'd 
> > > cp -r /etc/cups/ /path/to/other/directory/cups.working
> > > before changing some printer settings ... :)
> > > 
> > > HTH, too ...
> > > 
> > > Best Regards
> > > 
> > > Wolfgang
> > Hi Wolfgang
> > 
> > Thanks for this although I was responding to the OP who was having
> > trouble setting up printing.  Using the browser, as I understand it,
> > you are only configuring cups as the administrator if you login as root.
> 
> No. As he says, any user in group "foo".


yow ... and just in case someone might be interested: Here's a
/etc/cups/cupsd.conf
that should let everyone on a machine configure CUPS, without the need
to enter a passwd:

---------------------------------------
LogLevel debug
Printcap /var/run/cups/printcap
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
<Location /admin>
AuthType None
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
--------------------------------------

With the cupsd.conf above everyone should be able to acces
http://localhost:631/admin

This config *might* make sense if one is the only person having access
to a machine. 


> 
> > I wouldn't imagine that you could inadvertantly do anything really
> > dangerous from the browser except possibly screw up cups.

I'm extremely talented in destroying  settings on a computer by mistake
once I'm on X, even on console: That's why, while being root,  I try to
never login to X at least ... :)

> 
> Add/Change printers, classes, etc.  Yes, this is only cups
> administration.  (Maybe I don't understand "anything
> dangerous...except..cups").
> 
> > 
> > However, I do find it a pain to login as root just for this and so I
> > will add this to my growing list of tasks to conquer ;)
> 
> Yes, I /still/ just feel like I'm muddling through.  Started using cups
> because I thought it would magically work better with the MS crap.  Now
> I'm taking the plunge to Samba 3.x

   [ ... ]

I found Eric S. Raymond's Essay on CUPS from Feb. 27 this afternoon (E.S
Raymond is the author of fetchmail, sed and other stuff.):

"The Luxury of Ignorance: An Open-Source Horror Story"
<http://www.catb.org/~esr/writings/cups-horror.html>

Excerpt:
"I've just gone through the experience of trying to configure CUPS, the
Common Unix Printing System. It has proved a textbook lesson in why
nontechnical people run screaming from Unix. This is all the more
frustrating because the developers of CUPS have obviously tried hard to
produce an accessible system — but the best intentions and effort have
led to a system which despite its superficial pseudo-friendliness is so
undiscoverable that it might as well have been written in ancient
Sanskrit."

Enjoy ... :)

Best Regards
Wolfgang

PS: It's possible I made a mistake when writing in my previous posting I
had set Gnome to forbid root here to log in to X. I didn't have the time
so far to look at it ...

-- 
Profile, Links: http://profiles.yahoo.com/wolfgangpfeiffer
Reply to: