Re: CUPS Admin (was Re: [Fwd: Re: No printing at all!])
On Fri, 2004-02-27 at 22:07, CW Harris wrote:
> On Fri, Feb 27, 2004 at 07:54:08PM +0000, Clive Menzies wrote:
> > On (27/02/04 13:00), Wolfgang Pfeiffer wrote:
> > > On Wed, 2004-02-25 at 19:18, Clive Menzies wrote:
> > > > On (25/02/04 17:23), Alisdair wrote:
> <snip>
> > > Here's the URL for CUPS where the documentation for authentication
> > > stuff starts, IINM:
> > >
> > > <http://localhost:631/sam.html#AuthClass>
> > >
> > > And here's a
> > > /etc/cups/cupsd.conf
> > > that allows only users in group foo, on one machine with several users,
> > > to manage the CUPS printing system, and only after he or she provided
> > > their username/passwd ...
> > >
> > > [ /etc/groups file ....
> > > adduser <user-login-name> foo
> > > ... login ... logout .. IIRC ]
> > >
> > > I didn't test so far whether this also works on a network connected to
> > > some printer, but I'd believe it could work ... not being sure on that
> > > ..
>
> As I understand, you can specify in cupsd.conf the network or hosts that
> are allowed to have admin privs. (The "Allow From" directive).
>
> > >
> > > At least here on
> > > http://localhost:631
> > > on a single machine with several users: after some initial tests it
> > > seems to work:
> > >
> > > Here's the corresponding cupsd.conf:
> > > ---------------------------
> > > LogLevel debug
> > > Printcap /var/run/cups/printcap
> > > <Location />
> > > Order Deny,Allow
> > > Deny From All
> > > Allow From 127.0.0.1
> > > </Location>
> > > <Location /admin>
> > > AuthType Basic
> > > AuthClass Group
> > > AuthGroupName foo
> > > Order Deny,Allow
> > > Deny From All
> > > Allow From 127.0.0.1
>
> Here is where you can control where admin privs are allowed from.
>
> > > </Location>
> > > ----------------------------------
> > >
> > > So with this last cupsd.conf it seems you don't need to be root to
> > > change your CUPS settings and you can decide who of the users on a
> > > machine will be able to to change these settings ...
> > >
> > > I swear I love this crap, at least some times ..... :)
>
> <grin> Yeah. So many things are beautiful...when they are working
> right! </grin>
>
> > >
> > > PS:
> > > I'd
> > > cp -r /etc/cups/ /path/to/other/directory/cups.working
> > > before changing some printer settings ... :)
> > >
> > > HTH, too ...
> > >
> > > Best Regards
> > >
> > > Wolfgang
> > Hi Wolfgang
> >
> > Thanks for this although I was responding to the OP who was having
> > trouble setting up printing. Using the browser, as I understand it,
> > you are only configuring cups as the administrator if you login as root.
>
> No. As he says, any user in group "foo".
yow ... and just in case someone might be interested: Here's a
/etc/cups/cupsd.conf
that should let everyone on a machine configure CUPS, without the need
to enter a passwd:
---------------------------------------
LogLevel debug
Printcap /var/run/cups/printcap
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
<Location /admin>
AuthType None
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
--------------------------------------
With the cupsd.conf above everyone should be able to acces
http://localhost:631/admin
This config *might* make sense if one is the only person having access
to a machine.
>
> > I wouldn't imagine that you could inadvertantly do anything really
> > dangerous from the browser except possibly screw up cups.
I'm extremely talented in destroying settings on a computer by mistake
once I'm on X, even on console: That's why, while being root, I try to
never login to X at least ... :)
>
> Add/Change printers, classes, etc. Yes, this is only cups
> administration. (Maybe I don't understand "anything
> dangerous...except..cups").
>
> >
> > However, I do find it a pain to login as root just for this and so I
> > will add this to my growing list of tasks to conquer ;)
>
> Yes, I /still/ just feel like I'm muddling through. Started using cups
> because I thought it would magically work better with the MS crap. Now
> I'm taking the plunge to Samba 3.x
[ ... ]
I found Eric S. Raymond's Essay on CUPS from Feb. 27 this afternoon (E.S
Raymond is the author of fetchmail, sed and other stuff.):
"The Luxury of Ignorance: An Open-Source Horror Story"
<http://www.catb.org/~esr/writings/cups-horror.html>
Excerpt:
"I've just gone through the experience of trying to configure CUPS, the
Common Unix Printing System. It has proved a textbook lesson in why
nontechnical people run screaming from Unix. This is all the more
frustrating because the developers of CUPS have obviously tried hard to
produce an accessible system — but the best intentions and effort have
led to a system which despite its superficial pseudo-friendliness is so
undiscoverable that it might as well have been written in ancient
Sanskrit."
Enjoy ... :)
Best Regards
Wolfgang
PS: It's possible I made a mistake when writing in my previous posting I
had set Gnome to forbid root here to log in to X. I didn't have the time
so far to look at it ...
--
Profile, Links: http://profiles.yahoo.com/wolfgangpfeiffer
Reply to: