On Fri, 2004-02-27 at 22:07, CW Harris wrote: > On Fri, Feb 27, 2004 at 07:54:08PM +0000, Clive Menzies wrote: > > On (27/02/04 13:00), Wolfgang Pfeiffer wrote: > > > On Wed, 2004-02-25 at 19:18, Clive Menzies wrote: > > > > On (25/02/04 17:23), Alisdair wrote: > <snip> > > > Here's the URL for CUPS where the documentation for authentication > > > stuff starts, IINM: > > > > > > <http://localhost:631/sam.html#AuthClass> > > > > > > And here's a > > > /etc/cups/cupsd.conf > > > that allows only users in group foo, on one machine with several users, > > > to manage the CUPS printing system, and only after he or she provided > > > their username/passwd ... > > > > > > [ /etc/groups file .... > > > adduser <user-login-name> foo > > > ... login ... logout .. IIRC ] > > > > > > I didn't test so far whether this also works on a network connected to > > > some printer, but I'd believe it could work ... not being sure on that > > > .. > > As I understand, you can specify in cupsd.conf the network or hosts that > are allowed to have admin privs. (The "Allow From" directive). > > > > > > > At least here on > > > http://localhost:631 > > > on a single machine with several users: after some initial tests it > > > seems to work: > > > > > > Here's the corresponding cupsd.conf: > > > --------------------------- > > > LogLevel debug > > > Printcap /var/run/cups/printcap > > > <Location /> > > > Order Deny,Allow > > > Deny From All > > > Allow From 127.0.0.1 > > > </Location> > > > <Location /admin> > > > AuthType Basic > > > AuthClass Group > > > AuthGroupName foo > > > Order Deny,Allow > > > Deny From All > > > Allow From 127.0.0.1 > > Here is where you can control where admin privs are allowed from. > > > > </Location> > > > ---------------------------------- > > > > > > So with this last cupsd.conf it seems you don't need to be root to > > > change your CUPS settings and you can decide who of the users on a > > > machine will be able to to change these settings ... > > > > > > I swear I love this crap, at least some times ..... :) > > <grin> Yeah. So many things are beautiful...when they are working > right! </grin> > > > > > > > PS: > > > I'd > > > cp -r /etc/cups/ /path/to/other/directory/cups.working > > > before changing some printer settings ... :) > > > > > > HTH, too ... > > > > > > Best Regards > > > > > > Wolfgang > > Hi Wolfgang > > > > Thanks for this although I was responding to the OP who was having > > trouble setting up printing. Using the browser, as I understand it, > > you are only configuring cups as the administrator if you login as root. > > No. As he says, any user in group "foo".
yow ... and just in case someone might be interested: Here's a /etc/cups/cupsd.conf that should let everyone on a machine configure CUPS, without the need to enter a passwd: --------------------------------------- LogLevel debug Printcap /var/run/cups/printcap <Location /> Order Deny,Allow Deny From All Allow From 127.0.0.1 </Location> <Location /admin> AuthType None Order Deny,Allow Deny From All Allow From 127.0.0.1 </Location> -------------------------------------- With the cupsd.conf above everyone should be able to acces http://localhost:631/admin This config *might* make sense if one is the only person having access to a machine. > > > I wouldn't imagine that you could inadvertantly do anything really > > dangerous from the browser except possibly screw up cups. I'm extremely talented in destroying settings on a computer by mistake once I'm on X, even on console: That's why, while being root, I try to never login to X at least ... :) > > Add/Change printers, classes, etc. Yes, this is only cups > administration. (Maybe I don't understand "anything > dangerous...except..cups"). > > > > > However, I do find it a pain to login as root just for this and so I > > will add this to my growing list of tasks to conquer ;) > > Yes, I /still/ just feel like I'm muddling through. Started using cups > because I thought it would magically work better with the MS crap. Now > I'm taking the plunge to Samba 3.x [ ... ] I found Eric S. Raymond's Essay on CUPS from Feb. 27 this afternoon (E.S Raymond is the author of fetchmail, sed and other stuff.): "The Luxury of Ignorance: An Open-Source Horror Story" <http://www.catb.org/~esr/writings/cups-horror.html> Excerpt: "I've just gone through the experience of trying to configure CUPS, the Common Unix Printing System. It has proved a textbook lesson in why nontechnical people run screaming from Unix. This is all the more frustrating because the developers of CUPS have obviously tried hard to produce an accessible system — but the best intentions and effort have led to a system which despite its superficial pseudo-friendliness is so undiscoverable that it might as well have been written in ancient Sanskrit." Enjoy ... :) Best Regards Wolfgang PS: It's possible I made a mistake when writing in my previous posting I had set Gnome to forbid root here to log in to X. I didn't have the time so far to look at it ... -- Profile, Links: http://profiles.yahoo.com/wolfgangpfeiffer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
