[cups.general] cups-1.1.22rc1 - Pausing via samba unauthorized depending on order of SystemGroup conf
Michael Sweet
mike at easysw.com
Thu Oct 14 12:35:30 PDT 2004
daniel.jarboe at custserv.com wrote:
> Hi Kurt!
>
>
>>Stabbing into the dark now....
>
>
> Thanks :).
>
> Yes, that's why it seems so weird... the only change between one group
> working and the other group working is the order listed in SystemGroup.
> Rotating the order allows it to work as long as the person is in the
> first group listed.
>
> I've tried various combinations with quoting and without etc... in all
> cases it only succeeds when user is a member of whatever the first group
> is. If I were to add root as the first SystemGroup it fails for both of
> the other groups... though there are no authorization problems for any
> of the groups in the list when using the cups web interface.
Only the first group in the SystemGroup is able to read the root
certificate, which is where SAMBA tries to get its authentication
information from.
We may add support for POSIX ACLs in CUPS 1.2 (that would allow the
root certificate file to belong to multiple groups), however at
present you need to stick with a single group for Windows users
and place it first in the list.
If you are interested in hacking POSIX ACL support into CUPS,
check out scheduler/cert.c - the AddCert() function sets the
group ownership, and you could change this code to use the
acl_set_fd(), acl_from_text(), and acl_free() functions...
(keep in mind you need to use a filesystem that supports POSIX
ACLs...)
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list