Authorization of custom CGIs

Michael Sweet mike at easysw.com
Wed Dec 20 19:02:22 PST 2006


Opher Shachar wrote:
> Hello all,
>   I've written a custom CGI and marked it as a protected resource in cupsd.conf:
> <Location /ojobs.cgi>
>   AuthType Basic
>   Require user @SYSTEM
>   # Allow remote administration...
>   Order allow,deny
>   Allow @LOCAL
> </Location>
> 
> When accessing the CGI I'm asked to authenticate BUT then any (authenticated) user - not just root - gets access.
> Is it the CGI's responsibility to check for authorization?
> If so need the CGI parse the cupsd.conf file, or is there a simpler way?

CUPS should be doing the group checks for you - verify that your
users are not part of the system group(s).  If they aren't, set the
LogLevel to debug2 and see which location is being used for
authentication (look for the cupsdFindBest log messages).

-- 
______________________________________________________________________
Michael Sweet, Easy Software Products           mike at easysw dot com
Internet Printing and Publishing Software        http://www.easysw.com




More information about the cups mailing list