[cups.general] cups server using IPP: access denied when deletingjobs
Michael Sweet
mike at easysw.com
Tue Jan 3 09:36:03 PST 2006
Cyrill Helg wrote:
> Am Dienstag, 3. Januar 2006 02:28 schrieb Gene Heskett:
>
>> Its probably something in the Location Admin... Some snips from
>> my /etc/cups/cupsd.conf
>>
>> <Location />
>> Order Deny,Allow
>> Deny From All
>> Allow From @LOCAL
>> </Location>
>>
>> [...]
>>
>> <Location /admin>
>> AuthType Basic
>> AuthClass System
>> Order Deny,Allow
>> Deny From All
>> Allow From @LOCAL
>> </Location>
>>
>> YMMV of course.
>
> Hmm this looks more like a workaround than a real solution. Because like this
> everyone can delete any job. I think that this problem is a BUG in cups.
No, only an administrator or the owner of a job can cancel it in
CUPS 1.1.x.
The "correct" solution in 1.1.x is to add the following:
<Location /jobs>
<Limit GET>
Order allow,deny
Allow @LOCAL
AuthType Basic
Require valid-user
</Limit>
</Location>
CUPS 1.2 automatically asks for authentication when you cancel a
job from the web interface; in addition, you can configure CUPS to
allow any user to cancel a job, if you like (the default is the same
as CUPS 1.1.x and earlier, as I described above...)
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list