Enable/Disable printer queue from command line

Kurt Pfeifle kpfeifle at danka.de
Thu Jun 15 13:19:32 PDT 2006


Sean McBrien <smcbrien at bfsec.bt.co.uk> wrote (Thursday 15 June 2006 17:54):

> Folks,
> 
> When I try to disable a printer via the command line:
> 
> /usr/bin/disable <printer>
> 
> I get the following error:
> 
> disable: Forbidden

Which version of CUPS are you using? 1.1.x or 1.2.x? A distro package 
or a self-compiled one? 

Are you running the command as user or as root?

> This also happens with 'enable', any ideas?

Yes.

CUPS 1.2 introduced the concept of "Policy". Different OpPolicies can
be assigned to different printers. (By default, the DefaultPolicy 
named "default" is assigned). See 

   http://localhost:631/help/ref-cupsd-conf.html?TOPIC=References&QUERY=#Policy

It may be the case that the printer's assigned "OpPolicy" does not
support its disabling/enabling by the user you impersonated. You
can see all "operations" that can be covered by a policy here:

   http://localhost:631/help/ref-cupsd-conf.html?TOPIC=References&QUERY=#LimitIPP

You have to choose (or define) a policy that covers the operation names

  Enable-Printer
  Disable-Printer

for your impersonated user to execute.

> The reason I'm doing this is that there is a physical issue with a printer
> in that it needs rebooted often to get it to print, everytime it is
> rebooted the CUPS web pages say that the socket has failed ( i assume
> because it cant find it on the network) if i restart the queues via the
> web interface it will work fine again so i want to able to start the
> queues again from the command line rather than throwing xterms etc.
> 
> Also, is there a way to configure cupsd.conf to allow remote computers to
> access the admin web interface rather than just http://localhost:631 on
> the machine itself?

Yes. It can be derived from the documentation at

   http://localhost:631/help/        # CUPS 1.2.x
   http://localhost:631/sam.html/    # CUPS 1.1.x

To give you 2 examples (should work for CUPS 1.1 as well as 1.2), 
which may serve you to guide you your way through the documentation:

1. very open, very unsecure:
----------------------------
 You could try to put this in your cupsd.conf if want to throw your
 CUPS system open to *everyone* who is able to connect:

   <Location /admin>
     AuthType None
     Order Deny,Allow
     Allow from all
     Deny from none
   </Location>

2. fairly secure:
-----------------
 To make it more secure, use s.th. like this (assuming you have 2 
 remote hosts you what to allow admin access, IP 192.168.1.101 and
 adminworkstation.yourdomain.com):

   <Location /admin>
     AuthType Digest
     Require user root sean
     Order Allow,Deny
     Allow from localhost
     Allow from 192.168.1.101
     Allow from adminworkstation.yourdomain.com
     Deny from all
   </Location>

If you use "AuthType Digest". Don't forget to run "lppasswd -a 
root" and "lppasswd -a sean" to add users root and sean to the 
/etc/cups/passwd.md5 file.

Cheers,
Kurt






More information about the cups mailing list