[cups.general] Why can only root user lpmove print jobs?
bfb21 at comcast.net
bfb21 at comcast.net
Wed Aug 8 07:53:57 PDT 2007
-------------- Original message ----------------------
From: Kurt Pfeifle <k1pfeifle at gmx.net>
> Bernard Barton wrote:
> > In my cupsd.conf file I have the following line:
> >
> >
> > SystemGroup sys, root, ops
> >
> >
> > The user oper is in the ops group. However, the user oper could not
> > lpmove files from one printer to another. I had to do this as root.
> > How do I configure cupsd.conf to allow the user oper belonging to
> > the group ops to be able to lpmove all print jobs?
>
> CUPS assigns rights to do print and admin related operations more finely
> grained than just "certain groups are allowed to do everything".
>
> Have a look at the documentation about the "operation policies" as well.
> See
>
> http://localhost:631/help/policies.html
>
This documentation seems vague to me. It does not adequately describe
who @SYSTEM is, except to say that it's the "administrator". I have the
SystemGroup defined like this:
SystemGroup ops sys root
This is so the user oper who is in the ops group and perform administration.
The default policy which allows moving jobs (CUPS-Move-Job) is standard:
<Policy default>
# Job-related operations must be done by the owner or an adminstrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-A
ttributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifica
tions Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order allow,deny
</Limit>
So the question remains, what has to be done to allow the user oper in the ops group to lpmove print anyone's print jobs?
-Thanks
More information about the cups
mailing list