not authorized to delete job.. owned

Kurt Pfeifle kurt.pfeifle at infotec.com
Mon Jul 2 14:32:18 PDT 2007 

> hello
>
> first sorry for my bad english.
>
> i will delete printer-job over the webinterface ( server:631 )
>
> but i did not work
> error_log
> E [28/Jun/2007:20:32:10 +0200] cancel_job: "" not authorized to delete job id 5 owned by "Administrator"!
>
>
> i will not login, any user are allow delete any job
>
> but i did not work
> <Location /jobs>
> AuthClass System
> AuthType Basic
> Order Deny,Allow
> Deny From None
> Allow From all
> </Location>


According to this setting snippet, any user who wants to access the "<Location /jobs>" (that he needs to do in order to delete a job) needs to be a member of the "System" group (that is defined in cupsd.conf, "SystemGroup" setting), and he needs to type in his system password  (the one which is used to login to the system).

I assume your user "Administrator" is not part of the "SystemGroup", and the user you used to access the web interface is neither...

> what must i do?

There are many options. To spell out three:

<Location /jobs>
  AuthClass Anonymous
  Order Deny,Allow
  Deny From None
  Allow From all
</Location>

"AuthClass Anonymous" effectively switches off any authentication. *You* decide whether you can afford that in your environment!  Don't blame us if you get a security breach or loose jobs you meant to keep  :-)


<Location /jobs>
  AuthClass User
  AuthType Basic
  Order Deny,Allow
  Deny From None
  Allow From all
</Location>

"AuthClass User" + "AuthType Basic" make it so that *any* valid username and password can authenticate to access the /jobs resource.


<Location /jobs>
  AuthClass Group
  AuthGroupName jobdeleters
  AuthType Digest
  Order Deny,Allow
  Deny From None
  Allow From all
</Location>

"AuthClass Group" + "AuthGroupName jobdeleters" make it so that whoever wants to delete a job needs to be a member of the "jobdeleters" group (you have to create it first); furthermore, "AuthType Digest" means that the password to be used is not verified against the usual system password resource, but against a special password file in /etc/cups/lppasswd.md5. You must add a user to that password file by running (as root) the command "lppasswd -a whatevertheusername"....

Cheers,
Kurt

--
Kurt Pfeifle
System & Network Printing Consultant --- Linux/Unix/Windows/Samba/CUPS
Infotec Deutschland GmbH - A RICOH Company ......... Stuttgart/Germany

More information about the cups mailing list