[cups.general] Printer Policies for the Web Interface
Philipp Richter
philipp.richter at linbit.com
Thu Jul 5 03:02:27 PDT 2007
On Wednesday 04 July 2007 16:40:08 Kurt Pfeifle wrote:
> What exactly do you mean by "a central (clustered) CUPS server" ??
> What type of cluster?
it's a heartbeat cluster with a drbd device used as cups spool.
> What you describe should be possible with the standard CUPS 1.2
> functionality provided by the "Policy" keyword in cupsd.conf.
>
> All you have to do is define the exact policies you want to use for
> different users/groups and give them the policy names you like.
i have read the policy document a couple of times and am already using it.
> > Is it possible to apply rules like the operation policies (which are for
> > IPP printing only) to the web interface?
>
> Huh?
ok. maybe i didn't express myself correctly. i know what i can do with the
webinterface. and of course the policies apply correctly. here is a snippet
of cupsd.conf:
<Policy SYNOP>
# print related tasks. no login required
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job Cancel-Job
CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order allow,deny
Allow from 138.22.179.0/24
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes
Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs
Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer
Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After
CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user sysman @SYSTEM
Order allow,deny
Allow from 138.22.129.112
</Limit>
<Limit All>
Order allow,deny
Allow from 138.22.179.0/24
</Limit>
</Policy>
so printers with the policy SYNOP should be allowed to be printed to from the
net 138.22.179.0/24 and administered by the user "sysman" coming from
138.22.129.112. what doesn't work with the web-interface are the "allow from"
constraints because the admin.cgi makes a local ipp-connection so the source
ip is lost for the policy check. so my question is if there is any way to
restrict the different admins to their network?
--
: Philipp Richter Tel +43-1-8178292-51 :
: LINBIT Information Technologies GmbH Fax +43-1-8178292-82 :
: Vivenotgasse 48, A-1120 Vienna/Europe http://www.linbit.com :
More information about the cups
mailing list