[cups.general] Location /admin/conf

Jeff Hardy hardyjm at potsdam.edu
Tue Jun 19 06:24:29 PDT 2007


On Sun, 2006-12-24 at 12:27 -0500, Opher Shachar wrote:
> > Opher Shachar wrote:
> > > ...
> > > In admin.tmpl the HREF attribute of edit-configuration-file button is
> > > set to "/admin?op=config-server" which under the default
> > > configuration does not require authentication. Is that by design?
> >
> > Yes, you'll get the authentication challenge after you click on
> > the "save changes" button.
> >
> > > To restrict access to root only I changed the above in admin.tmpl to
> > > "/admin/conf?op=config-server" and in edit-config.tmpl the form's
> > > ACTION to "/admin/conf". This works, the question is: Is that the
> > > right (safe) way?
> >
> > It won't necessary continue working forever, but it is a way to
> > require authentication before you get to see the configuration file.
> >

I apologize for responding to a very old post (a post which saved me
some time).

Since the default config file, at least in Fedora 7 on cups-1.2.10, has
a Location entry for /admin/conf with example restrictions, doesn't it
make sense that the form action in admin.tmpl should be set
to /admin/conf, as this poster did?

You mentioned that it won't necessarily continue working forever, and I
notice that in cups-1.2.11 the template file still does not reflect this
change.  Is there some other, better way to restrict access to
configuration files, or is this an oversight?  Just thought I'd ask
before filing a bug.

BTW, thanks for 1.2 :)

-Jeff


-- 
Jeff Hardy
Systems Analyst
hardyjm at potsdam.edu





More information about the cups mailing list