[cups.general] Required user name not tested?
Johannes Meixner
jsmeix at suse.de
Tue Mar 6 06:13:03 PST 2007
Hello,
I run CUPS 1.2.7 and have this in my cupsd.conf:
------------------------------------------------------------------
<Location /admin>
Encryption Required
Order allow,deny
Allow From localhost
</Location>
<Policy default>
....
# All admin operations require an admin to authenticate...
<Limit ... CUPS-Add-Printer CUPS-Delete-Printer ...>
AuthType Basic
Require user @SYSTEM johannes
Require group suse
Order deny,allow
</Limit>
------------------------------------------------------------------
As far as I understand this settings require that
the request must come from localhost
and the user must be @SYSTEM or johannes
and the user must belong to the suse group
(because the default is "Satisfy all")
but it seems I misunderstand something because:
On my localhost I have the users jsmeix and johannes.
jsmeix is member of the group suse but johannes is not.
Nevertheless I can run lpadmin successfully as jsmeix
(but not as johannes).
Three more questions:
What exactly means in
http://www.cups.org/documentation.php/ref-cupsd-conf.html
"Require group foo bar"
Must the user must be a member of foo and bar if "Satisfy all"
and the user can be a member of foo or bar if "Satisfy any"?
What is the difference between "Require group foo bar"
and "Require user @foo @bar"?
Regarding "Order":
Is a Require line considered to be an Allow line or a Deny line?
Or more precisely:
What is the exact sequence of tests for "Order deny,allow"
and "Order allow,deny" for Allow lines, Deny lines and
"Require user" and "Require group" lines?
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany
AG Nuernberg, HRB 16746, GF: Markus Rex
More information about the cups
mailing list