[cups.general] Configuring group administrators
Grant Basham
grant at rsmas.miami.edu
Wed May 9 07:05:02 PDT 2007
I am trying to configure a departmental print server with group
administrators allowed to manage their own printers.
Using the web interface with my setup, the group admin (@mpoadmin) fails
to authorize with the username/passwd assigned with lppasswd when I try
to stop the MPO printer for which @mpoadmin is in the list of Required
groups.
General admins (@lpadmin) are when I try to start/stop printers in the
web interface. This is true BOTH for the "rcf" printer, for which the
lpadmin group is the registered admin via the default-Policy, and for
the "mpo" printer for which it is NOT in the configured @mpoadmin group
in the mpo-Policy.
Any suggestions are appreciated.
-- grant basham grant at rsmas.miami.edu
======== passwd.md5 ====================
grant:lpadmin:xxx...
rcfadmin:lpadmin:xxx...
mpo:mpoadmin:xxx...
====== printers.conf ============================
# Printer configuration file for CUPS v1.2.4
# Written by cupsd on 2007-05-09 09:19
<Printer mpo>
Info test printer for mpo admin
....
OpPolicy mpo
ErrorPolicy stop-printer
</Printer>
<Printer rcf>
Info rcf default printer
....
OpPolicy default
ErrorPolicy stop-printer
</Printer>
======== cupsd.conf =================
MaxLogSize 2000000000
# Show troubleshooting information in error_log.
#LogLevel debug
LogLevel info
SystemGroup sys root
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseAllow none
BrowseOrder allow,deny
## test md5 authentication using passwd.md5
DefaultAuthType Digest
<Location />
# Allow shared printing and remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Encryption Required
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType digest
# lpadmin is group in passwd.md5 file
Require user @SYSTEM @lpadmin @mpoadmin
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
<Limit Send-Document ... >
Require user @OWNER @SYSTEM @lpadmin
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer ...>
AuthType Digest
Require user @SYSTEM @lpadmin
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM @lpadmin
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel a job...
<Limit Cancel-Job>
Order deny,allow
Require user @OWNER @SYSTEM @lpadmin
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy mpo>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
Purge-Jobs ...>
Require user @OWNER @SYSTEM @mpoadmin
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes
Enable-Printer...>
AuthType Digest
Require user @SYSTEM @mpoadmin
Order deny,allow
</Limit>
<Limit CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM @mpoadmin
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel a job...
<Limit Cancel-Job>
Order deny,allow
Require user @OWNER @SYSTEM @mpoadmin
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: grant.vcf
Type: text/x-vcard
Size: 262 bytes
Desc: not available
URL: <https://lists.cups.org/pipermail/cups/attachments/20070509/212af0ec/attachment-0001.vcf>
More information about the cups
mailing list