[cups.general] Configuring group administrators
grant basham
grant at rsmas.miami.edu
Fri May 11 08:49:16 PDT 2007
This was a RedHatEnterprise Linux v 5 installation with the RedHat cups-1.2.4-11.5.1.el5
package. The same configuration files worked properly when I removed the RedHat cups and
built and installed cups 1.2.11 on the same system. I assume sort of version problem?
Grant Basham wrote:
> I am trying to configure a departmental print server with group
> administrators allowed to manage their own printers.
> Using the web interface with my setup, the group admin (@mpoadmin) fails
> to authorize with the username/passwd assigned with lppasswd when I try
> to stop the MPO printer for which @mpoadmin is in the list of Required
> groups.
>
> General admins (@lpadmin) are when I try to start/stop printers in the
> web interface. This is true BOTH for the "rcf" printer, for which the
> lpadmin group is the registered admin via the default-Policy, and for
> the "mpo" printer for which it is NOT in the configured @mpoadmin group
> in the mpo-Policy.
>
> Any suggestions are appreciated.
>
> -- grant basham grant at rsmas.miami.edu
>
> ======== passwd.md5 ====================
> grant:lpadmin:xxx...
> rcfadmin:lpadmin:xxx...
> mpo:mpoadmin:xxx...
>
> ====== printers.conf ============================
> # Printer configuration file for CUPS v1.2.4
> # Written by cupsd on 2007-05-09 09:19
> <Printer mpo>
> Info test printer for mpo admin
> ...
> OpPolicy mpo
> ErrorPolicy stop-printer
> </Printer>
>
> <Printer rcf>
> Info rcf default printer
> ...
> OpPolicy default
> ErrorPolicy stop-printer
> </Printer>
>
> ======== cupsd.conf =================
> MaxLogSize 2000000000
> # Show troubleshooting information in error_log.
> #LogLevel debug
> LogLevel info
> SystemGroup sys root
> # Allow remote access
> Port 631
> Listen /var/run/cups/cups.sock
> # Share local printers on the local network.
> Browsing On
> BrowseAllow none
> BrowseOrder allow,deny
> ## test md5 authentication using passwd.md5
> DefaultAuthType Digest
> <Location />
> # Allow shared printing and remote administration...
> Order allow,deny
> Allow @LOCAL
> </Location>
> <Location /admin>
> Encryption Required
> # Allow remote administration...
> Order allow,deny
> Allow @LOCAL
> </Location>
> <Location /admin/conf>
> AuthType digest
> # lpadmin is group in passwd.md5 file
> Require user @SYSTEM @lpadmin @mpoadmin
> # Allow remote access to the configuration files...
> Order allow,deny
> Allow @LOCAL
> </Location>
>
> <Policy default>
> <Limit Send-Document ... >
> Require user @OWNER @SYSTEM @lpadmin
> Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer ...>
> AuthType Digest
> Require user @SYSTEM @lpadmin
> Order deny,allow
> </Limit>
> <Limit CUPS-Authenticate-Job>
> Require user @OWNER @SYSTEM @lpadmin
> Order deny,allow
> </Limit>
> # Only the owner or an administrator can cancel a job...
> <Limit Cancel-Job>
> Order deny,allow
> Require user @OWNER @SYSTEM @lpadmin
> </Limit>
> <Limit All>
> Order deny,allow
> </Limit>
> </Policy>
>
> <Policy mpo>
> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
> Purge-Jobs ...>
> Require user @OWNER @SYSTEM @mpoadmin
> Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer Set-Printer-Attributes
> Enable-Printer...>
> AuthType Digest
> Require user @SYSTEM @mpoadmin
> Order deny,allow
> </Limit>
> <Limit CUPS-Authenticate-Job>
> Require user @OWNER @SYSTEM @mpoadmin
> Order deny,allow
> </Limit>
> # Only the owner or an administrator can cancel a job...
> <Limit Cancel-Job>
> Order deny,allow
> Require user @OWNER @SYSTEM @mpoadmin
> </Limit>
> <Limit All>
> Order deny,allow
> </Limit>
> </Policy>
>
>
>
>
>
More information about the cups
mailing list