[cups.general] Configuring group administrators

[grant basham]

This was a RedHatEnterprise Linux v 5 installation with the RedHat cups-1.2.4-11.5.1.el5 
package.  The same configuration files worked properly when I removed the RedHat cups and 
built and installed cups 1.2.11 on the same system.  I assume sort of version problem?

Grant Basham wrote:
> I am trying to configure a departmental print server with group 
> administrators allowed to manage their own printers.
> Using the web interface with my setup, the group admin (@mpoadmin) fails 
> to authorize with the username/passwd assigned with lppasswd when I try 
> to stop the MPO printer for which @mpoadmin is in the list of Required 
> groups.
> 
> General admins (@lpadmin) are when I try to start/stop printers in the 
> web interface.  This is true BOTH for the "rcf" printer, for which the 
> lpadmin group is the registered admin via the default-Policy, and for 
> the "mpo" printer for which it is NOT in the configured @mpoadmin group 
> in the mpo-Policy.
> 
> Any suggestions are appreciated.
> 
> -- grant basham    grant at rsmas.miami.edu
> 
> ======== passwd.md5 ====================
> grant:lpadmin:xxx...
> rcfadmin:lpadmin:xxx...
> mpo:mpoadmin:xxx...
> 
> ====== printers.conf ============================
> # Printer configuration file for CUPS v1.2.4
> # Written by cupsd on 2007-05-09 09:19
> <Printer mpo>
> Info test printer for mpo admin
> ...
> OpPolicy mpo
> ErrorPolicy stop-printer
> </Printer>
> 
> <Printer rcf>
> Info rcf default printer
> ...
> OpPolicy default
> ErrorPolicy stop-printer
> </Printer>
> 
> ======== cupsd.conf =================
> MaxLogSize 2000000000
> # Show troubleshooting information in error_log.
> #LogLevel debug
> LogLevel info
> SystemGroup sys root
> # Allow remote access
> Port 631
> Listen /var/run/cups/cups.sock
> # Share local printers on the local network.
> Browsing On
> BrowseAllow none
> BrowseOrder allow,deny
> ## test md5 authentication using passwd.md5
> DefaultAuthType Digest
> <Location />
>  # Allow shared printing and remote administration...
>  Order allow,deny
>  Allow @LOCAL
> </Location>
> <Location /admin>
>  Encryption Required
>  # Allow remote administration...
>  Order allow,deny
>  Allow @LOCAL
> </Location>
> <Location /admin/conf>
>  AuthType digest
> # lpadmin is group in passwd.md5 file
>  Require user @SYSTEM @lpadmin @mpoadmin
>  # Allow remote access to the configuration files...
>  Order allow,deny
>  Allow @LOCAL
> </Location>
> 
> <Policy default>
>  <Limit Send-Document ... >
>    Require user @OWNER @SYSTEM @lpadmin
>    Order deny,allow
>  </Limit>
>  <Limit Pause-Printer Resume-Printer ...>
>    AuthType Digest
>    Require user @SYSTEM @lpadmin
>    Order deny,allow
>  </Limit>
>  <Limit CUPS-Authenticate-Job>
>    Require user @OWNER @SYSTEM @lpadmin
>    Order deny,allow
>  </Limit>
>  # Only the owner or an administrator can cancel a job...
>  <Limit Cancel-Job>
>    Order deny,allow
>    Require user @OWNER @SYSTEM @lpadmin
>  </Limit>
>  <Limit All>
>    Order deny,allow
>  </Limit>
> </Policy>
> 
> <Policy mpo>
>  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job 
> Purge-Jobs ...>
>    Require user @OWNER @SYSTEM @mpoadmin
>    Order deny,allow
>  </Limit>
>  <Limit Pause-Printer Resume-Printer Set-Printer-Attributes 
> Enable-Printer...>
>    AuthType Digest
>    Require user @SYSTEM @mpoadmin
>    Order deny,allow
>  </Limit>
>  <Limit CUPS-Authenticate-Job>
>    Require user @OWNER @SYSTEM @mpoadmin
>    Order deny,allow
>  </Limit>
>  # Only the owner or an administrator can cancel a job...
>  <Limit Cancel-Job>
>    Order deny,allow
>    Require user @OWNER @SYSTEM @mpoadmin
>  </Limit>
>  <Limit All>
>    Order deny,allow
>  </Limit>
> </Policy>
> 
> 
> 
> 
>