[cups.bugs] [HIGH] STR #2580: Modifying "Basic Server Settings" options re-writes cupsd.conf with missing local changes

Jean-Michel Dault jmdault+cups at revolutionlinux.com
Thu Nov 1 07:54:58 PDT 2007 

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR New]

NOTE: - This bug is related to STR #2579. I re-send the bug because Mike
was a bit too fast on the trigger and closed the ticket, but the bug is
still there and it seems it's impossible to just add new comments to a
ticket once it's closed..
      - I removed the information that could be confusing, and provide a
diff of before and after so we can see exactly what cups strips from the
original config file.

== Problem ==
When modifiyng a "Basic Server Settings" options using the web interface
(or any other gui that accesses /admin/conf on the server), cups re-writes
cupsd.conf with missing local changes.

For example, if someone adds "Allow 10.0.0.0/8" to enable access to
another local network, these changes will disappear when cups re-writes
cupsd.conf. All comments in cupsd.conf are also gone.

We have many cups servers setup this way, both at the office and at
customer's sites (20,000-50,000 users, multiple subnets).

In our setup, we have this:
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow localhost
  Allow 10.0.0.0/8
</Location>

Our @SYSTEM group is setup in LDAP so that sysadmins can manage the print
server.

== How to duplicate the bug ==
- Use "Allow" directives to accept from another network
- Using a machine in that other network, open a browser to
https://cups-server:631/admin/
- In "Basic Server Settings", check "Save debugging information for
troubleshooting", and "Change settings".
- Result: cups reloads with "403 Forbidden", and noone can print.

== Possible fix ==
- modify cups so that it reads and applies *all* local modifications to
cupsd.conf ("Allow" lines and comments) before overwriting it.

Link: http://www.cups.org/str.php?L2580
Version: 1.3-current
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cupsd.conf.diff-before-after
URL: <https://lists.cups.org/pipermail/cups/attachments/20071101/29c88ba5/attachment.ksh>

More information about the cups mailing list