AllowUser and user printing rights problem @ Debian
Sebastian Sawicki
Sebo.PL+cups.org at gMail.com
Sun Dec 14 09:30:52 PST 2008
Hi!!
I've got cupsys, cupsys-bsd, cupsys-client, cupsys-common 1.2.7-4etch5.
And trying to allow printing for users that are not @lpadmin.
So I've got 2 example system users:
# groups user1 admin1
user1 : user1 print
admin1 : admin1 lpadmin print
And:
# cat /etc/cups/printers.conf
<DefaultPrinter Epson>
Info Epson LX-300 raw
Location Office
DeviceURI parallel:/dev/lp0
State Idle
StateTime 1209855367
Accepting Yes
Shared Yes
JobSheets none none
QuotaPeriod 0
PageLimit 0
KLimit 0
OpPolicy default
ErrorPolicy stop-printer
#AllowUser @print
</Printer>
# cat /etc/cups/cupsd.conf
ServerName printserver.somedomain.pl
Classification none
DefaultCharset ISO-8859-2
DefaultLanguage pl
Printcap /var/run/cups/printcap
PrintcapFormat BSD
RemoteRoot remrot
SystemGroup lpadmin
ServerCertificate /etc/cups/ssl/server.crt
ServerKey /etc/cups/ssl/server.key
<Location />
Encription Required
Satisfy All
Order allow,deny
Allow all
Require user @print @SYSTEM
</Location>
<Location /admin>
Encription Required
Satisfy All
Order allow,deny
Allow all
Require user @print @SYSTEM
</Location>
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Encription Required
Satisfy All
Order allow,deny
Allow all
</Location>
HostnameLookups Off
KeepAlive On
KeepAliveTimeout 60
MaxClients 100
MaxRequestSize 0m
Timeout 300
Port 631
Listen /var/run/cups/sups.sock
AccessLog /var/run/cups/access_log
ErrorLog /var/run/cups/error_log
PageLog /var/run/cups/page_log
MaxLogSize 1m
LogLevel debug2
PreserveJobHistory On
PreserveJobFiles Off
AutoPrugeJobs No
MaxJobs 0
MaxJobsPerPrinter 0
MaxJobsPerUser 0
User lp
Group lp
RIPCache 8m
FilterLimit 0
DataDir /usr/share/cups
DocumentRoot /usr/share/cups/doc-root
RequestRoot /var/spool/cups
ServerBin /usr/lib/cups
ServerRoot /etc/cups
TempDir /var/spool/cups/tmp
Browsing On
BrowseProtocols CUPS
BrowsePort 631
BrowseInterval 30
BrowseTimeout 300
BrowseAllow @LOCAL
BrowseOrder allow,deny
ImplicitClasses On
ImplicitAnyClasses Off
HideImplicitMembers Yes
BorowseShortNames Yes
defaultauthtype Basic
<policy default>
<limit Create-Job Print-Job Get-Jobs>
order deny,allow
require user @print
</limit>
<limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
order deny,allow
require user @OWNER @SYSTEM
</limit>
<limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
authtype Basic
order deny,allow
require user @SYSTEM
</limit>
<limit Cancel-Job CUPS-Authenticate-Job>
require user @OWNER @SYSTEM
order deny,allow
</limit>
<limit All>
order deny,allow
</limit>
</policy>
And such configuration makes possible to print from admin1:
admin1 at printserver:~$ lpr -P Epson test.txt
Prints the file.
But not from the user1:
user1 at printserver:~$ lpr -P Epson test.txt
Just hangs up lpr.
(There is even no msg saying that the user is not allowed to print on the printer)
But changing the /etc/cups/printers.conf file by uncommenting the AllowUser line makes no one possible to print!
admin1 at printserver:~$ lpr -P Epson test.txt
lpr: Quota limit reached.
user1 at printserver:~$ lpr -P Epson test.txt
Hangs up lpr the same as previously.
So How can I allow some users printing and not make them @lpadmin ??
More information about the cups
mailing list