Policy - User not in group
angelb
angelb at bugarin.us
Wed Jan 2 14:08:21 PST 2008
Hello all.
I've created my first policy, mktgtest, with an appropriate account,
qadmin1, that has access to the policy but it's not working the way I
thought it should.
When trying to Disable or Enable a printer using the "qadmin1" account,
it complains the account does not belong to "lp" group. The "lp" group
happens to be in the default policy.
My policy:
<Policy mktgtest>
...
# Requires authentication and group membership to qadmin
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes
Enable-Printer Disable-PrinterDefault
...>
AuthType Basic
Require group qadmin
Order deny,allow
</Limit>
...
</Policy>
Printer config:
<Printer 3668-0-p1>
...
OpPolicy mktgtest
ErrorPolicy stop-printer
</Printer>
User account: qadmin1
[qadmin1 at stlam507 ~]$ id
uid=1838(qadmin1) gid=1838(qadmin) groups=1838(qadmin)
The account "qadmin1" is a member of group "qadmin" which is a group
specified inside the Limits directive in the mktgtest policy. And, the
printer, 3668-0-p1, qadmin1 is trying to modify is correctly assigned
(using the lpadmin command) to the mktgtest policy. So, where have I
gone wrong that prevents the group "qadmin" from being used?
Any suggestion is appreciated.
Thanks!
Angel
More information about the cups
mailing list