Policy and Printer Administration
angelb
angelb at bugarin.us
Tue Jan 22 13:02:20 PST 2008
> > > angelb wrote:
> > > > ...
> > > > As we can see from the Policy, the group required is explicitly entered
> > > > as "testprint".
> > > >
> > > > Where do I make the change so that the Policy will work correctly?
> > > >
> > > > Any suggestion or idea is much appreciated.
>
> > >
> > > Hmm, what version of CUPS are you using?
> > >
>
> It seems by default, permissions set in the Location directive takes
> precedence over the permissions set in the Policy.
>
> For example, I have Location /admin set to Require group of "lp". The
> Require group used in my policy is, testprint, but is ignored; it aways
> calls for group "lp".
>
> That would make sense since stoping and starting printer queues or
> cancelling or moving jobs requires administration rights. But this would also make the Policy directives useless since you can't really make use of the authentication specified in the policy.
>
> Can someone else verify my observation?
But of course, if I comment Location /admin, that would leave the
Policy to do its job then. This method has the side-effect of having
the authentication prompted at the end instead of from the start when
accessing options requiring administrative rights; ie, "Add Printer".
For now, I can live with the side-effect. Not a major issue. At least
the Policy directive seems to be working now.
I apologize for my many posts... :)
Thanks,
Angel
More information about the cups
mailing list