Configurate roles in CUPS 1.3.7
Jim
jgardner78 at gmail.com
Tue May 24 06:23:23 PDT 2011
Hello,
I'm starting with CUPS 1.3.7 configuration and can't see any option to create or modify roles into cupsd.conf file.
I'm modifying the configuration file (cupsd.conf ) but I can't separate roles into Web Service Administration site (http://<localhost>:631). I'd like to know if this is possible to create a role only for administrator whom can do administrator tasks (create printer, clases, etc) and another role with operation roles (stop and start printers, cancel jobs,etc).
I've created some groups, but it didn't work.
Please, let me know if this is possible with CUPS 1.3.7 or I have to migrate to newest version.
This is part of my configuration file:
LogLevel info
# Administrator user group...
SystemGroup cups1
ServerName 10.1.3.31
MaxJobs 0
Printcap /etc/printcap
Listen 10.1.3.31:631
Listen localhost:631
Listen /var/run/cups/cups.sock
Browsing On
Timeout 3600
BrowseAddress 10.1.3.255
BrowseAllow @LOCAL
BrowseLocalProtocols CUPS
BrowseInterval 180
BrowseOrder allow,deny
BrowseTimeout 3600
ImplicitClasses On
RootCertDuration 3600
<Location />
AuthType Basic
Order Allow,Deny
Deny from none
Allow from All
</Location>
############################################################
############################################################
# AUTH
############################################################
############################################################
# Default authentication type, when authentication is required...
DefaultAuthType Basic
DefaultEncryption IfRequested
# Restrict access to the server...
<Location />
Order allow,deny
Allow @LOCAL
</Location>
# Restrict access to the admin pages...
<Location /admin>
AuthType Basic
AuthClass System
Order deny,allow
Allow @LOCAL
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
DefaultPolicy mypolicy
# Set the default printer/job policies...
<Policy mypolicy>
# Job-related operations must be done by the owner or an administrator...
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order allow,deny
allow from 10.1.3.0/24
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
# AuthType Basic
Require group cups2
Order deny,allow
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
# AuthType Basic
Require user @SYSTEM
Order deny,allow
Allow from all
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order allow,deny
# Allow from @LOCAL
</Limit>
</Policy>
----------------------------------------
Thanks in advance.
Jim
More information about the cups
mailing list