Configurate roles in CUPS 1.3.7

Jim jgardner78 at gmail.com
Tue May 24 06:23:23 PDT 2011 

Hello,
I'm starting with CUPS 1.3.7 configuration and can't see any option to create or modify roles into cupsd.conf file.
I'm modifying the configuration file (cupsd.conf ) but I can't separate roles into Web Service Administration site (http://<localhost>:631). I'd like to know if this is possible to create a role only for administrator whom can do administrator tasks (create printer, clases, etc) and another role with operation roles (stop and start printers, cancel jobs,etc).
I've created some groups, but it didn't work.
Please, let me know if this is possible with CUPS 1.3.7 or I have to migrate to newest version.
This is part of my configuration file:

LogLevel info
# Administrator user group...
SystemGroup cups1
ServerName 10.1.3.31

MaxJobs 0

Printcap /etc/printcap

Listen 10.1.3.31:631
Listen localhost:631
Listen /var/run/cups/cups.sock

Browsing On

Timeout 3600

BrowseAddress 10.1.3.255
BrowseAllow @LOCAL
BrowseLocalProtocols CUPS

BrowseInterval 180

BrowseOrder allow,deny

BrowseTimeout 3600

ImplicitClasses On

RootCertDuration 3600

<Location />
AuthType Basic
Order Allow,Deny
Deny from none
Allow from All
</Location>


############################################################
############################################################
# AUTH
############################################################
############################################################


# Default authentication type, when authentication is required...
  DefaultAuthType Basic
  DefaultEncryption IfRequested

# Restrict access to the server...
<Location />
  Order allow,deny
  Allow @LOCAL
</Location>

# Restrict access to the admin pages...
<Location /admin>
AuthType Basic
AuthClass System
 Order deny,allow
 Allow @LOCAL
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>



DefaultPolicy mypolicy

# Set the default printer/job policies...
<Policy mypolicy>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
    Require user @OWNER @SYSTEM
    Order allow,deny
    allow from 10.1.3.0/24
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
  # AuthType Basic
    Require group cups2
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
  # AuthType Basic
    Require user @SYSTEM
    Order deny,allow
    Allow from all
  </Limit>

 # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order allow,deny
   # Allow from @LOCAL
  </Limit>
</Policy>



----------------------------------------

Thanks in advance.
Jim

More information about the cups mailing list