[cups.general] Configurate roles in CUPS 1.3.7

Michael Sweet msweet at apple.com
Tue May 24 14:53:43 PDT 2011 

You want to use policies to control this; see:

	http://www.cups.org/documentation.php/policies.html

On May 24, 2011, at 9:23 AM, Jim wrote:

> Hello,
> I'm starting with CUPS 1.3.7 configuration and can't see any option to create or modify roles into cupsd.conf file.
> I'm modifying the configuration file (cupsd.conf ) but I can't separate roles into Web Service Administration site (http://<localhost>:631). I'd like to know if this is possible to create a role only for administrator whom can do administrator tasks (create printer, clases, etc) and another role with operation roles (stop and start printers, cancel jobs,etc).
> I've created some groups, but it didn't work.
> Please, let me know if this is possible with CUPS 1.3.7 or I have to migrate to newest version.
> This is part of my configuration file:
> 
> LogLevel info
> # Administrator user group...
> SystemGroup cups1
> ServerName 10.1.3.31
> 
> MaxJobs 0
> 
> Printcap /etc/printcap
> 
> Listen 10.1.3.31:631
> Listen localhost:631
> Listen /var/run/cups/cups.sock
> 
> Browsing On
> 
> Timeout 3600
> 
> BrowseAddress 10.1.3.255
> BrowseAllow @LOCAL
> BrowseLocalProtocols CUPS
> 
> BrowseInterval 180
> 
> BrowseOrder allow,deny
> 
> BrowseTimeout 3600
> 
> ImplicitClasses On
> 
> RootCertDuration 3600
> 
> <Location />
> AuthType Basic
> Order Allow,Deny
> Deny from none
> Allow from All
> </Location>
> 
> 
> ############################################################
> ############################################################
> # AUTH
> ############################################################
> ############################################################
> 
> 
> # Default authentication type, when authentication is required...
>  DefaultAuthType Basic
>  DefaultEncryption IfRequested
> 
> # Restrict access to the server...
> <Location />
>  Order allow,deny
>  Allow @LOCAL
> </Location>
> 
> # Restrict access to the admin pages...
> <Location /admin>
> AuthType Basic
> AuthClass System
> Order deny,allow
> Allow @LOCAL
> </Location>
> 
> # Restrict access to configuration files...
> <Location /admin/conf>
>  AuthType Default
>  Require user @SYSTEM
>  Order allow,deny
> </Location>
> 
> 
> 
> DefaultPolicy mypolicy
> 
> # Set the default printer/job policies...
> <Policy mypolicy>
>  # Job-related operations must be done by the owner or an administrator...
>  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
>    Require user @OWNER @SYSTEM
>    Order allow,deny
>    allow from 10.1.3.0/24
>  </Limit>
> 
>  # All administration operations require an administrator to authenticate...
>  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>  # AuthType Basic
>    Require group cups2
>    Order deny,allow
>  </Limit>
> 
>  # All printer operations require a printer operator to authenticate...
>  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
>  # AuthType Basic
>    Require user @SYSTEM
>    Order deny,allow
>    Allow from all
>  </Limit>
> 
> # Only the owner or an administrator can cancel or authenticate a job...
>  <Limit Cancel-Job CUPS-Authenticate-Job>
>    Require user @OWNER @SYSTEM
>    Order deny,allow
>  </Limit>
> 
>  <Limit All>
>    Order allow,deny
>   # Allow from @LOCAL
>  </Limit>
> </Policy>
> 
> 
> 
> ----------------------------------------
> 
> Thanks in advance.
> Jim
> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups

________________________________________________________________________
Michael Sweet, Senior Printing System Engineer, PWG Chair

More information about the cups mailing list