Remote administration

Aaron E. ssureshot at gmail.com
Tue Oct 11 07:25:52 PDT 2011 

Change the following to get you started...

Listen localhost:631 (defining this allows only connections from the 
localhost..)
Listen /var/run/cups/cups.sock
Listen cupsserver:631
to
Listen 0.0.0.0:631
Listen /var/run/cups/cups.sock

Use
SystemGroup lpadmin root (or user you want to administer with.)

Tweak the following to permissions you need.. Using these will get you 
connected, once your connected lock it down..

# Restrict access to the server...
<Location />
   Order allow,deny
   Allow all
</Location>

# Restrict access to the admin pages...
<Location /admin>
   Order allow,deny
   Allow all
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
   AuthType Default
#  Require user root
   Order allow,deny
Allow all
</Location>


I also Turn Browsing off.. but thats preference...





On 10/11/2011 08:00 AM, Nuzhna Pomoshch wrote:
> I have been fighting this for seven months now with little (if any progress).
>
> I am trying to set up a simple (in theory) server that allows me to administer it from another machine on the network.
>
> The cupsd.conf file:
>
> LogLevel debug2
>
> SystemGroup lpadmin
>
> Listen localhost:631
> Listen /var/run/cups/cups.sock
> Listen cupsserver:631
>
> Browsing On
> BrowseOrder allow,deny
> BrowseAllow all
> BrowseLocalProtocols CUPS
> BrowseAddress @IF(eth0)
>
> DefaultAuthType Basic
>
> <Location />
>    Order allow,deny
>    Allow from @IF(eth0)
> </Location>
>
> <Location /admin>
>    Order allow,deny
>    Allow from remoteclient
> </Location>
>
> <Location /admin/conf>
>    AuthType Default
>    Require user @SYSTEM
>    Order allow,deny
>    Allow from remoteclient
> </Location>
>
> <Policy default>
>    <Limit Create-Job Print-Job Print-URI Validate-Job>
>      Order deny,allow
>    </Limit>
>
>    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit Cancel-Job CUPS-Authenticate-Job>
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit All>
>      Order deny,allow
>    </Limit>
> </Policy>
>
> <Policy authenticated>
>    <Limit Create-Job Print-Job Print-URI Validate-Job>
>      AuthType Default
>      Order deny,allow
>    </Limit>
>
>    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job CUPS-Get-Document>
>      AuthType Default
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit Cancel-Job CUPS-Authenticate-Job>
>      AuthType Default
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>
>    <Limit All>
>      Order deny,allow
>    </Limit>
> </Policy>
>
> The instant I hit the "Administration" button on the cups interface, I get:
>
> d [11/Oct/2011:05:08:18 +0000] cupsdAcceptClient(lis=0x7f42a8602de0(8)) Clients=0
> D [11/Oct/2011:05:08:18 +0000] cupsdAcceptClient: 12 from 192.168.0.2:631 (IPv4)
> d [11/Oct/2011:05:08:18 +0000] cupsdAddSelect(fd=12, read_cb=0x7f42a69845d0, write_cb=(nil), data=0x7f42a8735860)
> d [11/Oct/2011:05:08:18 +0000] cupsdCheckJobs: 0 active jobs, sleeping=0, reload=0
> d [11/Oct/2011:05:08:18 +0000] cupsdReadClient(con=0x7f42a8735860(12)) con->http.error=0 con->http.used=0, con->http.state=0 con->data_encoding=HTTP_ENCODE_LENGTH, con->data_remaining=0, con->file=-1
> D [11/Oct/2011:05:08:18 +0000] cupsdReadClient: 12 GET /admin HTTP/1.1
> D [11/Oct/2011:05:08:18 +0000] cupsdSetBusyState: Active clients
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: uri = "/admin"...
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location CUPS_INTERNAL_BROWSE_ACL Limit 0
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location /admin/conf Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location /admin Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location / Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: best = /admin
> d [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: con->uri="/admin", con->best=0x7f42a8603210(/admin)
> d [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: Authorization="Basic cm9vdDo="
> E [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: Empty Basic password!
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: con->uri="/admin", con->best=0x7f42a8603210(/admin)
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=0
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: auth=CUPSD_AUTH_DENY...
> d [11/Oct/2011:05:08:18 +0000] cupsdSendError(con=0x7f42a8735860(12), code=403, auth_type=0
> D [11/Oct/2011:05:08:18 +0000] cupsdCloseClient: 12
> D [11/Oct/2011:05:08:18 +0000] cupsdSetBusyState: Not busy
> d [11/Oct/2011:05:08:18 +0000] cupsdRemoveSelect(fd=12)
> d [11/Oct/2011:05:08:18 +0000] cupsdAcceptClient(lis=0x7f42a8602de0(8)) Clients=0
> D [11/Oct/2011:05:08:18 +0000] cupsdAcceptClient: 12 from 192.168.0.2:631 (IPv4)
> d [11/Oct/2011:05:08:18 +0000] cupsdAddSelect(fd=12, read_cb=0x7f42a69845d0, write_cb=(nil), data=0x7f42a8735860)
> d [11/Oct/2011:05:08:18 +0000] cupsdReadClient(con=0x7f42a8735860(12)) con->http.error=0 con->http.used=0, con->http.state=0 con->data_encoding=HTTP_ENCODE_LENGTH, con->data_remaining=0, con->file=-1
> D [11/Oct/2011:05:08:18 +0000] cupsdReadClient: 12 GET /cups.css HTTP/1.1
> D [11/Oct/2011:05:08:18 +0000] cupsdSetBusyState: Active clients
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: uri = "/cups.css"...
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location CUPS_INTERNAL_BROWSE_ACL Limit 0
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location /admin/conf Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location /admin Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: Location / Limit 7f
> d [11/Oct/2011:05:08:18 +0000] cupsdFindBest: best = /
> d [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: con->uri="/cups.css", con->best=0x7f42a8603140(/)
> d [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: Authorization="Basic cm9vdDo="
> E [11/Oct/2011:05:08:18 +0000] cupsdAuthorize: Empty Basic password!
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: con->uri="/cups.css", con->best=0x7f42a8603140(/)
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: level=CUPSD_AUTH_ANON, type=None, satisfy=CUPSD_AUTH_SATISFY_ALL, num_names=0
> d [11/Oct/2011:05:08:18 +0000] cupsdIsAuthorized: auth=CUPSD_AUTH_ALLOW...
> d [11/Oct/2011:05:08:18 +0000] get_file(con=0x7f42a8735860(12), filestats=0x7fff8acd9930, filename=0x7fff8ace29d0, len=1024) = /usr/share/cups/html/cups.css
> d [11/Oct/2011:05:08:18 +0000] is_cgi(con=0x7f42a8735860(12), filename="/usr/share/cups/html/cups.css", filestats=0x7fff8acd9930, type=text/css) = 0
> d [11/Oct/2011:05:08:18 +0000] write_file(con=0x7f42a8735860(12), code=200, filename="/usr/share/cups/html/cups.css" (13), type="text/css", filestats=0x7fff8acd9930)
> d [11/Oct/2011:05:08:18 +0000] cupsdAddSelect(fd=12, read_cb=0x7f42a69845d0, write_cb=0x7f42a69821b0, data=0x7f42a8735860)
> d [11/Oct/2011:05:08:18 +0000] cupsdWriteClient(con=0x7f42a8735860(12)) response=(nil)(-1), file=13 pipe_pid=0 state=3
> d [11/Oct/2011:05:08:18 +0000] cupsdWriteClient(con=0x7f42a8735860(12)) response=(nil)(-1), file=13 pipe_pid=0 state=3
> d [11/Oct/2011:05:08:18 +0000] cupsdWriteClient(con=0x7f42a8735860(12)) response=(nil)(-1), file=13 pipe_pid=0 state=3
> d [11/Oct/2011:05:08:18 +0000] cupsdWriteClient(con=0x7f42a8735860(12)) response=(nil)(-1), file=13 pipe_pid=0 state=3
> d [11/Oct/2011:05:08:18 +0000] cupsdWriteClient(con=0x7f42a8735860(12)) response=(nil)(-1), file=13 pipe_pid=0 state=3
> d [11/Oct/2011:05:08:18 +0000] cupsdAddSelect(fd=12, read_cb=0x7f42a69845d0, write_cb=(nil), data=0x7f42a8735860)
> d [11/Oct/2011:05:08:18 +0000] cupsdRemoveSelect(fd=13)
> D [11/Oct/2011:05:08:18 +0000] cupsdSetBusyState: Not busy
>
> I am not getting prompted for any authentication. Does anyone have any idea why not (and what is happening)?

More information about the cups mailing list