[cups.bugs] [MOD] STR #3961: remote printers overriding Shared attriubte of local printers

[Michael Sweet]

DO NOT REPLY TO THIS MESSAGE.  INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.

[STR Closed w/Resolution]

You can't edit printers.conf while cupsd is running.  If you really want to
muck with this file by hand (not recommended, this file is not meant to be
edited by hand), stop cupsd, make your changes, and then start cupsd. 
Alternately you can just run "lpadmin -p printer -o printer-is-shared=1"
on xxx.vpn to set the sharing state without editing printers.conf or
stopping/starting cupsd.

As for the "documentation bug", that paragraph has been through a LOT of
revisions since nobody could understand what was said before (which went
into a lot more detail).  But basically sharing controls an implicit
access control policy (above and beyond what is defined in the <Policy
....> </Policy> for the printer) that can limit access to localhost. And we
are not going to change that documentation again unless somebody comes up
with a clearer or more concise description.

As for the sharing case, your configuration is not typical and *will*
cause problems.  What is happening is that the local queue is getting
renamed to "xxx-printer at xxx.vpn", a second queue called
"xxx-printer at yyy.vpn" is added, and an implicit class (which is never
shared) is created pointing to them both. Then yyy.vpn's printer is
actually pointing to the implicit class on xxx.xpn, which causes the
failure.

There are a couple ways to "fix" this:

1. Disable implicit classes on xxx.vpn (ImplicitClasses off)
2. Block browse packets from yyy.vpn on xxx.vpn (which is what you did)

#2 is the big hammer. #1 is the little one that still allows xxx.vpn to
access printers shared from yyy.vpn.

Link: http://www.cups.org/str.php?L3961
Version: 1.4.7
Fix Version: None