[cups] Authority Issue at Command line

Michael Sweet msweet at apple.com
Tue Dec 20 08:17:19 PST 2016


Might be an issue with the SystemGroup setting in cups-files.conf.  But we haven't tested CUPS on AIX in a very long time...


> On Dec 20, 2016, at 11:09 AM, Haines, Brandan <BAHaines at cooperstandard.com> wrote:
> 
> AIX 7100-04.
> 
> -Brandan
> 
> -----Original Message-----
> From: cups-bounces at cups.org [mailto:cups-bounces at cups.org] On Behalf Of Michael Sweet
> Sent: Tuesday, December 20, 2016 11:04
> To: The CUPS user discussion list. <cups at cups.org>
> Subject: Re: [cups] Authority Issue at Command line
> 
> What OS/Linux distribution?
> 
> 
>> On Dec 20, 2016, at 10:57 AM, Haines, Brandan <BAHaines at cooperstandard.com> wrote:
>> 
>> All:
>> 
>> I am attempting to install and configure CUPS 2.0.2.  I am presently having an issue where whenever I try to run something at command line I am getting prompted for a password.  If I enter a password, it is fine and works, but I want to be able to run stuff at command line without having to enter a password.  How can I achieve that (my google fu failed me here)?  For example "cancel" and "lpadmin" prompt for "Password for root on localhost?"  NOTE: Works fine from web interface (where I do want to have a password and enter one).
>> 
>> -Brandan
>> bahaines at cooperstandard.com
>> 
>> Sample of issue follows:
>> root at hostname:/var/log/cups>/opt/freeware/bin/cancel USAUBIT_RI04-19
>> Password for root on localhost?
>> /opt/freeware/bin/cancel: cancel-job failed: Unauthorized
>> <-- End Sample -->
>> 
>> <-- snips of cupsd.conf security sections --> # Set the default
>> printer/job policies...
>> <Policy default>
>> # Job/subscription privacy...
>> JobPrivateAccess default
>> JobPrivateValues default
>> SubscriptionPrivateAccess default
>> SubscriptionPrivateValues default
>> 
>> # Job-related operations must be done by the owner or an administrator...
>> <Limit Create-Job Print-Job Print-URI Validate-Job>
>>   Order deny,allow
>> </Limit>
>> 
>> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
>> #    Require user @OWNER @SYSTEM
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # All administration operations require an administrator to authenticate...
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
>>   AuthType Default
>>   Require user @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # All printer operations require a printer operator to authenticate...
>> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
>>   AuthType Default
>>   Require user @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # Only the owner or an administrator can cancel or authenticate a job...
>> <Limit Cancel-Job CUPS-Authenticate-Job>
>>   Require user @OWNER @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> <Limit All>
>>   Order deny,allow
>> </Limit>
>> </Policy>
>> 
>> # Set the authenticated printer/job policies...
>> <Policy authenticated>
>> # Job/subscription privacy...
>> JobPrivateAccess default
>> JobPrivateValues default
>> SubscriptionPrivateAccess default
>> SubscriptionPrivateValues default
>> 
>> # Job-related operations must be done by the owner or an administrator...
>> <Limit Create-Job Print-Job Print-URI Validate-Job>
>>   AuthType Default
>>   Order deny,allow
>> </Limit>
>> 
>> <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
>>   AuthType Default
>>   Require user @OWNER @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # All administration operations require an administrator to authenticate...
>> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>>   AuthType Default
>>   Require user @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # All printer operations require a printer operator to authenticate...
>> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
>>   AuthType Default
>>   Require user @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> # Only the owner or an administrator can cancel or authenticate a job...
>> <Limit Cancel-Job CUPS-Authenticate-Job>
>>   AuthType Default
>>   Require user @OWNER @SYSTEM lpadmin
>>   Require group lp
>>   Order deny,allow
>> </Limit>
>> 
>> <Limit All>
>>   Order deny,allow
>> </Limit>
>> </Policy>
>> 
>> ________________________________
>> 
>> This e-mail message is confidential and is intended only for the person(s) named above. If you have received this message in error, please notify the sender immediately and delete/remove it from your computer system. Any reading, distribution, printing or disclosure of this message is strictly prohibited if you are not the intended recipient of this message. Neither this information block, the typed name of the sender, nor anything else in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
>> _______________________________________________
>> cups mailing list
>> cups at cups.org
>> https://lists.cups.org/mailman/listinfo/cups
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
> 
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
> 
> ________________________________
> 
> This e-mail message is confidential and is intended only for the person(s) named above. If you have received this message in error, please notify the sender immediately and delete/remove it from your computer system. Any reading, distribution, printing or disclosure of this message is strictly prohibited if you are not the intended recipient of this message. Neither this information block, the typed name of the sender, nor anything else in this message is intended to constitute an electronic signature unless a specific statement to the contrary is included in this message.
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups

_________________________________________________________
Michael Sweet, Senior Printing System Engineer




More information about the cups mailing list