[cups] Allow remote printer admin, but not edit config file
daku8938 at gmx.de
daku8938 at gmx.de
Thu Feb 4 06:22:00 PST 2021
Hello,
running CUPS 2.2.7 on Ubuntu18 server.
I want members of the lpadmin user group to have full remote access to manage printers, print-jobs and view log files.
But those users shall _not_ be allowed to edit (or even view) the /etc/cups/cupsd.conf file and restart cups.
Here is the /etc/cupsd.conf
<Location />
# Allow remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin>
AuthType Default
Require user @SYSTEM
# Allow remote administration...
Order allow,deny
Allow all
</Location>
<Location /admin/conf>
# Allow remote access to the configuration files...
Order allow,deny
</Location>
<Location /admin/log>
AuthType Default
Require user @SYSTEM
Order allow,deny
# Allow remote access to the log files...
Order allow,deny
Allow all
</Location>
I would guess the location /admin/conf/ would be the point to disallow editing the cupsd.conf file via web interface.
But editing the cupsd.conf goes via /admin/. So here I disallowed /admin/conf/ but it does not have effect.
So how can I prevent the printer admins from remote editing the cupsd.conf file via web interface and restarting cupsd ?
Thank you
More information about the cups
mailing list