[cups] Allow remote printer admin, but not edit config file
daku8938 at gmx.de
daku8938 at gmx.de
Fri Feb 5 02:37:54 PST 2021
Thanks Helge, unfortunately I cannot see how your answer relates to my question.
Currently, access to /admin/conf/ ist forbidden for everyone (see my posted config).
This is wanted and works.
But unfortunately, that does not prevent users in the @SYSTEM group from editing the cupsd.conf file vie web GUI,
because it looks like that goes over /admin/ and @SYSTEM group users have access to /admin/, because access to /admin/ is needed to administrate printers.
So how can users in the @SYSTEM group be allowed to administrate printers, but not edit cupsd.conf file ?
Because in cupsd.conf there is ACL configuration, and people could give themselves or others more privileges, but that shall not be.
> I’d try something like:
>
> <Location /admin/conf>
> Oder allow, deny
> Require user somebody at somegroup
> </Location>
>
> where somebody and/or some group are user- and group-names unique to the host
> the server is running.
>
> Helge
>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
>
More information about the cups
mailing list