small progress, no help so far with cups

Gene Heskett gene.heskett at verizon.net
Thu Sep 28 05:29:24 UTC 2006 

On Thursday 28 September 2006 00:56, Daniel Pittman wrote:
>Rob Blomquist <rob.blomquist at verizon.net> writes:
>> On Wednesday 27 September 2006 03:58, Gene Heskett wrote:
>
>[...]
>
>> I can't find it now, but there was a help page that got me set up
>> right. I had to install Gutenprint and some other utils that were
>> necessry for my printer, but not in the main install. The number one
>> pain I have with Ubuntu is that the web-configuration utility is
>> broken in Ubuntu due to how they do the root less security.
>>
>> You can not use the localhost:631 to configure your printer. It is
>> hopeless!
>>
>> You must use either the command line, or the KDE or Gnome printor
>> tool, and be sure to set administrator privledges.
>
>Actually, you /can/ use it, but it requires some non-standard settings.
>
>The quick-start guide is:
>
>  ] sudo adduser cupsys shadow
>  ] sudo /etc/init.d/cupsys stop
>  ] sudo /etc/init.d/cupsys start
>
>Now, go for your life with the local HTML administrative tools.

Which is fine with me, its *all* behind a firewall thats behind a router, 
and 3 attempts have made it as far as the log on the firewall box as 
portsentry shut them down dead in the last 3.5 years.  2 got in that far 
because they were known addresses as they were the vz assigned dns servers 
I use.  A nastygram to vz once I'd figured out why I didn't have a dns 
caused a 4 hour shutdown while they re-imaged their *&% windows boxes each 
time.  The last time was some jerk in hangchow.  He didn't get any farther 
either.

>Use a local user login that is a member of lpadmin, of course.
>
>You should also be aware that you just gave the cupsys code the rights
>to check passwords for everyone, which in turn means that it is a
>potentially remotely exploitable path to guessing your passwords.
>
>> Why the Ubuntu folks have decided to break some of the better things
>> about certain linux programs, I have no idea. I have been with linux
>> for 6 years, and Ubuntu is partly the easiest, and partly the hardest
>> I have ever worked with.
>
>Security, in this case, in that it radically reduces the number of
>pieces of software that handle data from arbitrary local (or remote)
>users, and which have access to the password database.
>
>Also, convenience, because the HTML interface isn't a nice way to
>administer the CUPS system compared to the GUI tools, for most users.

I'll mildly disagree with that, having been using it for several years on 
redhatish systems.  I could have done that with the web server in 1/4 to 
1/2 the time it took kcontrol.  And when its importing lp2 (etc) from a 
server on the network, it should assume the drivers are properly 
configured on the server, and automaticly just ship the raw file over the 
cat5.  I wasted some time on that too...  But the bottom line is that its 
working & thats the important thing.  Many thanks.


>Regards,
>        Daniel
>--
>Digital Infrastructure Solutions -- making IT simple, stable and secure
>Phone: 0401 155 707        email: contact at digital-infrastructure.com.au
>                 http://digital-infrastructure.com.au/

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

More information about the kubuntu-users mailing list