remote management of shared network printer on Ubuntu server
Ryan Jacobs
ryan at ungana-afrika.org
Sun Sep 11 20:31:08 UTC 2005
Thomas, thanks for that push...
Actually, I had previously stumbled across this in a Ubuntu Forum:
http://ubuntuforums.org/archive/index.php/t-2126.html
But when I tried it (adding cupsys to shadow group), I still could not
access admin functions in the CUPS interface. Since that Forum post was
related to Warty, I figured this "hack" may have been disabled in Hoary,
and dismissed it. Since you mentioned it again., I did some more
digging, and finally got it going. Actually it turns out to be a
many-step process. Here is what I needed to do (in case anyone is
interested):
-I added "cupsys" to the "shadow" group. I have no idea why this allows
admin function access in CUPS, or what kind of security holes I may be
opening up, but it works. Well, it works, but not at first....
-Right, so the above still did not get me in. It turns out that in cups,
admin access is only allowed to the "SystemGroup" which, by default, is
"lpadmin". My lpadmin group was empty (not even my main admin user was
in there). So I edited the cupsd.conf file such that SystemGroup is my
local administrators group
-Ok, now I could get into the admin functions if I accessed
localhost:631, or 127.0.0.1:631, and if I was doing it from the server
itself (no remote machines could access the interface). So to get remote
machines accessing CUPS, I had to edit the <Location /> directive to
ALLOW access from other machines (Allow From 192.168.10.1/24 - my whole
local domain). IN ADDITION, I had to add a general "Listen
192.168.10.1:631" statement so that CUPS would LISTEN at something other
than localhost.
-Haha, now I could get to the CUPS interface from a remote machine, but,
hey, I could not access admin options from a remote machine. Weird ne?
To fix that I had to go back into cupsd.conf, and edit the <Location
/admin> directive to comment out the following:
# Order Deny,Allow
# Deny From All
# Allow From 127.0.0.1
Then it all worked...
That was something... and now my head hurts, and I think I'm going to go
read a book, or a magazine, or the label of an Amstel bottle.
Thanks,
Ryan
Thomas Kaiser (ubuntu) wrote:
> Ryan Jacobs wrote:
>
>> Typically I would do this via the cups web administration interface
>> (host:631), but it seems that all the administrator functionality has
>> been locked down due to security reasons in Ubuntu. In addition. no
>> matter how much I play with conf files (cupsd.conf, etc.), I can't
>> access this interface from a remote networked machine.
>
>
> I thinky you have to add the user cupsys to the shadow group. Search the
> mail archive of this list (cups shadow), because this problem was
> discussed earlier on this list. And make shure the port is open if you
> use any firewall.
>
> Regards, Thomas
>
More information about the ubuntu-users
mailing list