How can I deny users to add/modify/remove printers to cups?

Question

I am using Mac OS X 10.6. I wrote a program which will add and remove printers to a CUPS server using libcups. It works, but now I am considering the security aspects. This program takes a user name and password to authenticate on the CUPS server. Whatever user name and password I use, it works as long as it is valid on the system. How do I restrict access to only a specific user ?

Regards
Alan

score 0 · Answer 1 · answered Feb 01 '10 at 10:22

0

Check for membership in a particular group. That would be the standard unix way to do it, anyway. Let the system's authentication framework figure out who's a member of a group (could be /etc/group, could be LDAP or Active Directory, doesn't matter).

answered Feb 01 '10 at 10:22

Andrew McGregor

31,730
2
29
28

you mean something like adding *Require user @GROUP* to the cupsd.conf ? That is not doing the trick. – ajcaruana Feb 01 '10 at 15:50

score 0 · Answer 2 · answered Jun 05 '10 at 21:10

Start Safari on your Mac and point it to http://localhost:631/help/ref-cupsd-conf.html

Look up the sections about authorization and Policy, Location, Limit, IPP OPerations and the like.

Basically, you can set up very fine-grained "Policies", defined in cupsd.conf, which regulate access and denial to any IPP operation on a CUPS server.

A detailed example is to be found on http://localhost:631/help/policies.html .

How can I deny users to add/modify/remove printers to cups?

2 Answers2