Mailinglist Archive: opensuse-factory (393 mails)
| < Previous | Next > |
Re: [opensuse-factory] Printing in openSUSE 10.3
- From: JP Rosevear <jpr@xxxxxxxxxx>
- Date: Thu, 08 Mar 2007 11:16:06 -0500
- Message-id: <1173370567.22189.269.camel@xxxxxxxxxxxxxxxxxxxxx>
On Thu, 2007-03-08 at 10:57 +0100, Johannes Meixner wrote:
> Hello,
>
> On Mar 7 10:52 Robert Love wrote (shortened):
> > The use case is that a standard use should (optionally) be able to
> > manage his printers without requiring the administrator.
>
> The "optionally" is the crucial word here!
> The system admin (i.e. the person who set up the system)
> can of course delegate his permissions and set up appropriate
> stuff in cupsd.conf so that whatever users on whatever hosts
> are allowed to do whatever the system admin likes,
> see my mail dated 6 Mar 2007.
>
> The crucial point is that it is under the system admin's control
> who is allowed to do what and that the system admin is aware of
> the consequences, for example http://www.cups.org/str.php?L790
> -------------------------------------------------------------------
> the CUPS admin user can copy this way any printout to any place
> he likes (e.g. send it via mail to any external address ...
> -------------------------------------------------------------------
> If any user could change any print queue, any user could copy
> any printout. Note the "copy" which means that it is also
> correctly printed on the printer so that an innocent other user
> would not notice that his printout was copied.
> I assume this is not what we want to have by default to make our
> customers happy in big networks with hundreds of printers ;-)
The solution though is in a comment in the upstream bug:
"If you would like to contribute a patch which adds a "RestrictFilters"
option (or a list of allowed paths, or something like that), we will
consider it for inclusion in CUPS 1.2."
We could be proactive here and send a patch upstream!
-JP
--
JP Rosevear <jpr@xxxxxxxxxx>
Novell, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
> Hello,
>
> On Mar 7 10:52 Robert Love wrote (shortened):
> > The use case is that a standard use should (optionally) be able to
> > manage his printers without requiring the administrator.
>
> The "optionally" is the crucial word here!
> The system admin (i.e. the person who set up the system)
> can of course delegate his permissions and set up appropriate
> stuff in cupsd.conf so that whatever users on whatever hosts
> are allowed to do whatever the system admin likes,
> see my mail dated 6 Mar 2007.
>
> The crucial point is that it is under the system admin's control
> who is allowed to do what and that the system admin is aware of
> the consequences, for example http://www.cups.org/str.php?L790
> -------------------------------------------------------------------
> the CUPS admin user can copy this way any printout to any place
> he likes (e.g. send it via mail to any external address ...
> -------------------------------------------------------------------
> If any user could change any print queue, any user could copy
> any printout. Note the "copy" which means that it is also
> correctly printed on the printer so that an innocent other user
> would not notice that his printout was copied.
> I assume this is not what we want to have by default to make our
> customers happy in big networks with hundreds of printers ;-)
The solution though is in a comment in the upstream bug:
"If you would like to contribute a patch which adds a "RestrictFilters"
option (or a list of allowed paths, or something like that), we will
consider it for inclusion in CUPS 1.2."
We could be proactive here and send a patch upstream!
-JP
--
JP Rosevear <jpr@xxxxxxxxxx>
Novell, Inc.
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |