Mailinglist Archive: opensuse-factory (883 mails)
| < Previous | Next > |
Re: [opensuse-factory] Security or Convenience? Defining a better policy
- From: Johannes Meixner <jsmeix@xxxxxxx>
- Date: Wed, 23 May 2012 15:08:07 +0200 (CEST)
- Message-id: <alpine.LNX.2.00.1205231456450.4153@nelson.suse.de>
Hello,
On May 23 14:14 Stefan Quandt wrote (excerpt):
* Are there any use cases missing?Canceling print jobs.
By default a user can cancel his own print jobs on his local host
according to the CUPS "default" policy in /etc/cups/cupsd.conf
but even more:
Only FYI (of course not obvious for average users):
normal_user@host $ cancel -U root queue_name-job_number
See "man cancel":
------------------------------------------------------------------------
-U username
Specifies the username to use when connecting to the server.
...
-u username
Cancels jobs owned by username.
NOTES
Administrators wishing to prevent unauthorized cancellation
of jobs via the -u option should require authentication
for Cancel-Jobs operations in cupsd.conf(5).
------------------------------------------------------------------------
Background information:
As long as the IPP communication with the cupsd happens without
authentication of the user name, any user can set an arbitrary
user name for the IPP communication.
But if the IPP communication with the cupsd requires authentication,
any user must authenticate first of all which is less user-friendly
but that is the only way if you cannot trust your users.
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx
| < Previous | Next > |