[Bug 614779] New: Adding a printer requires the root password 7 times
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779 http://bugzilla.novell.com/show_bug.cgi?id=614779#c0 Summary: Adding a printer requires the root password 7 times Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: GNOME AssignedTo: bnc-team-gnome@forge.provo.novell.com ReportedBy: stshaw@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- This is absurd at the very least. Having to put my password in 2 times just to bring up the print adding tool from control center is dumb, but to put my password in 5 times to finish the printer add is just plain absurd! -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c1
Vincent Untz
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c2
Vincent Untz
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c3
Ludwig Nussel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c4
Ludwig Nussel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c5
--- Comment #5 from Vincent Untz
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c6
--- Comment #6 from Vincent Untz
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c7
--- Comment #7 from Johannes Meixner
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c8
--- Comment #8 from Ludwig Nussel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c9
Ludwig Nussel
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c10
--- Comment #10 from Ludwig Nussel
So without further review I'd change all org.opensuse.cupspkhelper* to 'auth_admin_keep' so polkit doesn't prompt all the time at least
sr#41671 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c11
Stephen Shaw
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c12
Johannes Meixner
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c
Johannes Meixner
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c13
--- Comment #13 from Vincent Untz
Thanks Johannes. I guess lpinfo -v causes cups to probe some ports which could disturb devices therefore it's admin only.
Ok.
So without further review I'd change all org.opensuse.cupspkhelper* to 'auth_admin_keep' so polkit doesn't prompt all the time at least ('auth_admin_keep_session' doesn't exist anymore with polkit1). The current 'auth_admin' setting is unchanged since 11.1 btw.
Hrm, weird. I wonder why it wasn't asking for password more than once in the past, then, since it was already using more than once dbus methods.
Also, when I try to add a fake local printer at file:///dev/lp0 there's an authentication dialog that's not from polkit and doesn't accept the root password.
My guess is that cups doesn't like this URI, which is why it's not accepted. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c14
--- Comment #14 from Ludwig Nussel
@Ludwig I haven't tried an usb printer yet. This is just trying to setup the local network printers here in provo. I did get a list of printer from the network that auto added, but I have no idea where they are located. Out of the 3 printers we have in the very close area non of them were on the list. I was
Time to kick the admins to fix the network setup :-)
As for the password stuff, it seems insane. From an admin point of view if I authenticated with the system to add a printer I don't care to authorize it every step of the way. I proved that I was the admin and therefore expect to be uninterrupted while adding that printer.
Well, I agree. That's up to the design of the program you are using though. Try for example yast instead to see a different approach. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c15
Ludwig Nussel
So without further review I'd change all org.opensuse.cupspkhelper* to 'auth_admin_keep' so polkit doesn't prompt all the time at least ('auth_admin_keep_session' doesn't exist anymore with polkit1). The current 'auth_admin' setting is unchanged since 11.1 btw.
Hrm, weird. I wonder why it wasn't asking for password more than once in the past, then, since it was already using more than once dbus methods.
Indeed. Could be called bypass of intended access restrictions :-)
Also, when I try to add a fake local printer at file:///dev/lp0 there's an authentication dialog that's not from polkit and doesn't accept the root password.
My guess is that cups doesn't like this URI, which is why it's not accepted.
Yepp. file:///dev/null works. That stange authentication dialog is a weird way to tell me the url is not acceptable though. Anyways, closing this bug as as fixed. With auth_admin_keep the root password is only needed twice now. Further improvements are a matter of system-config-printer/cups-pk-helper design. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c16
--- Comment #16 from Stephen Shaw
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c17
--- Comment #17 from Ludwig Nussel
(In reply to comment #13)
So without further review I'd change all org.opensuse.cupspkhelper* to 'auth_admin_keep' so polkit doesn't prompt all the time at least ('auth_admin_keep_session' doesn't exist anymore with polkit1). The current 'auth_admin' setting is unchanged since 11.1 btw.
Hrm, weird. I wonder why it wasn't asking for password more than once in the past, then, since it was already using more than once dbus methods.
Indeed. Could be called bypass of intended access restrictions :-)
Cups apparently didn't have the CUPS-Get-Devices ACL previously so that would explain why listing devices didn't require authentication. The other differences are probably related to change in behavior between PolicyKit and polkit1. The former kept the authentication for the life time of the process by default unless explicitly declared one-shot. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c18
--- Comment #18 from Johannes Meixner
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c19
Johannes Meixner
![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
http://bugzilla.novell.com/show_bug.cgi?id=614779
http://bugzilla.novell.com/show_bug.cgi?id=614779#c20
--- Comment #20 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com