[prev in list] [next in list] [prev in thread] [next in thread]
List: cups-bugs
Subject: [cups.bugs] [HIGH] STR #2579: Modifying "Basic Server Settings"
From: Jean-Michel Dault <jmdault+cups () revolutionlinux ! com>
Date: 2007-10-31 16:13:30
Message-ID: 20071031161330.413DD3C6844E () dns ! easysw ! com
[Download RAW message or body]
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
When modifiyng a "Basic Server Settings" options using the web interface
(or any other gui that accesses /admin/conf on the server), cups re-writes
cupsd.conf without local changes.
For example, if someone modifies the SystemGroup or adds, "Allow
10.0.0.0/8" to enable access to another local network, these changes will
disappear when cups re-writes cupsd.conf.
We have many cups servers setup this way, both at the office and at
customer's sites (20,000-50,000 users, multiple subnets).
In our setup, we have this:
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
Allow localhost
Allow 10.0.0.0/8
</Location>
Our @SYSTEM group is setup in LDAP so that sysadmins can add printers.
However, we found out that this wasn't such a good idea when one user with
a Ubuntu laptop tried to change the default printer for his own machine. He
had a client.conf that pointed to the main cups server, and the Ubuntu
python GUI used /admin/conf via port 631 to change the default printer.
Cups then re-wrote cupsd.conf, removing the 10.0.0.0/8 line. Final result:
nobody could print.
Temporary workaround:
- Create a new group, populate with local account, choose a random
password, and put it as the "SystemGroup", so no-one knows the password.
- Modify permissions: make sure /admin/conf is only available to @SYSTEM,
and add @newgroup everywhere else.
Right solution:
- modify cups so that it reads and applies local modifications to
cupsd.conf before overwriting it.
Link: http://www.cups.org/str.php?L2579
Version: 1.3.3
_______________________________________________
cups-bugs mailing list
cups-bugs@easysw.com
http://lists.easysw.com/mailman/listinfo/cups-bugs
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic