6

When a user wants to add a new printer it's asking for a root password. I have an LTSP environment and the system is asking for a root password all the time; it's not asking even for a sudo'ed user's password. Is there any way to allow a certain user to add/edit/remove printers and not to have any other special access?

Improve this question

3 Answers 3

Reset to default
9

Have a look at the files in /etc/cups

I do not have a Fedora 15 system to hand - but looking at a recent RHEL box, the relevant bits are in /etc/cups/cupsd.conf

....
# Administrator user group...
SystemGroup sys root
....
# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Basic
  Require user @SYSTEM
  Order allow,deny
  Allow localhost
</Location>
....
 # All administration operations require an adminstrator to authenticate...
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer 
     Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs 
     Release-Held-New-Jobs Deactivate-Printer Activate-Printer 
     Restart-Printer Shutdown-Printer Startup-Printer Promote-Job 
     Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer 
     CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs 
     CUPS-Reject-Jobs CUPS-Set-Default>
  AuthType Basic
  Require user @SYSTEM
  Order deny,allow
</Limit>

IIRC, @SYSTEM is a macro for the groups listed in SystemGroup

Improve this answer
1
  • 1
    For CentOS 7 (release 1810), the SystemGroup definition appears in /etc/cups/cups-files.conf instead of with the cupsd.conf daemon setup shown above. On many systems, simply adding group wheel to the SystemGroup definition will grant printer-configuration privileges to all administrators and sudo users. The system required a reboot for the new SystemGroup to take effect -- the cups service was unable to respond to a systemctl reload command.
    – Fred Schleifer
    Commented Jan 6, 2019 at 2:17
1

Add the user to the lp group. If that doesn't work, check ls -l /dev/_your_printer_ and see which group owns it

Improve this answer
2
  • Thank you! Currently the problem is that so the printers are network printers. And not local. So they wouldn't appear in /dev/ folder.
    – bakytn
    Commented Sep 20, 2011 at 6:17
  • are you using cups? if yes - adding user to lp group and managing printer via cups should solve problem
    – vasily-vm
    Commented Sep 20, 2011 at 6:37
0

If you're using winbind to connect to an active directory, you can also specify an active directory group by prefixing with an @. For example @PrintOperators ...

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .