tags 1006468 patch thanks
On Fri 25 Feb 2022 at 17:02:06 -0500, Celejar wrote: > Package: cups > Version: 2.4.1op1-1 > Severity: normal > > Hello, Thank you for your report, Celejar. > On a fresh CUPS install, I logged into the web interface as root to add > a printer, and was denied with a 401 Forbidden error. The problem seems > to be that root is not a member of a group in @SYSTEM (which by default > only includes lpadmin). I understand that Debian has decided that this > is not a bug: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616718 > > but Debian's documentation seems quite misleading and inconsistent on > this point. > > README.Debian states: > > 'Administration' is where you need to be to set up a local print queue. > At some point you will be required to authenticate. A User Name of 'root' > and root's password is always acceptable. Any other user must be a member > of the lpadmin group. > > This clearly indicates that root does *not* need to be a member of the > lpadmin group. This is an accurate reflection of the situation for Debian distributions up to and including bullseye. It is not the case on bookworm with cups 2.4.1op1-1. Please see #1006727: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006727 > OTOH, 'man cupsd.conf' is more accurate: > > Note: The 'root' user is not special and must be granted privileges > like any other user account. > > I suggest that the language of the README be modified to resemble that > of the man page. The thrust of the README is to point out that a user needs to be a member of the lpadmin group, so a possible documentation change is: 'Administration' is where a user needs to be to set up a local print queue. At some point authentication will be required. For this to be successful the user must be a member of the lpadmin group. The assumption here is that "SystemGroup root lpadmin" is implemented. Regards, Brian.
