Hello, On Oct 18 10:59 John Hosszu wrote (shortened): > if I just add a user to lp in the lab I still do not have access > to printer state in SUSE.
What exactly do you mean with "access to printer state"? Do you mean to be able to change the queue state via the "print control" menu in hp-toolbox e.g. to enable/disable printing? Or do you mean to be able to only see the queue state via the "status" menu in hp-toolbox? > I typically have to assign the sys group to the user or add lp to my > cupsd.conf. Under sys I can freely control the printer without password. Changing print queue state (e.g. enable/disable printing) requires CUPS admin permissions. By default (according to the CUPS default policy in cupsd.conf which is the CUPS version 1.2 upstream default policy) only root has CUPS admin permissions so that from my point of view it is perfectly correct that hp-toolbox must be run as root or the normal user is appropriately added to cupsd.conf or hp-toolbox provides a dialog to run it as root or hp-toolbox lets the user authenticate at CUPS as root when it sends its request to the cupsd to change the print queue state. By the way1: See "Allow printer admin tasks for a normal user" at the bottom of http://en.opensuse.org/SDB:CUPS_in_a_Nutshell By the way2: If a computer exists in a secure and trusted environment (e.g. a computer in a well secured internal company network where you trust all other users which work there but of course not a computer with an Internet connection) and if the user really likes to have no security regarding printing at all, then he may add this to his cupsd.conf: ------------------------------------------------------------------- # Totally open and insecure policy which allows any user anything: <Policy allowanything> <Limit All> Order deny,allow </Limit> </Policy> DefaultPolicy allowanything -------------------------------------------------------------------- This removes any authentication from any printing (admin) tasks. Have in mind that a user who is allowed to do printer admin tasks can change the print queues as he likes (e.g. send copies of print jobs to any external destination). Note the "copy": An innocent user who submitted a (confidental) print job will get his printout as usual and therfore he will not notice that also a copy was sent to an external recipient. By the way3: Be brave and simply work as root ;-) Seriously: Perhaps it is even more secure (but not safe against mistakes) if a person simply works as root on his computer instead of opening everything on his computer so that any normal user is allowed to do anything? Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ HPLIP-Help mailing list HPLIP-Help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hplip-help
