On Thu, 2007-03-08 at 10:57 +0100, Johannes Meixner wrote: > Hello, > > On Mar 7 10:52 Robert Love wrote (shortened): > > The use case is that a standard use should (optionally) be able to > > manage his printers without requiring the administrator. > > The "optionally" is the crucial word here! > The system admin (i.e. the person who set up the system) > can of course delegate his permissions and set up appropriate > stuff in cupsd.conf so that whatever users on whatever hosts > are allowed to do whatever the system admin likes, > see my mail dated 6 Mar 2007. > > The crucial point is that it is under the system admin's control > who is allowed to do what and that the system admin is aware of > the consequences, for example http://www.cups.org/str.php?L790 > ------------------------------------------------------------------- > the CUPS admin user can copy this way any printout to any place > he likes (e.g. send it via mail to any external address ... > ------------------------------------------------------------------- > If any user could change any print queue, any user could copy > any printout. Note the "copy" which means that it is also > correctly printed on the printer so that an innocent other user > would not notice that his printout was copied.
> I assume this is not what we want to have by default to make our > customers happy in big networks with hundreds of printers ;-) The solution though is in a comment in the upstream bug: "If you would like to contribute a patch which adds a "RestrictFilters" option (or a list of allowed paths, or something like that), we will consider it for inclusion in CUPS 1.2." We could be proactive here and send a patch upstream! -JP -- JP Rosevear <[EMAIL PROTECTED]> Novell, Inc. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
