On Fri, 2013-12-06 at 14:10 +0000, Tim Allen wrote: > Here's the relevant sections of cupsd.conf: > > DefaultAuthType Basic > WebInterface Yes > > <Location /> > Order allow,deny > Allow @LOCAL > </Location> > > <Location /jobs> > AuthType Default > Require valid-user > Order allow,deny > Allow @LOCAL > </Location> > > <Policy default> > JobPrivateAccess default > JobPrivateValues default > SubscriptionPrivateAccess default > SubscriptionPrivateValues default > > > Log on to CUPS Jobs web page as user1. All jobs (user1 and any other > user) show Name Unknown, User Withheld for each job. This is correct for > default JobPrivateValues (from manual, The "default" values are > "job-name", "job-originating-host-name", and > "job-originating-user-name".) But incorrect for JobPrivateAccess (should > be @OWNER, @SYSTEM). In fact, it doesn't matter what we put for > JobPrivateAccess (all, user1, anything else), the result is the same - > access is barred.
This works as expected for me: the owning user (user1 in your case) gets to see their own job metadata, but not anyone else's, on the basis of their provided 'requesting-user-name' value. In that, that's the default configuration. cups-1.7.0-6.fc20.x86_64 FWIW, I don't think the '/jobs' location restriction is sufficient to password-protect all cases of getting job information. CUPS-Get-Jobs is performed on the printer URI, for instance, and CUPS-Get-Job-Attributes can be performed on a printer URI with a 'job-id' attribute provided. There are also subscriptions to cover. Tim. */
signature.asc
Description: This is a digitally signed message part
-- Next meeting: Bournemouth, Tuesday, 2014-01-07 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread on mailing list: mailto:dorset@mailman.lug.org.uk How to Report Bugs Effectively: http://goo.gl/4Xue
