The user account created as the first one on the system (or accounts
created as privileged accounts) are in the group "lpadmin" (see
/etc/group). They can do CUPS administration without password. They can
call commands like system-config-printer or lpadmin without sudo. Check
whether the desired accounts are in the lpadmin group. In the web
interface of CUPS (http://localhost:631/) these users use their own user
names and passwords.
For other users and for access with basic authentication passwords are
needed. I do not know how CUPS exactly verifies the passwords. AFAIR it
uses PAM. The problem looks for me that AppArmor prevents the access to
the passwords. The AppArmor configuration
(/etc/apparmor.d/usr.sbin.cupsd) of CUPS seems to need a change. Note
that the protection also applies to sub processes. So if CUPS calls some
module of PAM, the PAM module is probably also restricted.
For a test try
sudo aa-complain cupsd
for AppArmor not blocking anything, only giving warnings in the log
file. Does it work then.
sudo aa-enforce cupsd
gets you back to the default state.
** Changed in: cupsys (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Martin Pitt (pitti)
Status: New => Incomplete
Target: None => ubuntu-7.10
--
cups denied access to /etc/shadow
https://bugs.launchpad.net/bugs/152061
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
