Once upon a time, Robert Marcano <rob...@marcanoonline.com> said: > Nothing against driverless printing, this is something I really > like, bit I think all the move to HTTP is ignoring the feature that > is being removed, and that I have an use for. There is not possible > to have a printer connected to a computer that can't be restricted > by CUPS to be used by only a few authorized users. The admin can > implement CUPS authentication but an ipp://localhost:60000 open port > entirely open to anyone on the local machine to submit print jobs > directly bypassing CUPS.
I haven't tried it with firewalld or the newer nftables, but old iptables could set rules based on user ID. I'd expect nftables also implemented that, and firewalld could handle it in some fashion (possibly a rich rule). With that, you could limit HTTP access to root (I think cups runs as root). -- Chris Adams <li...@cmadams.net> _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
