[Bug 114714] Re: Lack support to gksu
For me authentication works as expected in the current s-c-p (0.7.71) together with the current CUPS (1.2.12 or 1.3.0 RC2) using the current Gutsy packages. If I am a user in the lpadmin group I can do everything without being asked for a password, including the server configuration settings. If I connect to a Feisty machine using the "Goto Server" button (and the user name of a user who is in the "lpadmin" group of the Feisty box) I can see all printers, but I cannot configure anything or add printers. I get "client-error-forbidden". But if I add "allow @LOCAL" to the "/admin" and "/admin/conf" locations in the cupsd.conf on the Feisty box and restart CUPS, s-c-p asks me for password of the user when I do the first queue addition or printer configuration change. I cannot change the server configuration of the Feisty box though, because Feisty still uses the CUPS with non-root patches. These patches are given up in Gutsy. So CUPS and system-config-printer in Gutsy work perfectly well as foreseen by the upstream CUPS. Note that I have done a little patch on s-c-p, as the upstream version is hard-coded to connect to CUPS with the user name "root" by default. The patch lets the user name of the user calling s-c-p being used, which is the most adequate for Ubuntu (or any other distros with locked root account). Hint: If an unprivileged user is logged in on the desktop, you do not need to log him out to do printer administration, nore do you need to "su" to your account from the command line. Simply start s-c-p and then click "Goto Server" and choose "localhost" and your user name. You will be asked for your password when you submit your first change. I think nothing needs to be done here, perhaps changing the button text "Goto Server" to "Server/Authentication" or so. Closing as fixed. ** Changed in: system-config-printer (Ubuntu) Status: Confirmed => Fix Released ** Also affects: cupsys (Ubuntu) Importance: Undecided Status: New ** Changed in: cupsys (Ubuntu) Status: New => Fix Released -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
What's your suggestion for it? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
CUPS uses PAM for authentication. Perhaps there is some configuration of /etc/pam.d/cups that can help you? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
> I don't understand what you mean by "add the user at lpadmin too" -- can you explain what you mean by that? On Debian and Ubuntu, there two type of users allowed to change CUPS admin options (share printers and like) by default. They are: root and members of lpadmin group. Currently Ubuntu locks root user so you can't change to user by its password since it has no password set and it's locked down. It uses sudo to auth as root. (Jani, have I missed something here?). In this specific case, I haven't found a way to allow a user to be able to change printer options _without_ adding him/her to lpadmin group. Iif root account weren't locked, we might provide root password but it's locked. I'd like to have a centralized place where I can say who has admin rights on this machine and then this specific person will have full control (usually allowing him/her to use sudo to move to root). My specific issue here is it won't work since I cannot "auth on sudo" on s-c-p. I hope I was clear now. There's something not understood yet? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
I think there is a misunderstanding about how system-config-printer authenticates. It does not become the root user at any point. It uses libcups (the CUPS API) to communicate with the CUPS server using the IPP protocol. At connection time we specify which user we are connecting as (usually root). When authentication is needed for a request, libcups runs our callback to provide it with a password, and at that stage we put a dialog on the screen. On Fedora we currently use consolehelper in addition to this, only to make use of the cached authentication credentials that the pam_timestamp module provides -- but I do not like having to run the entire application as root, and may well remove this in future. system-config- printer caches authentication credentials in the session already. I don't understand what you mean by "add the user at lpadmin too" -- can you explain what you mean by that? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
Yes, it's an option but it's not good IMHO since you'd need to add every user that would be admin not only at sudo but also at lpadmin group too. Yes, I'm suggesting it or something that provides the same fuctionality for enduser. Ideas? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
Is adding to lpadmin not actually cleaner? Is is not recommended for some reason? Are you sugesting s-c-p respawning itslef with gksu when trying to set server settings? We have to see how the Fedora upstream maintainer handles this case. -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
Well, as Ubuntu, many Desktop target systems are currently using sudo and locking their root account. On this specific case you won't be able to change server permissions except if you add the user at lpadmin too. My idea is to use gksu to ask the password and then start a new instance of s-c-p as root making possible to change the need server params and like. -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
hi, can you detail what are the current problems that this will solve? thanks -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 114714] Re: Lack support to gksu
My initial idea might be add something on gconf that could change the way of privilage scale is handled and then starting a new instance of system-config-printer if the user provide the right gksu password. It looks enough to most of scenarios I can think about. Comments? -- Lack support to gksu https://bugs.launchpad.net/bugs/114714 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs