How do I setup CUPS 1.3.9?

Export to PDF | Export to DOC

Problem:  How do I setup CUPS 1.3.9?

 

Solution:

1. Refer to SCO TA 127292

The TA states to comment the following for unrestricted access in the /etc/cups/cupsd.conf :
#Restrict access to the server…
#<Location />
#Order allow,deny
#</Location>

&

#Restrict access to the admin pages…
#<Location /admin>
#Encryption Required
#Order allow,deny
#</Location>

Do not comment out the #<Location />  #<Location /admin> & </Location>

So the lines should look like:
# Restrict access to the server…
<Location />
# Order allow,deny
</Location>

&

# Restrict access to the admin pages…
<Location /admin>
# Encryption Required
# Order allow,deny
</Location>

 

2. If you attempt to access the server using https://public-or-private-ip-address-of-server:631 (You will get “426 Upgrade Required” if you do not use https).

This is caused by MP4 version for OpenServer where the CUPS denial of service security hole in the previous release is fixed.

Note: To access via the Internet make sure firewall has port 631 open and NAT to the Unix server.

To fix this use the below /etc/cups/cupsd.conf file (Changes are italicized):

#
# “$Id: cupsd.conf.in 7199 2011-01-08 00:16:30Z mike $”
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler. See “man cupsd.conf” for a complete description of this
# file.
#

# Log general information in error_log – change “info” to “debug” for # troubleshooting…
LogLevel info

# Administrator user group…
SystemGroup sys root

# Only listen for connections from the local machine.
# Listen localhost:631
Port 631

Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all

# Default authentication type, when authentication is required…
DefaultAuthType Basic
DefaultEncryption Never
DefaultEncryption IfRequested
DefaultEncryption Required

# Restrict access to the server…
<Location />
# Order allow,deny
</Location>

# Restrict access to the admin pages…
<Location /admin>
Require user root
# Encryption Required
# Order allow,deny
</Location>

# Restrict access to configuration files…
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>

# Set the default printer/job policies…
<Policy default>
# Job-related operations must be done by the owner or an administrator…
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

# All administration operations require an administrator to authenticate…
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# All printer operations require a printer operator to authenticate…
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>

# Only the owner or an administrator can cancel or authenticate a job…
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>

<Limit All>
Order deny,allow
</Limit>
</Policy>

#
# End of “$Id: cupsd.conf.in 7199 2011-01-08 00:16:30Z mike $”.
#

Leave a Reply

Your email address will not be published. Required fields are marked *