Results 1 to 10 of 10

Thread: Cups lppasswd problems in 11.0

  1. #1
    Join Date
    Jul 2008
    Location
    Toledo Ohio USA
    Posts
    19

    Default Cups lppasswd problems in 11.0

    Hello all,

    I have used CUPS for my printing for a long time now (since 10.2),

    when i upgraded from 10.3 to 11.0 and tried to use lppasswd to set up a root account and password, i get the error:

    lppasswd: Unable to open password file: Permission denied
    permission denied? I am running lppasswd as root!

    I have tried 'lppasswd -g sys -a root' and it doesn't work either..

    can anyone shed some light on my predicament?

    Many thanks
    Last edited by xcrln; 17-Jul-2008 at 12:15. Reason: more info

  2. #2
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,710
    Blog Entries
    1

    Default Re: Cups lppasswd problems in 11.0

    Post the output of

    cat /etc/cups/cupsd.conf

    It should have the line

    # Administrator user group...
    SystemGroup sys root
    As I understand things (and it works for me), I can configure via the CUPS web interface as root with root password ok.

    I get the same error with the lppasswd command, but it does not affect my CUPS configuration.

  3. #3
    Join Date
    Jul 2008
    Location
    Toledo Ohio USA
    Posts
    19

    Default Re: Cups lppasswd problems in 11.0

    Code:
    # Log general information in error_log - change "info" to "debug" for
    # troubleshooting...
    LogLevel info
    
    # Administrator user group...
    SystemGroup sys root
    
    
    # Only listen for connections from the local machine.
    Listen localhost:631
    Listen /var/run/cups/cups.sock
    
    # Show shared printers on the local network.
    Browsing On
    BrowseOrder allow,deny
    BrowseAllow all
    
    # Default authentication type, when authentication is required...
    DefaultAuthType Basic
    
    # Restrict access to the server...
    <Location />
      Order allow,deny
      Allow 127.0.0.2
    </Location>
    
    # Restrict access to the admin pages...
    <Location /admin>
      Encryption Required
      Order allow,deny
    </Location>
    
    # Restrict access to configuration files...
    <Location /admin/conf>
      AuthType Default
      Require user @SYSTEM
      Order allow,deny
    </Location>
    
    # Set the default printer/job policies...
    <Policy default>
      # Job-related operations must be done by the owner or an administrator...
      <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
        Require user @OWNER @SYSTEM
        Order deny,allow
      </Limit>
    
      # All administration operations require an administrator to authenticate...
      <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
        AuthType Default
        Require user @SYSTEM
        Order deny,allow
      </Limit>
    
      # All printer operations require a printer operator to authenticate...
      <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
        AuthType Default
        Require user @SYSTEM
        Order deny,allow
      </Limit>
    
      # Only the owner or an administrator can cancel or authenticate a job...
      <Limit Cancel-Job CUPS-Authenticate-Job>
        Require user @OWNER @SYSTEM
        Order deny,allow
      </Limit>
    
      <Limit All>
        Order deny,allow
      </Limit>
    </Policy>
    
    #
    # End of "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $".
    #
    when you say it works with root password, do you mean your superuser root password, or the root password you set through lppasswd?

  4. #4
    Join Date
    Jan 2008
    Location
    Kenton, TN USA
    Posts
    1,023

    Default Re: Cups lppasswd problems in 11.0

    Thread moved to Network/Internet
    opensuse.org.help.network-internet
    Last edited by kastorff; 17-Jul-2008 at 18:04.
    Keith Kastorff

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,710
    Blog Entries
    1

    Default Re: Cups lppasswd problems in 11.0

    when you say it works with root password, do you mean your superuser root password, or the root password you set through lppasswd?
    Reply With Quote
    The superuser account with root password works for me for cups administration. (I'm not able to add or delete any other accounts with lppasswd though as others have also reported).

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    23,710
    Blog Entries
    1

    Default Re: Cups lppasswd problems in 11.0

    Looking into this lppasswd issue a little more, I found that the owner of this file is 'lp - sys' by default. This will limit the actions you can take with adding users etc. They say a little knowledge is dangerous, so I can see steps have been taken to enhance the security of cups (ie this is not a bug).

    Anyway, if you want to take control back again, then you can do the following:

    chown root /usr/bin/lppasswd

    Now you will fine you can do

    lppasswd -g sys -a anythingyoulike

    I actually think (in my limited user experience) that this is not needed, and that all configuration can be done via cupsd.conf editing (as root) and the CUPS interface or yast printer utility, but maybe some users have good reason to use lppasswd to add users etc. If so, go ahead and change ownership as explained above. Hope this clarifies things.

  7. #7
    Join Date
    Jul 2008
    Location
    Toledo Ohio USA
    Posts
    19

    Default Re: Cups lppasswd problems in 11.0

    Thank you so much, I will give it a try and get back to you,

    all configuration can be done via cupsd.conf editing (as root) and the CUPS interface or yast printer utility
    Actually for me, neither the CUPS interface nor yast acutally completely configured the printer with out the authorization error

    thank you again,

  8. #8

    Default Re: Cups lppasswd problems in 11.0

    CUPS uses PAM, not lppasswd anymore.

  9. #9
    andras_buki NNTP User

    Default Re: Cups lppasswd problems in 11.0

    Today I have upgraded to OpenSuse 11.0 on one of my computers, bumped into the same problem and have found a rather strange solution.

    When I have opened the CUPS administration page (localhost:631) with Konqueror authentication never worked. (Tried to play with /etc/cups/cupsd.conf but without any success.)

    However when I opened the same page with Opera even the displayed picture was different and with my root password everything worked fine.

    All in all I have no idea what did I do today and why did it work, but my network printer works fine.

  10. #10
    andras_buki NNTP User

    Default Re: Cups lppasswd problems in 11.0

    One more little - and maybe unimportant - detail to my previous post: during the trial and error process at one point I have overwritten the /etc/cups/cupsd.conf file with /etc/cups/cupsd.conf.default.

    Maybe it did not have any effect because the two seemed to be rather identical, but I am not sure.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •