[Casper] Allow Non-Admin Users to Add Printers in Leopard

Miles Leacy miles.leacy at themacadmin.com
Thu Dec 18 08:21:10 PST 2008 

If you want to avoid the "sledgehammer approach" and want to stay ahead of
OS updates, you could run your /etc/cups/cupsd.conf modification script as
an "after" script in the same policy you use to run software update.

----------
Miles A. Leacy IV

 Certified System Administrator 10.4
 Certified Technical Coordinator 10.5
 Certified Trainer
Certified Casper Administrator
----------
voice: 1-347-277-7321
miles.leacy at themacadmin.com
www.themacadmin.com




On Thu, Dec 18, 2008 at 11:16 AM, Gibson, Robb <RobbGibson at officemax.com>wrote:

>  Hi Martin... When we first moved to Leopard (which was at 10.5.2 at the
> time), we added "Require valid-user" to the following:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
> CUPS-Delete-Class CUPS-Set-Default>
>
> AuthType Default
> Require user @SYSTEM
> Require valid-user
> Order deny,allow
>
>
> That would at least enable end users to add and remove printers either
> through an application or in the CUPS admin page. However, since we upgraded
> to 10.5.5 a month ago, we found that process no longer works and ended up
> removing the two lines you mentioned. I had brought this up to one of our
> Apple reps and they replied to system updates would likely reset the CUPS
> config file each time you run an incremental update.
>
> I would agree with Miles that blowing away the CUPS statements probably
> isn't the most delicate solution, but I haven't been able to find a better
> one. I wouldn't say our Mac deployment is huge (100 corporate Macs and
> another 100 spread out in retail land), but I'm not going to run around to
> add and delete printers because Apple changed that option to admin only.
>
>
> *Robb Gibson
> *System Engineer - eMMS, Publishing Systems
> OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
> (630) 864-5242
>
>
>
>
> On 12/18/08 6:46 AM, "Miles Leacy" <miles.leacy at themacadmin.com> wrote:
>
> Rather than follow the instructions at the given link, and deleting these
> lines, I would add another group to these limit statements.  You could use
> "staff" or if you need to keep certain people from messing with printers,
> you could create a new group for this purpose.
>
> I wouldn't delete the statements because that's a sledgehammer approach to
> the problem.  Instead of giving out a key to the proverbial gate, deletion
> tears the gate from its hinges and allows anyone and everyone in.
>
> You can find & replace text using sed.  I'm not great with sed, but I did
> develop a script through trial & error to perform this task on another
> config file.  I'll pass it on when I get to the office today.
>
> ----------
> Miles A. Leacy IV
>
>  Certified System Administrator 10.4
>  Certified Technical Coordinator 10.5
>  Certified Trainer
> Certified Casper Administrator
> ----------
> voice: 1-347-277-7321
> miles.leacy at themacadmin.com
> www.themacadmin.com <http://www.themacadmin.com>
>
>
>
>
> On Thu, Dec 18, 2008 at 4:24 AM, Martin van Diemen <
> martin-van-diemen at g-star.com> wrote:
>
> Hi,
>
> I want users to be able to add printers without filling in the
> administrators password.
>
> I did some research and found out that I just need to remove the following
> lines from the /etc/cups/cupsd.conf:
>
> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
> CUPS-Delete-Class CUPS-Set-Default>
>     AuthType Default
>     Require user @SYSTEM
>     Order deny,allow
> </Limit>
> <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer$
>     AuthType Default
>     Require user @AUTHKEY(system.print.admin) @admin @lpadmin
>     Order deny,allow
> </Limit>
>
> Source: http://mattson.edgemereroadrunners.com/?p=291
>
> Does anyone know I can remove these lines with a bash script? I don't want
> to replace the file by making use of a package.
>
> Thanks in advance!
>
> Kind Regards,
>
> Martin van Diemen
>
> t +31(0) 205677744
> __________________
>
> G-Star International B.V.
> www.g-star.com <http://www.g-star.com>
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
>
> ------------------------------
> _______________________________________________
> Casper mailing list
> Casper at list.jamfsoftware.com
> http://list.jamfsoftware.com/mailman/listinfo/casper
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/645dfa0e/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 4528 bytes
Desc: not available
Url : http://list.jamfsoftware.com/pipermail/casper/attachments/20081218/645dfa0e/attachment.gif

More information about the Casper mailing list