[Casper] non-admin printer access

Wed Apr 8 11:54:25 PDT 2009

Thanks Steve, I¹ll give it a whirl!

It¹s probably worth mentioning to everyone that a similar discussion took
place back in December and Ryan Harter observed that the reason that CUPS
requires an admin authorization for adding and removing printers was to
close a security hole in the OS.

On 4/8/09 1:15 PM, "Steve Wood" <swood at integerdallas.com> wrote:

> Easiest way I know to do it, short of an Apple supplied script/method, would
> be to delete/move the printers.conf file and restart cups:
> 
> #!/bin/bash
> # 
> # Name:  removeallprinters.sh
> # Date:  4-3-09
> # Author:  Steve Wood (swood at integerdallas.com)
> #
> # This script will move the current printers.conf file to printers.conf.old so
> we can remove
> # all printers from the machine.
> 
> mv /etc/cups/printers.conf printers.conf.old
> 
> # now restart cupsd
> killall -HUP cupsd
> 
> exit 0
> 
> 
> 
> 
> 
> 
> Steve Wood
> Director of IT
> swood at integerdallas.com
> 
> The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
> T 214.758.6813 | F 214.758.6901 | C 940.312.2475
> 
> 
> On Wed, Apr 8, 2009 at 1:00 PM, Gibson, Robb <RobbGibson at officemax.com> wrote:
>> Tiger¹s Printer Setup Utility has a PrintingReset.sh command within it¹s
>> contents folder, is anyone aware of a similar command within Leopard client?
>> I¹d love to provide our end users with a Self Service policy for blowing away
>> any printers they¹ve acquired and then simply add new ones (again through
>> Self Service) based on their location in our organization.
>> 
>> We¹ve gone the route of modifying the cups.conf file, but the next security
>> update or OS update always seems to fix it again.
>> 
>> 
>> Robb Gibson
>> System Engineer - eMMS, Publishing Systems
>> OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
>> (630) 864-5242
>> 
>> 
>> 
>> 
>> On 4/3/09 3:56 PM, "Jeff Strauss" <jstrauss at loyolahs.edu
>> <http://jstrauss@loyolahs.edu> > wrote:
>> 
>>> I know you weren¹t implying you didn¹t have to leave it unmodified. So,
>>> you¹re right: that¹s a faster and better way to allow them to add printers.
>>> :)
>>> 
>>> 
>>> On 4/3/09 1:44 PM, "Jeff Strauss" <jstrauss at loyolahs.edu
>>> <http://jstrauss@loyolahs.edu> > wrote:
>>> 
>>>> True; AddPrinter.app will bring up the same dialogue you¹ll find if you add
>>>> a printer from the Print menu of an app. However, you¹ll still need to
>>>> modify cupsd.conf since a standard user will still be asked to authenticate
>>>> as an admin.
>>>> 
>>>> On 4/3/09 1:33 PM, "Bryan Vines" <bkvines at wgclawfirm.com
>>>> <http://bkvines@wgclawfirm.com> > wrote:
>>>> 
>>>>> Jeff,
>>>>> 
>>>>> I think a lot of folks are thinking that modifying the CUPS configuration
>>>>> file will allow users to add printers via System Preferences -- I know
>>>>> that's what I thought until I started reading deeper.
>>>>> 
>>>>> I have discovered if you want to give users quick access to adding
>>>>> printers, instead of sending them to a print dialog, you can place an
>>>>> alias to /System/Library/CoreServices/AddPrinter.app in their dock or on
>>>>> their desktop.
>>>>> 
>>>>> --
>>>>> Bryan Vines
>>>>> Systems Administrator
>>>>> Watts Guerra Craft LLP
>>>>> 
>>>>> 
>>>>> On Apr 3, 2009, at 2:00 PM, casper-request at list.jamfsoftware.com
>>>>> <http://casper-request@list.jamfsoftware.com>  wrote:
>>>>> 
>>>>>> Date: Fri, 3 Apr 2009 09:04:07 -0700
>>>>>> From: Jeff Strauss <jstrauss at loyolahs.edu <http://jstrauss@loyolahs.edu>
>>>>>> >
>>>>>> Subject: Re: [Casper] non-admin printer access..
>>>>>> 
>>>>>> Yep. Like I mentioned to John just a second ago off-list, users still
>>>>>> can't add printers via System Prefs, but they can add it from the print
>>>>>> dialogue of any app.
>>>>> 
>>>>> 
>>>> 
>>>> 
>>>> Jeffrey A. Strauss
>>>> Department of Educational Technology
>>>> Systems Administrator
>>>> Loyola High School of Los Angeles
>>>> 1901 Venice Blvd.
>>>> Los Angeles, Ca 90006
>>>> (213) 381-5121 x265
>>>> 
>>>> • Apple Certified Support Professional
>>>> • Apple Certified Technical Coordinator
>>>>  
>>>> Please consider the environment before printing this e-mail.
>>>> 
>>>> 
>>> 
>>> 
>>> Jeffrey A. Strauss
>>> Department of Educational Technology
>>> Systems Administrator
>>> Loyola High School of Los Angeles
>>> 1901 Venice Blvd.
>>> Los Angeles, Ca 90006
>>> (213) 381-5121 x265
>>> 
>>> • Apple Certified Support Professional
>>> • Apple Certified Technical Coordinator
>>>  
>>> Please consider the environment before printing this e-mail.
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> Casper mailing list
>>> Casper at list.jamfsoftware.com <http://Casper@list.jamfsoftware.com>
>>> http://list.jamfsoftware.com/mailman/listinfo/casper
>> 
>> _______________________________________________
>> Casper mailing list
>> Casper at list.jamfsoftware.com
>> http://list.jamfsoftware.com/mailman/listinfo/casper
>> 
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090408/59c23437/attachment.html 