[Casper] non-admin printer access

Jeff Strauss jstrauss at loyolahs.edu
Wed Apr 8 17:17:09 PDT 2009 

Did you kill cupsd? I usually restart instead of a killall. Should work. BTW, what security hole was supposed to be fixed by requiring admins to install printers?

Sent from my iPhone

On Apr 8, 2009, at 1:31 PM, "Thomas Larkin" <tlarki at kckps.org<mailto:tlarki at kckps.org>> wrote:


I just edited the /etc/cups/cupsd.conf file to allow non admins access to install printers and it did not work.  Am I missing something?


___________________________
Thomas Larkin
TIS Department
KCKPS USD500
<mailto:tlarki at kckps.org>tlarki at kckps.org<mailto:tlarki at kckps.org>
blackberry:  913-449-7589
office:  913-627-0351





>>> "Gibson, Robb" <RobbGibson at OfficeMax.com<mailto:RobbGibson at OfficeMax.com>> 04/08/09 1:54 PM >>>

Thanks Steve, I’ll give it a whirl!

It’s probably worth mentioning to everyone that a similar discussion took place back in December and Ryan Harter observed that the reason that CUPS requires an admin authorization for adding and removing printers was to close a security hole in the OS.


On 4/8/09 1:15 PM, "Steve Wood" <<swood at integerdallas.com>swood at integerdallas.com<mailto:swood at integerdallas.com>> wrote:


Easiest way I know to do it, short of an Apple supplied script/method, would be to delete/move the printers.conf file and restart cups:

#!/bin/bash
#
# Name:  removeallprinters.sh
# Date:  4-3-09
# Author:  Steve Wood (<swood at integerdallas.com>swood at integerdallas.com<mailto:swood at integerdallas.com>)
#
# This script will move the current printers.conf file to printers.conf.old so we can remove
# all printers from the machine.

mv /etc/cups/printers.conf printers.conf.old

# now restart cupsd
killall -HUP cupsd

exit 0






Steve Wood
Director of IT
<swood at integerdallas.com>swood at integerdallas.com<mailto:swood at integerdallas.com>

The Integer Group | 1999 Bryan St. | Ste. 1700 | Dallas, TX 75201
T 214.758.6813 | F 214.758.6901 | C 940.312.2475


On Wed, Apr 8, 2009 at 1:00 PM, Gibson, Robb <<RobbGibson at officemax.com>RobbGibson at officemax.com<mailto:RobbGibson at officemax.com>> wrote:

Tiger’s Printer Setup Utility has a PrintingReset.sh command within it’s contents folder, is anyone aware of a similar command within Leopard client? I’d love to provide our end users with a Self Service policy for blowing away any printers they’ve acquired and then simply add new ones (again through Self Service) based on their location in our organization.

We’ve gone the route of modifying the cups.conf file, but the next security update or OS update always seems to fix it again.



Robb Gibson
System Engineer - eMMS, Publishing Systems
OfficeMax  :  263 Shuman Blvd.  :  Naperville, IL 60563
(630) 864-5242




On 4/3/09 3:56 PM, "Jeff Strauss" <<jstrauss at loyolahs.edu>jstrauss at loyolahs.edu<mailto:jstrauss at loyolahs.edu> <<http://jstrauss@loyolahs.edu>http://jstrauss@loyolahs.edu> > wrote:


I know you weren’t implying you didn’t have to leave it unmodified. So, you’re right: that’s a faster and better way to allow them to add printers. :)


On 4/3/09 1:44 PM, "Jeff Strauss" <<jstrauss at loyolahs.edu>jstrauss at loyolahs.edu<mailto:jstrauss at loyolahs.edu> <<http://jstrauss@loyolahs.edu>http://jstrauss@loyolahs.edu> > wrote:


True; AddPrinter.app will bring up the same dialogue you’ll find if you add a printer from the Print menu of an app. However, you’ll still need to modify cupsd.conf since a standard user will still be asked to authenticate as an admin.

On 4/3/09 1:33 PM, "Bryan Vines" <<bkvines at wgclawfirm.com>bkvines at wgclawfirm.com<mailto:bkvines at wgclawfirm.com> <<http://bkvines@wgclawfirm.com>http://bkvines@wgclawfirm.com> > wrote:


Jeff,

I think a lot of folks are thinking that modifying the CUPS configuration file will allow users to add printers via System Preferences -- I know that's what I thought until I started reading deeper.

I have discovered if you want to give users quick access to adding printers, instead of sending them to a print dialog, you can place an alias to /System/Library/CoreServices/AddPrinter.app in their dock or on their desktop.

--
Bryan Vines
Systems Administrator
Watts Guerra Craft LLP


On Apr 3, 2009, at 2:00 PM, <casper-request at list.jamfsoftware.com> casper-request at list.jamfsoftware.com<mailto:casper-request at list.jamfsoftware.com> <<http://casper-request@list.jamfsoftware.com>http://casper-request@list.jamfsoftware.com>  wrote:


Date: Fri, 3 Apr 2009 09:04:07 -0700
From: Jeff Strauss <<jstrauss at loyolahs.edu>jstrauss at loyolahs.edu<mailto:jstrauss at loyolahs.edu> <<http://jstrauss@loyolahs.edu>http://jstrauss@loyolahs.edu> >
Subject: Re: [Casper] non-admin printer access..

Yep. Like I mentioned to John just a second ago off-list, users still can't add printers via System Prefs, but they can add it from the print dialogue of any app.




Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

 Apple Certified Support Professional
 Apple Certified Technical Coordinator

Please consider the environment before printing this e-mail.




Jeffrey A. Strauss
Department of Educational Technology
Systems Administrator
Loyola High School of Los Angeles
1901 Venice Blvd.
Los Angeles, Ca 90006
(213) 381-5121 x265

 Apple Certified Support Professional
 Apple Certified Technical Coordinator

Please consider the environment before printing this e-mail.



________________________________

_______________________________________________
Casper mailing list
<Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com> <<http://Casper@list.jamfsoftware.com>http://Casper@list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper

_______________________________________________
Casper mailing list
<Casper at list.jamfsoftware.com>Casper at list.jamfsoftware.com<mailto:Casper at list.jamfsoftware.com>
<http://list.jamfsoftware.com/mailman/listinfo/casper>http://list.jamfsoftware.com/mailman/listinfo/casper




<ATT00001.c>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://list.jamfsoftware.com/pipermail/casper/attachments/20090408/86d70e2f/attachment.html

More information about the Casper mailing list