[HLUG] CUPS needs password

John Hedges john at drystone.co.uk
Tue Jul 19 11:37:11 BST 2005 

> On Mon, 2005-07-18 at 20:38 +0100, Julian Robbins wrote:
> > Graham Cole wrote:
> > 
> > >Hi everyone
> > >I found a hint in the CUPS forum. Other people are being puzzled by
> > >needing a password specifically for CUPS admin.
> > >The hint was to execute the command lppasswd first. Give it the password
> > >and user ID to run CUPS under. 
> > >OK, I am root and I give it a password but it does not work. There is a
> > >man page but I don't understand it as usual. Maybe someone else does? I
> > >cannot see how to change or set a password from this man page...........
> > >
> > >lppasswd(1)                 Easy Software Products
> > >lppasswd(1)
> > >  
> > >
> > I think if I remember have you set up a root password in Hoary ? If not, 
> > CUPS has to use the root account and password to do its stuff. If you 
> > havnet got a root account defined, well it won't work.
> > 
> > To create a root account in Ubuntu hoary try
> > 
> > sudo passwd root
> > 
> > Julian
> > 
> > >NAME
> > >       lppasswd - add, change, or delete digest passwords.
> > >
> > >SYNOPSIS
> > >       lppasswd [ -a ] [ -g groupname ] [ -x ] [ username ]
> > >
> > >DESCRIPTION
> > >       lppasswd  adds,  changes, or deletes passwords in the CUPS digest
> > >pass- word file, passwd.md5. When run by a normal user, lppasswd will
> > >prompt for the old and new passwords. When run by the super-user,
> > >lppasswd can add new accounts (-a username), change existing accounts
> > >(username), or delete accounts (-x username) in the digest password
> > >file. Digest user-names do not have to match local UNIX usernames, but
> > >only  UNIX  user-names are supported by the CUPS client programs (lp(1),
> > >lpr(1), etc.)
> > >
> > >       The  -g  option  specifies a group other than the system group -
> > >"sys", "system", or "root", depending on the operating system.
> > >
> > >SECURITY ISSUES
> > >       The lppasswd command is installed setuid to root. While  every
> > >attempt has  been  made  to  make  it  secure against exploits that
> > >could grant super-user priviledges to unpriviledged users, paranoid
> > >system adminis-trators  may  wish to disable or change the ownership of
> > >the program to an unpriviledged account.
> > >
> > >SEE ALSO
> > >       lp(1), lpr(1), CUPS Software Administrators Manual, CUPS Software
> > >Users Manual, http://localhost:631/documentation.html
> > >
> > >COPYRIGHT
> > >       Copyright 1993-2005 by Easy Software Products, All Rights
> > >Reserved.
> > >
> > >7 June 2001               Common UNIX Printing System
> > >lppasswd(1)
> > >~
> > >~
> > >Thanks for any help.

On Tue, Jul 19, 2005 at 08:08:10AM +0100, Graham Cole wrote:
>  I think I know how this password problem started. In my OS I have a
> six-letter password for root. This is not acceptable in CUPS: there must
> be at least one number. Hence if CUPS has craftily taken on my normal
> root password I am in an impossible position.
> This raises a question of inbuilt incompatibility for some Linux users
> of CUPS. If I'm right in my analysis I could go the long way round and
> reset my root password then re-install CUPS. But in theory I should be
> able to use the lppasswd command!

To use lppasswd you need to edit /etc/cups/cupsd.conf - at least on
debian which is ubuntu related. I wouldn't recommend this and if you
have I would suggest reinstalling cups making sure you purge the
configuration files (--purge option to dpkg but I don't know about
ubuntu)

As far as I know, cups doesn't do password authentication itself, but
instead uses the pam libraries from a separate package to do it.

Are you able to log in as root at a console?

$su root
Password: *****

If you cannot then you have a problem and, although you might get cups
working without, sooner or later you will need to be able to log in as
root. If you can log in but without a password, you should follow
Julian's advice and create one.

Can you copy the section

<Location /admin>
	...
</Location>

from /etc/cups/cupsd.conf and mail it to the list? And also let us know
how you are getting on with the root password thing :)

Cheers

John

More information about the Herefordshire mailing list