[HLUG] CUPS needs password
Graham Cole
g at gcole.uklinux.net
Tue Jul 19 16:25:27 BST 2005
On Tue, 2005-07-19 at 11:34 +0100, John Hedges wrote:
> > On Mon, 2005-07-18 at 20:38 +0100, Julian Robbins wrote:
> > > Graham Cole wrote:
> > >
> > > >Hi everyone
> > > >I found a hint in the CUPS forum. Other people are being puzzled by
> > > >needing a password specifically for CUPS admin.
> > > >The hint was to execute the command lppasswd first. Give it the password
> > > >and user ID to run CUPS under.
> > > >OK, I am root and I give it a password but it does not work. There is a
> > > >man page but I don't understand it as usual. Maybe someone else does? I
> > > >cannot see how to change or set a password from this man page...........
> > > >
> > > >lppasswd(1) Easy Software Products
> > > >lppasswd(1)
> > > >
> > > >
> > > I think if I remember have you set up a root password in Hoary ? If not,
> > > CUPS has to use the root account and password to do its stuff. If you
> > > havnet got a root account defined, well it won't work.
> > >
> > > To create a root account in Ubuntu hoary try
> > >
> > > sudo passwd root
> > >
> > > Julian
> > >
> > > >NAME
> > > > lppasswd - add, change, or delete digest passwords.
> > > >
> > > >SYNOPSIS
> > > > lppasswd [ -a ] [ -g groupname ] [ -x ] [ username ]
> > > >
> > > >DESCRIPTION
> > > > lppasswd adds, changes, or deletes passwords in the CUPS digest
> > > >pass- word file, passwd.md5. When run by a normal user, lppasswd will
> > > >prompt for the old and new passwords. When run by the super-user,
> > > >lppasswd can add new accounts (-a username), change existing accounts
> > > >(username), or delete accounts (-x username) in the digest password
> > > >file. Digest user-names do not have to match local UNIX usernames, but
> > > >only UNIX user-names are supported by the CUPS client programs (lp(1),
> > > >lpr(1), etc.)
> > > >
> > > > The -g option specifies a group other than the system group -
> > > >"sys", "system", or "root", depending on the operating system.
> > > >
> > > >SECURITY ISSUES
> > > > The lppasswd command is installed setuid to root. While every
> > > >attempt has been made to make it secure against exploits that
> > > >could grant super-user priviledges to unpriviledged users, paranoid
> > > >system adminis-trators may wish to disable or change the ownership of
> > > >the program to an unpriviledged account.
> > > >
> > > >SEE ALSO
> > > > lp(1), lpr(1), CUPS Software Administrators Manual, CUPS Software
> > > >Users Manual, http://localhost:631/documentation.html
> > > >
> > > >COPYRIGHT
> > > > Copyright 1993-2005 by Easy Software Products, All Rights
> > > >Reserved.
> > > >
> > > >7 June 2001 Common UNIX Printing System
> > > >lppasswd(1)
> > > >~
> > > >~
> > > >Thanks for any help.
>
> On Tue, Jul 19, 2005 at 08:08:10AM +0100, Graham Cole wrote:
> > I think I know how this password problem started. In my OS I have a
> > six-letter password for root. This is not acceptable in CUPS: there must
> > be at least one number. Hence if CUPS has craftily taken on my normal
> > root password I am in an impossible position.
> > This raises a question of inbuilt incompatibility for some Linux users
> > of CUPS. If I'm right in my analysis I could go the long way round and
> > reset my root password then re-install CUPS. But in theory I should be
> > able to use the lppasswd command!
>
> To use lppasswd you need to edit /etc/cups/cupsd.conf - at least on
> debian which is ubuntu related. I wouldn't recommend this and if you
> have I would suggest reinstalling cups making sure you purge the
> configuration files (--purge option to dpkg but I don't know about
> ubuntu)
>
> As far as I know, cups doesn't do password authentication itself, but
> instead uses the pam libraries from a separate package to do it.
>
> Are you able to log in as root at a console?
>
> $su root
> Password: *****
>
> If you cannot then you have a problem and, although you might get cups
> working without, sooner or later you will need to be able to log in as
> root. If you can log in but without a password, you should follow
> Julian's advice and create one.
>
> Can you copy the section
>
> <Location /admin>
> ...
> </Location>
>
> from /etc/cups/cupsd.conf and mail it to the list? And also let us know
> how you are getting on with the root password thing :)
>
> Cheers
>
> John
Hi John, I have copied extracts from the file and the second bit looks
very empty!
root at localhost:/home/gc1 # cat /etc/cups/cupsd.conf
gives these extracts:
------------------------------------------------------------------
<Location /admin>
#
# You definitely will want to limit access to the administration
functions.
# The default configuration requires a local connection from a user who
# is a member of the system group to do any admin tasks. You can change
# the group name using the SystemGroup directive.
#
AuthType Basic
AuthClass System
------------------------------------------------------------------------
</Location>
#
# End of "$Id: cupsd.conf.in,v 1.17 2005/01/03 19:29:45 mike Exp $".#
--------------------------------------------------------------------
I have not tried to re-install cups but I guess that can be done mainly
with my Ubuntu disk and not much use of the internet. I did a quick
upgrade of the CUPS server just now but still found I was getting no joy
with my username and password. I suppose a full re-install of CUPS would
be best now?
Graham
More information about the Herefordshire
mailing list