[Wiltshire] CUPS remote admin

[Keith Edmunds]

On Thu, 29 Jul 2010 22:50:42 +0100, dave at thefletchers.net said:

> Why? I can't understand. What is the point of disabling remote web 
> browser access to administration on a server that has no GUI on it in
> the first place?

Security. I don't think any of the servers we look after have a GUI on
them, but that doesn't mean we should let all and sundry try to log in
with a web browser to try their hand at system management.

The file you need to edit is /etc/cups/cupsd.conf. If you're familiar with
Apache virtual host configurations, you'll recognise the format. If not,
well, first you need to ensure that cups is not restricted to listening on
the loopback interface. Look for:

Listen 127.0.0.1:631

If you see that, copy the line, comment one of them out, and change the
other to:

Listen 0.0.0.0:631

In the remaining stanzas, you may see things similar to:

<Location />
  Order allow,deny
</Location>

If you change that to:

<Location />
  Order allow,deny
  Allow all
</Location>

...then you remove the security restriction. NOTE: I'm not recommending
you do that as you are reducing the security on the server, but it's a
quick and dirty way of achieving (possibly) the result you want. If no one
else has access to the server, it's relatively safe.

You should then be able to browse the cups interface at
http://the-server-ip:631

You'll probably still be prompted for a privileged username and password
if you try to make changes: you should be able to use root and whatever
password root has.

The above comes with no guarantees. If you follow the instructions
carefully and your dog turns into a steam train, that's your problem.
-- 
Keith Edmunds

+-------------------------------------------------------------------------+
|    Tiger Computing Ltd    |  Helping businesses make the most of Linux  |
|  "The Linux Specialists"  |       http://www.tiger-computing.co.uk      |
+-------------------------------------------------------------------------+