Accessing a CUPS driven printer without password
I had to do a few print-outs with my old printer, and realized the old cupsd.conf didn’t do any more what I wanted it to do, namely running my printer on my home network, via http://127.0.0.1:631/, and without having to type in usernames and passwords there every time I wanted to change some printer settings.
After lots of googling I found a solution: I forgot where I found the template, and how much I changed it to make it work the way it should. You’ll find it below.
Please note that this configuration file is for a secure home network. That is I’m the only one using that printer. So if in doubt whether it’s a good idea or not to use this cupsd.conf – then for the sake of your network security: don’t use it.
Note the cups Debian packages installed with this file :
$ dpkg -l | grep -i cups ii cups 1.3.10-1 Common UNIX Printing System(tm) - server ii cups-bsd 1.3.10-1 Common UNIX Printing System(tm) - BSD comman ii cups-client 1.3.10-1 Common UNIX Printing System(tm) - client pro ii cups-common 1.3.10-1 Common UNIX Printing System(tm) - common fil ii cups-driver-gutenprint 5.2.3-2+b1 printer drivers for CUPS ii gutenprint-doc 5.2.3-2 users' guide for Gutenprint and CUPS ii libcups2 1.3.10-1 Common UNIX Printing System(tm) - libs ii libcupsimage2 1.3.10-1 Common UNIX Printing System(tm) - image libs
So here goes /etc/cups/cupsd.conf:
# # "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $" # # Sample configuration file for the Common UNIX Printing System (CUPS) # scheduler. See "man cupsd.conf" for a complete description of this # file. # # Log general information in error_log - change "info" to "debug" for # troubleshooting... LogLevel debug # Administrator user group... #SystemGroup lpadmin # Only listen for connections from the local machine. Listen localhost:631 Listen /var/run/cups/cups.sock # Show shared printers on the local network. Browsing On BrowseOrder allow,deny BrowseAllow all # Default authentication type, when authentication is required... DefaultAuthType Basic # Restrict access to the server... <Location /> Order deny,allow </Location> # Restrict access to the admin pages... <Location /admin> Encryption Required Order deny,allow </Location> # Restrict access to configuration files... <Location /admin/conf> AuthType None # Require user @SYSTEM Order deny,allow </Location> # Set the default printer/job policies... <Policy default> # Job-related operations must be done by the owner or an administrator... <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job> # Require user @OWNER @SYSTEM Order deny,allow </Limit> # All administration operations require an administrator to authenticate... <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> AuthType None # Require user @SYSTEM Order deny,allow </Limit> # All printer operations require a printer operator to authenticate... <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs> AuthType None # Require user @SYSTEM Order deny,allow </Limit> # Only the owner or an administrator can cancel or authenticate a job... <Limit Cancel-Job CUPS-Authenticate-Job> # Require user @OWNER @SYSTEM Order deny,allow </Limit> <Limit All> Order deny,allow </Limit> </Policy> # # End of "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $". #
An important part to stop access without authentication do seem to play the ‘Require user’ instances, that are commented out above.
I wouldn’t be astonished if the code above could be written much easier, more efficient, and yes, more beautiful than here – if all we want is unrestricted access to some printer: I did not have the time so far to find that solution. Please leave a comment here if you have one.
Thanks in anticipation.