On Thu, Aug 26, 2021 at 11:31:30AM -0400, Greg Wooledge wrote: > On Thu, Aug 26, 2021 at 04:25:54PM +0100, Brian wrote: > > On Thu 26 Aug 2021 at 10:56:55 -0400, Greg Wooledge wrote: > > > > > On Thu, Aug 26, 2021 at 03:49:23PM +0100, Brian wrote: > > > > On Thu 26 Aug 2021 at 06:18:21 -0700, Peter Ehlert wrote: > > > > > > > > [...] > > > > > > > > > > It would be useful to have the outputs of > > > > > > > > > > > > groups > > > > > $ groups > > > > > peter cdrom floppy audio dip video plugdev netdev > > > > > > > > > > > > and > > > > > > > > > > > > grep SystemGroup /etc/cups/cups-files.conf > > > > > $ grep SystemGroup /etc/cups/cups-files.conf > > > > > SystemGroup lpadmin > > > > > > > > > > > > from the OP. > > > > > > > > Follow Keith Bainbridge's advice and add your user to the lpadmin > > > > group. Edit /etc/group and /etc/group- to do this. I would use 'vigr' > > > > and 'vigr -s'. > > > > > > Near as I can tell, /etc/group- is simply a backup copy of /etc/group > > > and shouldn't be edited. You might be thinking of /etc/gshadow, which > > > has something to do with group passwords, which are a thing I have *never* > > > dealt with in my entire life. > > > > I also forgot: after carrying out the corrected procedure, log out and > > log back in.
_DON'T_ edit groups / shadow password files by hand unless really, absolutely necessary - the potential for mistakes is too high. adduser [username] lpadmin as root/root equivalent using sudo is all that's needed. You don't need to reboot to do this: but you might need to log out/log back in to pick up the added/changed groups for the user. > > This is the part that I don't quite understand. How does that matter? > Does the CUPS daemon connect to some already-running process of the > user that you log into the web agent with? Does that mean you have to > run the web browser *as* the user you plan to use for printer admin, not > just log into the CUPS web agent with that user? > > That doesn't sound right, given the fact that you can log into the web > agent as "root" without logging into Linux as root, or running the web > browser as root. > > Given the above, I'd expect that the web agent spawns a brand new process > as root, and then inside of that, it drops privileges down to the user > that you specified. > > Unless "root" is a special hard-coded exception somehow...? > All best, as ever, Andy Cater
