Once upon a time, Robert Marcano <[email protected]> said: > Nothing against driverless printing, this is something I really > like, bit I think all the move to HTTP is ignoring the feature that > is being removed, and that I have an use for. There is not possible > to have a printer connected to a computer that can't be restricted > by CUPS to be used by only a few authorized users. The admin can > implement CUPS authentication but an ipp://localhost:60000 open port > entirely open to anyone on the local machine to submit print jobs > directly bypassing CUPS.
I haven't tried it with firewalld or the newer nftables, but old iptables could set rules based on user ID. I'd expect nftables also implemented that, and firewalld could handle it in some fashion (possibly a rich rule). With that, you could limit HTTP access to root (I think cups runs as root). -- Chris Adams <[email protected]> _______________________________________________ devel mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
