我正在寻找访问 CUPS Web 界面的管理页面的权限。
我可以访问该页面,并且可以浏览该站点的大部分内容,但遗憾的是,管理页面仍然被远程资源锁定。
我确实设置了Allow from all并且Allow all现在到处都尝试过,但我仍然无法访问该页面。
我错过了什么?
配置文件
#
#
# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a
# complete description of this file.
#
# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0
# Allow connection from remote hosts
Port 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols all
# Default authentication type, when authentication is required...
DefaultAuthType Basic
# Web interface setting...
WebInterface Yes
# Restrict access to the server...
<Location />
Order allow,deny
Allow from all
</Location>
# Restrict access to the admin pages...
<Location /admin>
Order allow,deny
Allow from all
</Location>
# Restrict access to configuration files...
<Location /admin/conf>
AuthType Default
Order allow,deny
Allow from all
</Location>
# Set the default printer/job policies...
<Policy default>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
Allow from all
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
Allow from all
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow from all
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow from all
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
Allow from all
</Limit>
<Limit All>
Order deny,allow
Allow from all
</Limit>
</Policy>
# Set the authenticated printer/job policies...
<Policy authenticated>
# Job/subscription privacy...
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
# Job-related operations must be done by the owner or an administrator...
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
Allow from all
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
Allow from all
</Limit>
# All administration operations require an administrator to authenticate...
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow from all
</Limit>
# All printer operations require a printer operator to authenticate...
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
Allow from all
</Limit>
# Only the owner or an administrator can cancel or authenticate a job...
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
Allow from all
</Limit>
<Limit All>
Order deny,allow
Allow from all
</Limit>
</Policy>
Dockerfile
#
# Add a Printer user
#
RUN useradd \
--groups=sudo,lp,lpadmin \
--create-home \
--home-dir=/home/print \
--shell=/bin/bash \
print
#
# Set the password for the printer user
#
RUN echo print:sdsds | chpasswd
如果您需要快速修复,没有技术细节,请使用此命令
我要做的是在标签下方的以下块中:
</Policy>特别是对于管理员访问,vanilla 配置通常具有:
为了创建一个合适的用户帐户,您只需要创建一个作为该
lpadmin组成员的用户(我建议您确实需要对 admin 部分进行某种身份验证):,sudo useradd -g lpadmin cupsadmin然后设置密码。另请参阅https://askubuntu.com/questions/387217/cups-admin-user-and-password-saucy
更新:下面应该作为一个起点,也恰好解决了@DavidGatti最初提出的问题 - 它不像原始配置那样完整/精细,但可以重新添加策略配置。
但是,此配置确实取消了使用 @SYSTEM 用户,而是接受任何“本地”有效用户。配置的用例是在 docker 容器中运行 CUPS,因此似乎最好避免要求任何“特殊”的东西,除了具有密码的用户之外,以提供对 CUPS 的管理员访问权限。
您可能还会在如何配置杯子以允许通过身份验证进行远程打印和不进行本地打印?
我尝试了各种解决方案,但浏览器总是返回消息“连接被拒绝”,直到我像这样更改我的 cupsd.conf 文件。
由于我在我的 docker 映像(https://hub.docker.com/r/drpsychick/airprint-bridge)中进行了配置,这就是我使用的:
Listen *:631在 cupsd.conf 中和:
它重写了您的内容
cupds.conf并与杯子交谈。