From 8f4fffa3f7423d1d171158756675bd86663e4a35 Mon Sep 17 00:00:00 2001
From: Stefan Staeglich <staeglis@informatik.uni-freiburg.de>
Date: Wed, 21 Jun 2023 17:05:40 +0200
Subject: [PATCH] Fix admin group ACL
---
CLIENT_DATA/cupsd.template | 10 +++++-----
CLIENT_DATA/setup.opsiscript | 14 +++++++++++++-
OPSI/control | 10 ++++++++--
3 files changed, 26 insertions(+), 8 deletions(-)
diff --git a/CLIENT_DATA/cupsd.template b/CLIENT_DATA/cupsd.template
index be10cfe..067d2ff 100644
--- a/CLIENT_DATA/cupsd.template
+++ b/CLIENT_DATA/cupsd.template
@@ -26,7 +26,7 @@ WebInterface Yes
</Location>
<Location /admin/conf>
AuthType Default
- Require group {{ group_admin }}
+ Require user @SYSTEM
</Location>
<Location /admin/log>
Order allow,deny
@@ -34,7 +34,7 @@ WebInterface Yes
Allow From {{ host }}
{%- endfor %}
AuthType Default
- Require group {{ group_admin }}
+ Require user @SYSTEM
</Location>
<Policy default>
JobPrivateAccess default
@@ -67,9 +67,9 @@ WebInterface Yes
</Limit>
</Policy>
<Policy authenticated>
- JobPrivateAccess @OWNER @SYSTEM @mladm
+ JobPrivateAccess @OWNER @SYSTEM
JobPrivateValues default
- SubscriptionPrivateAccess @OWNER @SYSTEM @mladm
+ SubscriptionPrivateAccess @OWNER @SYSTEM
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
@@ -92,7 +92,7 @@ WebInterface Yes
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
- Require user @OWNER @SYSTEM root
+ Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
diff --git a/CLIENT_DATA/setup.opsiscript b/CLIENT_DATA/setup.opsiscript
index f90cf79..b854b5e 100644
--- a/CLIENT_DATA/setup.opsiscript
+++ b/CLIENT_DATA/setup.opsiscript
@@ -80,6 +80,13 @@ if not("0" = getLastExitCode)
isFatalError "execWith_jinja_cupsd"
endif
+PatchTextFile_config_cups-files.conf "/etc/cups/cups-files.conf"
+if not("0" = getLastExitCode)
+ Message "failed PatchTextFile_config_cups-files.conf"
+ LogError "failed PatchTextFile_config_cups-files.conf"
+ isFatalError "PatchTextFile_config_cups-files.conf"
+endif
+
Message "Setup certbot"
DefVar $host_aliases_certbot$ = "-d " + composeString($host_aliases$, " -d ")
ShellInAnIcon_config_certbot
@@ -141,6 +148,11 @@ env = Environment(loader=FileSystemLoader("%ScriptPath%"))
host_admin = "$host_admin$".split(",")
host_client = "$host_client$".split(",")
template = env.get_template("cupsd.template")
-output = template.render(mail_admin="$mail_admin$", group_admin="$group_admin$", host_client=host_client, host_admin=host_admin)
+output = template.render(mail_admin="$mail_admin$", host_client=host_client, host_admin=host_admin)
cfile = pathlib.Path("/etc/cups/cupsd.conf")
cfile.write_text(output)
+
+[PatchTextFile_config_cups-files.conf]
+setKeyValueSeparator " "
+setValueByKey "SystemGroup" "$group_admin$"
+SaveToFile "/etc/cups/cups-files.conf"
diff --git a/OPSI/control b/OPSI/control
index 1b95835..276e6e0 100644
--- a/OPSI/control
+++ b/OPSI/control
@@ -1,5 +1,5 @@
[Package]
-version: 2
+version: 1
depends:
incremental: False
@@ -9,7 +9,7 @@ id: cups-server
name: cups-server
description: Installs and configures the cups server
advice:
-version: 1.1
+version: 1.2
priority: 0
licenseRequired: False
productClasses:
@@ -73,6 +73,12 @@ values: ["root"]
default: ["root"]
[Changelog]
+cups-server (1.2-1) stable; urgency=low
+
+Fix admin group ACL
+
+ -- Stefan Staeglich <staeglis@informatik.uni-freiburg.de> Mi, 21 Jun 2023 17:04:55 +0000
+
cups-server (1.1-2) stable; urgency=low
Fix hplip install on debian
--
GitLab