Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
CUPS assuming I'm the admin instead of prompting for user/pass
106 views
Skip to first unread message
Kent West
Nov 21, 2011, 12:10:01 PM11/21/11
to
In times past I've been able to browse to http://localhost:621/admin and
have it prompt me for the username/password.
Now, when I browse there, it does not prompt me. I guess it assumes I
want to do administrative things as my normal non-privileged user. I
suppose I could add my non-priv user to lpadmin, but I'd rather be
prompted for a privilege escalation.
How can I get CUPS to prompt me again for the admin user/password?
Thanks!
--
Kent West<*)))><
http://kentwest.blogspot.com
Praise Yah! \o/
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4ECA8492...@acu.edu
have it prompt me for the username/password.
Now, when I browse there, it does not prompt me. I guess it assumes I
want to do administrative things as my normal non-privileged user. I
suppose I could add my non-priv user to lpadmin, but I'd rather be
prompted for a privilege escalation.
How can I get CUPS to prompt me again for the admin user/password?
Thanks!
--
Kent West<*)))><
http://kentwest.blogspot.com
Praise Yah! \o/
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4ECA8492...@acu.edu
Kent West
Nov 21, 2011, 12:20:01 PM11/21/11
to
On 11/21/2011 11:04 AM, Kent West wrote:
> In times past I've been able to browse to http://localhost:621/admin
> and have it prompt me for the username/password.
>
> Now, when I browse there, it does not prompt me. I guess it assumes I
> want to do administrative things as my normal non-privileged user. I
> suppose I could add my non-priv user to lpadmin, but I'd rather be
> prompted for a privilege escalation.
>
> How can I get CUPS to prompt me again for the admin user/password?
>
> Thanks!
>
No, on further tinkering, that doesn't seem to be quite the issue. I'm
> In times past I've been able to browse to http://localhost:621/admin
> and have it prompt me for the username/password.
>
> Now, when I browse there, it does not prompt me. I guess it assumes I
> want to do administrative things as my normal non-privileged user. I
> suppose I could add my non-priv user to lpadmin, but I'd rather be
> prompted for a privilege escalation.
>
> How can I get CUPS to prompt me again for the admin user/password?
>
> Thanks!
>
getting different Home pages at various times, and I just now realized
that if I start at localhost:631, sometime I wind up at an IPADDRESS:631
which is not the IPAddress of my localhost box. Then if I try to browse
to http://MYLOCALIP:631 I get a "can't establish connection to the
server at THATADDRESS".
It seems that CUPS thinks my localhost IP address is something different
than what it actually is.
--
Kent West<*)))><
http://kentwest.blogspot.com
Praise Yah! \o/
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Kent West
Nov 21, 2011, 12:20:02 PM11/21/11
to
On 11/21/2011 11:12 AM, Kent West wrote:
> On 11/21/2011 11:04 AM, Kent West wrote:
>> In times past I've been able to browse to http://localhost:621/admin
>> and have it prompt me for the username/password.
>>
>> Now, when I browse there, it does not prompt me. I guess it assumes I
>> want to do administrative things as my normal non-privileged user. I
>> suppose I could add my non-priv user to lpadmin, but I'd rather be
>> prompted for a privilege escalation.
>>
>> How can I get CUPS to prompt me again for the admin user/password?
>>
>> Thanks!
>>
>
>
> No, on further tinkering, that doesn't seem to be quite the issue. I'm
> getting different Home pages at various times, and I just now realized
> that if I start at localhost:631, sometime I wind up at an
> IPADDRESS:631 which is not the IPAddress of my localhost box. Then if
> I try to browse to http://MYLOCALIP:631 I get a "can't establish
> connection to the server at THATADDRESS".
>
> It seems that CUPS thinks my localhost IP address is something
> different than what it actually is.
>
>
I just added the line:
> On 11/21/2011 11:04 AM, Kent West wrote:
>> In times past I've been able to browse to http://localhost:621/admin
>> and have it prompt me for the username/password.
>>
>> Now, when I browse there, it does not prompt me. I guess it assumes I
>> want to do administrative things as my normal non-privileged user. I
>> suppose I could add my non-priv user to lpadmin, but I'd rather be
>> prompted for a privilege escalation.
>>
>> How can I get CUPS to prompt me again for the admin user/password?
>>
>> Thanks!
>>
>
>
> No, on further tinkering, that doesn't seem to be quite the issue. I'm
> getting different Home pages at various times, and I just now realized
> that if I start at localhost:631, sometime I wind up at an
> IPADDRESS:631 which is not the IPAddress of my localhost box. Then if
> I try to browse to http://MYLOCALIP:631 I get a "can't establish
> connection to the server at THATADDRESS".
>
> It seems that CUPS thinks my localhost IP address is something
> different than what it actually is.
>
>
Listen MYLOCALHOSTIPADDRESS:631 to /etc/cups/cupsd.conf and then did an
"/etc/init.d/cups restart". Now when I try to go to
MYLOCALHOSTIPADDRESS:631 I get a 403 Forbidden.
--
Kent West<*)))><
http://kentwest.blogspot.com
Praise Yah! \o/
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Camaleón
Nov 21, 2011, 1:30:02 PM11/21/11
to
On Mon, 21 Nov 2011 11:12:40 -0600, Kent West wrote:
> No, on further tinkering, that doesn't seem to be quite the issue. I'm
> getting different Home pages at various times, and I just now realized
> that if I start at localhost:631, sometime I wind up at an IPADDRESS:631
> which is not the IPAddress of my localhost box. Then if I try to browse
> to http://MYLOCALIP:631 I get a "can't establish connection to the
> server at THATADDRESS".
That's what happens here.
> No, on further tinkering, that doesn't seem to be quite the issue. I'm
> getting different Home pages at various times, and I just now realized
> that if I start at localhost:631, sometime I wind up at an IPADDRESS:631
> which is not the IPAddress of my localhost box. Then if I try to browse
> to http://MYLOCALIP:631 I get a "can't establish connection to the
> server at THATADDRESS".
http://localhost:631 → works
http://192.168.0.154:631 → does not work
> It seems that CUPS thinks my localhost IP address is something different
> than what it actually is.
from the own machine and not from other network hosts (look at "/etc/cups/
cupsd.conf" file, variable "Listen localhost:631").
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Brad Rogers
Nov 21, 2011, 2:00:02 PM11/21/11
to
On Mon, 21 Nov 2011 11:04:18 -0600
Kent West <we...@acu.edu> wrote:
Hello Kent,
> In times past I've been able to browse to http://localhost:621/admin
> and have it prompt me for the username/password.
Doesn't here. Never has AFAIR. However, as soon as I try to do anything
administrative, it is then that I get asked for the password.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
If Adolf Hitler flew in today, they'd send a limousine anyway
(White Man) In Hammersmith Palais - The Clash
Kent West <we...@acu.edu> wrote:
Hello Kent,
> In times past I've been able to browse to http://localhost:621/admin
> and have it prompt me for the username/password.
administrative, it is then that I get asked for the password.
--
Regards _
/ ) "The blindingly obvious is
/ _)rad never immediately apparent"
If Adolf Hitler flew in today, they'd send a limousine anyway
(White Man) In Hammersmith Palais - The Clash
Bob Proulx
Nov 21, 2011, 2:10:02 PM11/21/11
to
Camaleón wrote:
> Kent West wrote:
> > No, on further tinkering, that doesn't seem to be quite the issue. I'm
> > getting different Home pages at various times, and I just now realized
> > that if I start at localhost:631, sometime I wind up at an IPADDRESS:631
> > which is not the IPAddress of my localhost box. Then if I try to browse
> > to http://MYLOCALIP:631 I get a "can't establish connection to the
> > server at THATADDRESS".
>
> That's what happens here.
>
> http://localhost:631 → works
> http://192.168.0.154:631 → does not work
>
> > It seems that CUPS thinks my localhost IP address is something different
> > than what it actually is.
>
> Mmm, or can be that CUPS default settings only allow connections coming
> from the own machine and not from other network hosts (look at "/etc/cups/
> cupsd.conf" file, variable "Listen localhost:631").
Look at the listening socket to see the result of the setup.
> Kent West wrote:
> > No, on further tinkering, that doesn't seem to be quite the issue. I'm
> > getting different Home pages at various times, and I just now realized
> > that if I start at localhost:631, sometime I wind up at an IPADDRESS:631
> > which is not the IPAddress of my localhost box. Then if I try to browse
> > to http://MYLOCALIP:631 I get a "can't establish connection to the
> > server at THATADDRESS".
>
> That's what happens here.
>
> http://localhost:631 → works
> http://192.168.0.154:631 → does not work
>
> > It seems that CUPS thinks my localhost IP address is something different
> > than what it actually is.
>
> Mmm, or can be that CUPS default settings only allow connections coming
> from the own machine and not from other network hosts (look at "/etc/cups/
> cupsd.conf" file, variable "Listen localhost:631").
$ netstat -na | grep :631.*LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
In this example from my machine it is listening on 127.0.0.1 which
isn't available to remote systems. Compare this to ssh port 22 which
is open for all addresses.
$ netstat -na | grep :22.*LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::22 :::* LISTEN
Bob
Walter Hurry
Nov 21, 2011, 2:50:03 PM11/21/11
to
the first line should be something like:
127.0.0.1 localhost.localdomain localhost
and then http://localhost:631 (note to OP: not 621) should work fine as
long as CUPS is up with its default configuration.
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Kent West
Nov 21, 2011, 3:50:01 PM11/21/11
to
On 11/21/2011 01:39 PM, Walter Hurry wrote:
> On Mon, 21 Nov 2011 12:07:56 -0700, Bob Proulx wrote:
>
>
>> Camaleón wrote:
>>
>>> Kent West wrote:
>>>
>>>> No, on further tinkering, that doesn't seem to be quite the issue.
>>>> I'm getting different Home pages at various times, and I just now
>>>> realized that if I start at localhost:631, sometime I wind up at an
>>>> IPADDRESS:631 which is not the IPAddress of my localhost box. Then if
>>>> I try to browse to http://MYLOCALIP:631 I get a "can't establish
>>>> connection to the server at THATADDRESS".
>>>>
>>> That's what happens here.
>>>
>>> http://localhost:631 → works http://192.168.0.154:631 → does not work
>>>
>>>
>>>> It seems that CUPS thinks my localhost IP address is something
>>>> different than what it actually is.
>>>>
>>> Mmm, or can be that CUPS default settings only allow connections coming
>>> from the own machine and not from other network hosts (look at
>>> "/etc/cups/
>>> cupsd.conf" file, variable "Listen localhost:631").
>>>
I think I've sort of figured it out.
> On Mon, 21 Nov 2011 12:07:56 -0700, Bob Proulx wrote:
>
>
>> Camaleón wrote:
>>
>>> Kent West wrote:
>>>
>>>> No, on further tinkering, that doesn't seem to be quite the issue.
>>>> I'm getting different Home pages at various times, and I just now
>>>> realized that if I start at localhost:631, sometime I wind up at an
>>>> IPADDRESS:631 which is not the IPAddress of my localhost box. Then if
>>>> I try to browse to http://MYLOCALIP:631 I get a "can't establish
>>>> connection to the server at THATADDRESS".
>>>>
>>> That's what happens here.
>>>
>>> http://localhost:631 → works http://192.168.0.154:631 → does not work
>>>
>>>
>>>> It seems that CUPS thinks my localhost IP address is something
>>>> different than what it actually is.
>>>>
>>> Mmm, or can be that CUPS default settings only allow connections coming
>>> from the own machine and not from other network hosts (look at
>>> "/etc/cups/
>>> cupsd.conf" file, variable "Listen localhost:631").
>>>
When I go to http://localhost:631/admin, I get what I would expect (for
the most part; it's a simple interface on a white background instead of
the prettified CUPS page on a golden background).
The first time I click on "Add Printer" (per session? per time-frame?),
I'm prompted for the username/password as I would expect. (But, what
happens if I need to log out; there doesn't seem to be any way to do
that short of restarting iceweasel? rebooting? clearing the web browser
cache?)
But if instead of "Add Printer", I click on "Manage Printers" (my goal
was to delete a now-obsolete printer), I see four printers listed. The
first one I wanted to delete I clicked on, and that brings me to a Cups
golden-background detailed page for this printer. When I click on
"Delete Printer" on this page, I then get the "403 Frobidden". Hitting
the Back button, I realize that now instead of looking at my host's IP
address:631 or localhost:631, I'm looking at a slightly different
address in the URL bar. Hitting the back button again to get back to my
list of printers, I realize that the printer I want to delete, in the
"Make and Model" column, says it's a Lexmark X546 on that not-my IP address.
Ah ha!
Apparently this printer is being shared off another person's computer
near by, but it's showing up in this list as if it's been added to my
list of printers, and when I click on it to delete it, I'm then being
taken to that CUPS server instead of to my own localhost cup server.
Well, that mystery has been solved, but now I have a new problem. How do
I get this other person's shared printer out of my list?
> I'm wondering if OP just has something muddled in his hosts file. AFAIK,
> the first line should be something like:
> 127.0.0.1 localhost.localdomain localhost
>
> and then http://localhost:631 (note to OP: not 621) should work fine as
> long as CUPS is up with its default configuration.
>
127.0.0.1 localhost.localdomain localhost
Thanks, all!
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4ECAB84A...@acu.edu
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Kent West
Nov 21, 2011, 4:10:01 PM11/21/11
to
On 11/21/2011 02:44 PM, Kent West wrote:
> Apparently this printer is being shared off another person's computer
> near by, but it's showing up in this list as if it's been added to my
> list of printers, and when I click on it to delete it, I'm then being
> taken to that CUPS server instead of to my own localhost cup server.
>
> Well, that mystery has been solved, but now I have a new problem. How
> do I get this other person's shared printer out of my list?
I was able to click on the "Edit Configuration File" button and change
> Apparently this printer is being shared off another person's computer
> near by, but it's showing up in this list as if it's been added to my
> list of printers, and when I click on it to delete it, I'm then being
> taken to that CUPS server instead of to my own localhost cup server.
>
> Well, that mystery has been solved, but now I have a new problem. How
> do I get this other person's shared printer out of my list?
the "Browsing On" setting to "Browsing Off", which removed that shared
printer from my list.
I'm still wondering how to "log off" from the CUPS server so that I
would again be prompted for the admin username/password if I wanted to
change more settings, but I can let that be an issue for another day.
Thanks!
--
Kent West<*)))><
http://kentwest.blogspot.com
Praise Yah! \o/
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Camaleón
Nov 22, 2011, 12:30:01 PM11/22/11
to
On Mon, 21 Nov 2011 14:59:33 -0600, Kent West wrote:
> On 11/21/2011 02:44 PM, Kent West wrote:
>> Apparently this printer is being shared off another person's computer
>> near by, but it's showing up in this list as if it's been added to my
>> list of printers, and when I click on it to delete it, I'm then being
>> taken to that CUPS server instead of to my own localhost cup server.
>>
>> Well, that mystery has been solved, but now I have a new problem. How
>> do I get this other person's shared printer out of my list?
>
> I was able to click on the "Edit Configuration File" button and change
> the "Browsing On" setting to "Browsing Off", which removed that shared
> printer from my list.
This can be also because of the "auto discovery" feature of CUPS that
> On 11/21/2011 02:44 PM, Kent West wrote:
>> Apparently this printer is being shared off another person's computer
>> near by, but it's showing up in this list as if it's been added to my
>> list of printers, and when I click on it to delete it, I'm then being
>> taken to that CUPS server instead of to my own localhost cup server.
>>
>> Well, that mystery has been solved, but now I have a new problem. How
>> do I get this other person's shared printer out of my list?
>
> I was able to click on the "Edit Configuration File" button and change
> the "Browsing On" setting to "Browsing Off", which removed that shared
> printer from my list.
lists the neighbour printers for user's easiness :-). It can be turned
off from "Administration tab → Server configuration, advanced settings →
[ ] show printers shared by other systems".
> I'm still wondering how to "log off" from the CUPS server so that I
> would again be prompted for the admin username/password if I wanted to
> change more settings, but I can let that be an issue for another day.
the browser you will be asked again for root's password to do admin
operations (unless you had saved your credenatials using your browser's
password manager facility).
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Kent West
Nov 22, 2011, 12:40:02 PM11/22/11
to
On 11/22/2011 11:26 AM, Camaleón wrote:
> On Mon, 21 Nov 2011 14:59:33 -0600, Kent West wrote:
>
>> I'm still wondering how to "log off" from the CUPS server so that I
>> would again be prompted for the admin username/password if I wanted to
>> change more settings, but I can let that be an issue for another day.
>>
> The default it has to be a per-session setting, I mean, once you close
> the browser you will be asked again for root's password to do admin
> operations (unless you had saved your credenatials using your browser's
> password manager facility).
>
>
Seems a slight security risk to me; I'm not always in a position to
> On Mon, 21 Nov 2011 14:59:33 -0600, Kent West wrote:
>
>> I'm still wondering how to "log off" from the CUPS server so that I
>> would again be prompted for the admin username/password if I wanted to
>> change more settings, but I can let that be an issue for another day.
>>
> The default it has to be a per-session setting, I mean, once you close
> the browser you will be asked again for root's password to do admin
> operations (unless you had saved your credenatials using your browser's
> password manager facility).
>
>
restart my browser to force me off the CUPS server. Sure, I could modify
my behavior to compensate, but what would be wrong with a simple Log Off
option?
(I'm not really asking the question of you or of anyone in particular;
I'm just asking it into the air.)
Thanks for the info!
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Archive: http://lists.debian.org/4ECBDE23...@acu.edu
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Camaleón
Nov 22, 2011, 1:40:01 PM11/22/11
to
On Tue, 22 Nov 2011 11:38:43 -0600, Kent West wrote:
> On 11/22/2011 11:26 AM, Camaleón wrote:
>> On Mon, 21 Nov 2011 14:59:33 -0600, Kent West wrote:
>>
>>> I'm still wondering how to "log off" from the CUPS server so that I
>>> would again be prompted for the admin username/password if I wanted to
>>> change more settings, but I can let that be an issue for another day.
>>>
>> The default it has to be a per-session setting, I mean, once you close
>> the browser you will be asked again for root's password to do admin
>> operations (unless you had saved your credenatials using your browser's
>> password manager facility).
>>
>>
>>
> Seems a slight security risk to me; I'm not always in a position to
> restart my browser to force me off the CUPS server. Sure, I could modify
> my behavior to compensate, but what would be wrong with a simple Log Off
> option?
Nothing wrong, regardless the user you have setup to run admin tasks
> On 11/22/2011 11:26 AM, Camaleón wrote:
>> On Mon, 21 Nov 2011 14:59:33 -0600, Kent West wrote:
>>
>>> I'm still wondering how to "log off" from the CUPS server so that I
>>> would again be prompted for the admin username/password if I wanted to
>>> change more settings, but I can let that be an issue for another day.
>>>
>> The default it has to be a per-session setting, I mean, once you close
>> the browser you will be asked again for root's password to do admin
>> operations (unless you had saved your credenatials using your browser's
>> password manager facility).
>>
>>
>>
> Seems a slight security risk to me; I'm not always in a position to
> restart my browser to force me off the CUPS server. Sure, I could modify
> my behavior to compensate, but what would be wrong with a simple Log Off
> option?
(root, your usual user...), it wouldn't hurt to have such button :-)
> (I'm not really asking the question of you or of anyone in particular;
> I'm just asking it into the air.)
>
> Thanks for the info!
Greetings,
--
Camaleón
--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
0 new messages