Chapter 3. Granting administration permissions to manage a CUPS server in the web interface
By default, members of the sys
, root
, and wheel
groups can perform administration tasks in the web interface. However, certain other services use these groups as well. For example, members of the wheel
groups can, by default, execute commands with root
permissions by using sudo
. To avoid that CUPS administrators gain unexpected permissions in other services, use a dedicated group for CUPS administrators.
Prerequisites
- CUPS is configured.
- The IP address of the client you want to use has permissions to access the administration area in the web interface.
Procedure
Create a group for CUPS administrators:
# groupadd cups-admins
Add the users who should manage the service in the web interface to the
cups-admins
group:# usermod -a -G cups-admins <username>
Update the value of the
SystemGroup
parameter in the/etc/cups/cups-files.conf
file, and append thecups-admin
group:SystemGroup sys root wheel cups-admins
If only the
cups-admin
group should have administrative access, remove the other group names from the parameter.Restart CUPS:
# systemctl restart cups
Verification
Use a browser, and access
https://<hostname_or_ip_address>:631/admin/
.NoteYou can access the administration area in the web UI only if you use the HTTPS protocol.
-
Start performing an administrative task. For example, click
Add printer
. The web interface prompts for a username and password. To proceed, authenticate by using credentials of a user who is a member of the
cups-admins
group.If authentication succeeds, this user can perform administrative tasks.