Chapter 3. Granting administration permissions to manage a CUPS server in the web interface
By default, members of the sys, root, and wheel groups can perform administration tasks in the web interface. However, certain other services use these groups as well. For example, members of the wheel groups can, by default, execute commands with root permissions by using sudo. To avoid that CUPS administrators gain unexpected permissions in other services, use a dedicated group for CUPS administrators.
Prerequisites
- CUPS is configured.
- The IP address of the client you want to use has permissions to access the administration area in the web interface.
Procedure
Create a group for CUPS administrators:
# groupadd cups-adminsAdd the users who should manage the service in the web interface to the
cups-adminsgroup:# usermod -a -G cups-admins <username>Update the value of the
SystemGroupparameter in the/etc/cups/cups-files.conffile, and append thecups-admingroup:SystemGroup sys root wheel cups-adminsIf only the
cups-admingroup should have administrative access, remove the other group names from the parameter.Restart CUPS:
# systemctl restart cups
Verification
Use a browser, and access
https://<hostname_or_ip_address>:631/admin/.NoteYou can access the administration area in the web UI only if you use the HTTPS protocol.
-
Start performing an administrative task. For example, click
Add printer. The web interface prompts for a username and password. To proceed, authenticate by using credentials of a user who is a member of the
cups-adminsgroup.If authentication succeeds, this user can perform administrative tasks.
