Add cupsd.conf and TODOs in setup.sh

2022-03-11 12:54:43 +01:00 · 2022-03-11 12:54:43 +01:00 · 524c6e99a9
commit 524c6e99a9
parent dddf240da8
3 changed files with 107 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -18,3 +18,4 @@ Version 3.1 implementation works roughly as follows:
 Files in this repository cover all the SBC setup.
 #### Installation
 * `setup.sh` is a script automating the installation and configuration of required software
+* `cupsd.conf` is the config file for CUPS, set by setup script
--- a/cupsd.conf
+++ b/cupsd.conf
@ -0,0 +1,102 @@
+LogLevel debug
+PageLogFormat
+MaxLogSize 0
+# Allow remote access
+Port 631
+Listen /var/run/cups/cups.sock
+Browsing On
+BrowseLocalProtocols dnssd
+DefaultAuthType Basic
+WebInterface Yes
+<Location />
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+<Location /admin>
+  # Allow remote administration...
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+<Location /admin/conf>
+  AuthType Default
+  Require user @SYSTEM
+  # Allow remote access to the configuration files...
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+<Location /admin/log>
+  AuthType Default
+  Require user @SYSTEM
+  Order allow,deny
+  # Allow remote access to the log files...
+  Order allow,deny
+  Allow @LOCAL
+</Location>
+<Policy default>
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    Order deny,allow
+  </Limit>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+<Policy authenticated>
+  JobPrivateAccess default
+  JobPrivateValues default
+  SubscriptionPrivateAccess default
+  SubscriptionPrivateValues default
+  <Limit Create-Job Print-Job Print-URI Validate-Job>
+    AuthType Default
+    Order deny,allow
+  </Limit>
+  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
+    AuthType Default
+    Require user @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit Cancel-Job CUPS-Authenticate-Job>
+    AuthType Default
+    Require user @OWNER @SYSTEM
+    Order deny,allow
+  </Limit>
+  <Limit All>
+    Order deny,allow
+  </Limit>
+</Policy>
+JobPrivateAccess default
+JobPrivateValues default
+SubscriptionPrivateAccess default
+SubscriptionPrivateValues default
--- a/setup.sh
+++ b/setup.sh
@ -33,7 +33,7 @@ add_users() {
  usermod -a -G lp saned
 }

-get_conf() {
+get_conf() { # TODO
  echo "Getting configuration"
  sudo -H -u $user mkdir $sync_directory_path
  cp $run_directory_path/conf-sync.sh $sync_directory_path/
@ -42,7 +42,7 @@ get_conf() {
  sudo -H -u $user $sync_directory_path/conf-sync.sh
 }

-set_conf() {
+set_conf() { # TODO
  echo "Setting configuration"
  ln -s $sync_directory_path/conf-sync-server.timer $systemd_units_path/conf-sync.timer
  ln -s $sync_directory_path/*.service $systemd_units_path/
@ -53,10 +53,10 @@ set_conf() {
 set_cups_conf() {
  echo "Setting CUPS configuration"
  mv $cups_conf_path/cupsd.conf $cups_conf_path/cupsd.conf.orig
-  ln -s $sync_directory_path/cupsd.conf $cups_conf_path/cupsd.conf
+  ln -s $sync_directory_path/cupsd.conf $cups_conf_path/cupsd.conf # TODO
 }

-set_sane_conf() {
+set_sane_conf() { # TODO
  echo $printscan_container_ip >> /etc/sane.d/saned.conf
  systemctl enable saned.socket
 }