cups icon indicating copy to clipboard operation
cups copied to clipboard
verified publisher icon OpenPrinting

Correction of the man page for cancel(1)

Open SrinivasOracle opened this issue 1 year ago • 3 comments

Before you write the report Read the REPORTING_ISSUES.md file in the main repository and prepare data mentioned there which looks relevant to you issue.

Describe the bug

The cancel(1) NOTES section of the cancel(1) manual contains the following information:

   Administrators wishing to prevent unauthorized cancellation of jobs via
   the  -u option should require authentication for Cancel-Jobs operations
   in cupsd.conf(5).

cancel(1) NOTES section of the cancel(1) man page needs to get updated as follows or something similar.

Administrators wishing to prevent unauthorized cancellation of jobs via the -u option should ensure that ONLY a 'privileged' user or 'admin' can delete 'all' jobs submitted by a particular user. Even if user 'X' wants to delete all jobs submitted by him, he needs to be a privileged user.

To Reproduce Steps to reproduce the behavior:

In 11.4 SRU 62 we not able to cancel the print job of root from test user

Version of print/cups

         Name: library/print/cups-libs
      Summary: Common Unix Print System (CUPS) runtime libraries
     Category: System/Printing
        State: Installed
    Publisher: solaris
      Version: 2.4.6
       Branch: 11.4.62.0.1.151.2

testuser01@ldom32:~$ beadm list BE Name Flags Mountpoint Space Policy Created

11.4_SRU6 - - 3.04G static 2024-02-27 23:18 11.4_SRU62 NR / 8.96G static 2024-03-22 02:53 solaris - - 915.59M static 2023-11-16 20:42 testuser01@ldom32:~$ lpq -a no entries testuser01@ldom32:~$ lpstat -o testuser01@ldom32:~$ lpq -a Rank Owner Job File(s) Total Size active unknown 94 unknown 1024 bytes 1st unknown 95 unknown 1024 bytes testuser01@ldom32:~$ lpstat -o myprinter-94 unknown 1024 Fri Mar 22 03:27:19 2024 myprinter-95 unknown 1024 Fri Mar 22 03:27:26 2024 testuser01@ldom32:~$ cancel -u root Password for testuser01 on localhost? ********* cancel: cancel-job failed: Forbidden testuser01@ldom32:~$ lpq -a Rank Owner Job File(s) Total Size active unknown 94 unknown 1024 bytes 1st unknown 95 unknown 1024 bytes testuser01@ldom32:~$ lpstat -o myprinter-94 unknown 1024 Fri Mar 22 03:27:19 2024 myprinter-95 unknown 1024 Fri Mar 22 03:27:26 2024 testuser01@ldom32:~$

Expected behavior

In 11.4 SRU 6 customer is able to cancel the print job of root from test user

Name: library/print/cups-libs Summary: Common Unix Print System (CUPS) runtime libraries Category: System/Printing State: Installed Publisher: solaris Version: 1.4.5

testuser01@ldom32:~$ beadm list BE Name Flags Mountpoint Space Policy Created

11.4_SRU6 NR / 6.47G static 2024-02-27 23:18 solaris - - 915.34M static 2023-11-16 20:42 testuser01@ldom32:~$ lpq -a no entries testuser01@ldom32:~$ lpstat -o testuser01@ldom32:~$ lpq -a Rank Owner Job File(s) Total Size active root 90 root_test01 1024 bytes 1st root 91 root_test02 1024 bytes testuser01@ldom32:~$ lpstat -o testuser01@ldom32:~$ cancel -u root testuser01@ldom32:~$ lpq -a no entries testuser01@ldom32:~$ lpstat -o testuser01@ldom32:~$ testuser01@ldom32:~$ testuser01@ldom32:~$

bash-5.2$ cat cupsd.conf

Administrator user group...

SystemGroup sys root

Screenshots NA

System Information:

  • OS and its version: Solaris 11.4 SRU 62
  • CUPS version : Version: 2.4.6

Additional context

From the CUPS man page:

https://www.cups.org/doc/man-cancel.html

Administrators wishing to prevent unauthorized cancellation of jobs via the -u option should require authentication for Cancel-Jobs operations in cupsd.conf(5).

Verifying the cups/cupsd.conf file in both SRU 6 and SRU 62

The following entry is not there in SRU 62 cups/cupsd.conf

Administrator user group...

SystemGroup sys root

To achieve a normal user to cancel the print job first step would be add the entry in cupsd.conf file

Next step would be add the required user to be part of the Admin user group.

In above case, if user 'XYZ' wants to purge all his jobs, he needs to part of the SystemGroup sys root

IMP: Care has to be taken before adding a user to this privileged list.

CUPS, by design, limits the authorization to delete/purge all jobs of a user at an admin level.

Example adding the user 'XYZ' to the sys group.

root@tx-4x-bxxx6-b# usermod -G sys XYZ

SrinivasOracle avatar Jun 13 '24 16:06 SrinivasOracle

The proposed wording is more confusing IMHO. What it is specifically you are asking for?

michaelrsweet avatar Aug 14 '24 04:08 michaelrsweet

Thanks for checking this. Customer wants the following line.

Administrators wishing to prevent unauthorized cancellation of jobs via the -u option should be part of the administrator group to cancel or authenticate a job..

SrinivasOracle avatar Aug 26 '24 09:08 SrinivasOracle

Again, that doesn't clarify anything, and if you are an administrator then you are, by definition, in the "administrator group" (what we'd normally call the "system" group which captures the various group names used on different Unix/Linux platforms)

michaelrsweet avatar Aug 27 '24 20:08 michaelrsweet

Please atleast put a note in the manual page with following lines as requested by the customer. If a normal user want to delete all jobs submitted by other users then the user running the "cancel -u " command must be the admin user or a privileged user with required privileges.

SrinivasOracle avatar Sep 12 '24 08:09 SrinivasOracle

@SrinivasOracle I'm not sure that actually makes sense. A "normal user" is by definition not an admin or privileged user. I'll try to come up with wording that captures what you are looking for...

michaelrsweet avatar Sep 12 '24 14:09 michaelrsweet

OK, I've reworded this as:

The -a and -u username options require administrative access. These restrictions are part of the operation policies defined in the cupsd.conf(5) file for the "Cancel-Jobs" and "Cancel-My-Jobs" operations, respectively.

[master e9035ac99] Update the cancel man page (Issue #984)

michaelrsweet avatar Sep 16 '24 16:09 michaelrsweet