From Fedora Project Wiki
(→‎PolicyKit configuration: Updated for 'wheel' group being the admin group not desktop_admin_r)
 
(One intermediate revision by one other user not shown)
Line 35: Line 35:
Support for using PolicyKit to perform administrative operations is provided by the separate cups-pk-helper package.
Support for using PolicyKit to perform administrative operations is provided by the separate cups-pk-helper package.


== PolicyKit configuration ==
== polkit configuration ==


The printing configuration tool uses PolicyKit when configuring CUPS on the local machine.  For normal IPP operations the policy determining who gets to modify what is defined in the CUPS configuration file {{filename|/etc/cups/cupsd.conf}}.  Configuring CUPS using PolicyKit (cups-pk-helper) is an extra mechanism with its own policy.
The printing configuration tool uses [http://www.freedesktop.org/wiki/Software/polkit/ polkit] when configuring CUPS on the local machine.  For normal IPP operations the policy determining who gets to modify what is defined in the CUPS configuration file {{filename|/etc/cups/cupsd.conf}}.  Configuring CUPS using polkit (cups-pk-helper) is an extra mechanism with its own policy.


The default cups-pk-helper policy requires administrative authentication for most actions.  Here is how you can customize that in two steps.
The default cups-pk-helper policy requires administrative authentication for most actions.  Here is how you can customize that in two steps.


* Using the User Accounts tool in System Settings, change your ''Account type'' to ''Administrator''.
* Using the User Accounts tool in System Settings, change your ''Account type'' to ''Administrator''.
* Create a <code>pklocalauthority</code> file called {{filename|/var/lib/polkit/localauthority/50-local.d/10-printer-config.pkla}} with this content:
* Create a polkit rules file called {{filename|/etc/polkit-1/rules.d/70-cupspkhelper.rules}} with this content:
<pre>
<pre>
[Desktop Administrator Permissions]
// This file belongs in /etc/polkit-1/rules.d
Identity=unix-group:wheel
polkit.addRule(function(action, subject) {
Action=org.opensuse.cupspkhelper.mechanism.*
    if (/^org\.opensuse\.cupspkhelper\.mechanism\./.test(action.id) &&
ResultAny=no
        subject.isInGroup("wheel")) {
ResultInactive=no
            return polkit.Result.YES;
ResultActive=yes
    }
});
</pre>
</pre>
Note that there is an open bug about whether or not this should be the default: [https://bugzilla.redhat.com/show_bug.cgi?id=596711 bug #596711].


== Original design discussion for system-config-printer ==
== Original design discussion for system-config-printer ==

Latest revision as of 13:17, 1 December 2014

system-config-printer

This page has information about the printing configuration tool used in Fedora, system-config-printer. The tool is for configuring a CUPS server, and uses the Internet Printing Protocol (IPP) to do so. For local servers this is delegated to PolicyKit when available.

Structure

The configuration tool is written in Python and uses GTK+. The IPP handling is done using the pycups Python extension. Windows print share browsing is provided by the pysmbc Python extension.

Main application

The main application provides a graphical interface for editing printer queues.

Applet

The printer applet displays an icon in the notification area when you have jobs queued to print.

udev hook

The system-config-printer-udev sub-package provides support for using udev to configure USB printers at the time they are connected. It can also install printer drivers as required.

pycups

In order to communicate with a CUPS server, system-config-printer uses the libcups library provided by CUPS. This provides a fairly high-level API for performing several common operations such as adding and removing printers. It also provides a lower-level API for constructing arbitrary IPP requests.

Another API provided by this library is one for inspecting and manipulating PPD files, which define what format the printer requires data in, as well as any options and their choices and defaults.

Bindings for the high-level IPP API and for the PPD API are provided by the separate python-cups package.

pysmbc

The libsmbclient library is used to discover and browse CIFS print shares. Python bindings for a simple subset of this API are provided by the separate python-smbc package.

cups-pk-helper

Support for using PolicyKit to perform administrative operations is provided by the separate cups-pk-helper package.

polkit configuration

The printing configuration tool uses polkit when configuring CUPS on the local machine. For normal IPP operations the policy determining who gets to modify what is defined in the CUPS configuration file /etc/cups/cupsd.conf. Configuring CUPS using polkit (cups-pk-helper) is an extra mechanism with its own policy.

The default cups-pk-helper policy requires administrative authentication for most actions. Here is how you can customize that in two steps.

  • Using the User Accounts tool in System Settings, change your Account type to Administrator.
  • Create a polkit rules file called /etc/polkit-1/rules.d/70-cupspkhelper.rules with this content:
// This file belongs in /etc/polkit-1/rules.d
polkit.addRule(function(action, subject) {
    if (/^org\.opensuse\.cupspkhelper\.mechanism\./.test(action.id) &&
        subject.isInGroup("wheel")) {
            return polkit.Result.YES;
    }
});

Original design discussion for system-config-printer

Additional information

These projects are hosted at fedorahosted:

A document describing how the various components fit together was written a while ago. It is out of date in that it mentions hal-cups-utils (instead we use udev hooks now) and that it does not talk about cups-pk-helper at all.