How to stop CUPS from asking for the root password

CUPS has a quite restrictive allow/deny policy. Cancelling jobs requires the owner or root (OK, makes sense), for starting and stopping printers you also need root privileges. My root password is befittingly cumbersome, so I looked for some kind of CUPS sudo.
The file to look for is /etc/cups/cupsd.conf, which can be conveniently edited from the CUPS web interface's (localhost:631) Administration tab.

There are two options: either disable the password prompt completely (convenient, but on the risky side), or give your own user CUPS admin rights.
First option: change the line "DefaultPolicy default" to "DefaultPolicy easy". No password prompt ever, even if you fiddle with the configuration files. Not sure I like that.
Second option: Get the password prompt to accept your own user. For this, change the line "SystemGroup sys root" to "SystemGroup sys root lp" and make sure your user is a member of the lp group.

Judging from the structure of cupsd.conf, I suppose it is possible to fine-tune individual permissions by changing/commenting out the  AuthType/Require user statements in specific <Limit> … </Limit> blocks, but I saw no need to do that.
The CUPS web interface will restart the server after changing the configuration, however, your login status is apparently preserved. Reopen the interface in a new browser window to re-login.


DaWuzzzz said...

Yeah! Thanks for finding out that. I was annoyed by that CUPS behaviour as well but was too lazy to find out how to improve this situation...

avocadohead said...

My pleasure...