The print server (cups) can be taken care of by users without the need to have an access to shell, using the web interface provided by default by cups.
The policy chosen by Blue Light is to create a specific user in the system for that task: printadmin.
This documentation follows https://jira.bluelightav.org/browse/BLUE-2257 , and there's a request for automating the task: https://redmine.bluelightav.org/issues/2340 .
The printer administrators need to have network access to the server (in Blue Light: using OpenVPN).
adduser printadmin |
Set the password as set in BLKPDB.
Add it in the group:
adduser printadmin lpadmin |
In the general config (no) section of /etc/cups/cupsd.conf, add a line:
ServerAlias * |
Add in the <Location /> section of /etc/cups/cupsd.conf
Allow all |
Remove all lines matching Allow @LOCAL in other <Location> sections of that file, if any.
Make sure that the server is accessible from anywhere. Eventually (Jessie?), replace Listen localhost:631 by:
Listen *:631 |
Point a web browser to: https://server.name:631
The default settings allow viewing the printers and queues, but not any modification.
The cups web sites prompts for user name (printadmin) and password when required.
TODO: document common tasks, such as adding a printer, pausing/resuming, etc