The problem is caused by the fact that only members of the group "Print Operators" are allowed to control the printer. Normal users (i.e. members of the group "Staff") are not automatically added to the group "Print Operators". This makes sense in an environment where you don't want Joe Public messing with printer settings. It makes less sense in a lab or production environment where the staff can be trusted with the printers.
Fortunately, I found a simple solution here:
In Terminal.app, type the following:
dseditgroup -o edit -u ADMINUSER -p -a USER -t user _lpadmin
where ADMINUSER is the user name of an administrator and USER is the user name you want controlling the printer.
You will be asked for the password of ADMINUSER and then USER is added to the "_lpadmin" group, solving the problem permanently.
CAUTION
A word of advice to the wise: I do not know if adding a user to the group "_lpadmin" has any side effects. The users of the machines I administer are considered trustworthy. The only reason they do not have administrative privileges is to protect the machines from unintended damage. So giving limited administrative privileges is not a problem. This may be different in your environment.
Consider the implications carefully before making changes!
Background Information
It appears that the problems observed are not uniform: some machines always show the problem, some not at all, and some only for some users.
It looks like Apple changed the defaults some time during the life-cycle of Mac OS X 10.5 (I have been unable to ascertain when exactly). Users created before the change were all members of "_lpadmin", users created later are not members.
The best solution would be to tell CUPS (the printing system used in Mac OS X) to allow members of the group "Staff" to control the printer. To do so, the file /etc/cups/cupsd.conf section
AuthType Default
Require user @AUTHKEY(system.print.operator) @admin @lpadmin
Order deny,allow
needs to be changed to something like
AuthType Default
Require user @AUTHKEY(system.print.operator) @admin @lpadmin @staff
Order deny,allow
I did not try this myself. If you do, you may find cupsd.conf documentation useful. I would appreciate a comment telling about your experiences. Good luck!
No comments:
Post a Comment
I'd love to hear from you! Please remember to keep it civilized.