Features/CupsPolicyKitIntegration

= Cups/PolicyKit Integration =

Summary
Use PolicyKit to define policies for accessing the cups functionality.

Owner

 * Name: Marek Kašík
 * Email: mkasik@redhat.com

Current status

 * Targeted release: Fedora 11
 * Last updated: 2009-03-05
 * Percentage of completion: 100%

cups-pk-helper has been built in rawhide.

The system-config-printer patch is merged upstream and has been built in rawhide.

cups-pk-helper changes are being upstreamed, which may lead to some changes in the granularity of the policy.

cups-pk-helper changes are merged upstream, which changed the set of policies.

Still to do: - Document actions and default policy somehow

Detailed Description
Cups has its own authentication and policy configuration mechanism, which basically consists in specifying users/groups that are allowed administrative access to the cups server. In an ideal world, cups would expose its administrative functions as a PolicyKit mechanism via d-bus. Since that is unlikely to happen in the short term (if ever), Vincent Untz of OpenSUSE has written a small wrapper called cups-pk-helper to do this, together with the necessary changes to pycups and system-config-printer to talk to cups-pk-helper instead of directly to cups.

The following functions are controlled via PolicyKit policies currently:
 * add/remove/edit local printers
 * add/remove/edit remote printers
 * add/remove/edit classes
 * enable/disable printer
 * set printer as default printer
 * get/set server settings (this includes getting/putting a file in the cups config)
 * restart/cancel/edit a job owned by another user
 * restart/cancel/edit a job

Benefit to Fedora
Administration of Fedora installations becomes more uniform, cups policies can be configured with the same tools that are used for other PolicyKit-enabled parts of the system.

Scope
cups-pk-helper has to be packaged, system-config-printer needs to be changed to incorporate the PolicyKit-related changes (probably best done by merging those changes upstream, since system-config-printer is no longer a Fedora-only tool). Suitable default policies have to be defined for the functionalities listed above.

How To Test

 * Testing this feature will likely benefit from having a printer available.


 * You need to have cups, system-config-printer and cups-pk-helper installed.


 * Use system-config-printer and perform the functions listed above. Verify that the defined polices are enforced (e.g. if the policy demands admin authentication to enable a printer, trying to enable a printer should bring up a dialog asking for the root password).


 * Verify that changing policies using polkit-gnome-authorization is reflected in system-config-printer (e.g. changing the policy for adding classes to 'no' should make the controls for adding classes in system-config-printer become insensitive or invisible).

User Experience
This feature will affect people who configure cups using system-config-printer; they will see the same PolicyKit dialogs that they see in other configuration tools, instead of a custom s-c-p root password dialog. This feature also affects administrators who need to define policies for access to the printing system; they can use PolicyKit to define more finegrained policy than previously possible by editing cupsd.conf.

Dependencies
A PolicyKit-enabled system-config-printer release would be good, to avoid carrying a large patch in our package, but it is not, strictly, a requirement. cups-pk-helper is currently developed at http://www.vuntz.net/git/cups-pk-helper.git/, it would be good to turn it into an actual project, maybe hosted at freedesktop.org, to make collaboration on its future development easier. The cups-pk-helper package is under review.

Contingency Plan
If things don't work out, we don't ship cups-pk-helper by default and revert to a not-PolicyKit-enabled version of system-config-printer.

Documentation

 * cups-pk-helper's DBus api

Release Notes
In this release, system-config-printer uses PolicyKit to control access to restricted cups functionality. The following functions are controlled via PolicyKit policies currently:
 * add/remove/edit local printers
 * add/remove/edit remote printers
 * add/remove/edit classes
 * enable/disable printer
 * set printer as default printer
 * get/set server settings
 * restart/cancel/edit a job owned by another user
 * restart/cancel/edit a job

Comments and Discussion

 * See Talk:Features/CupsPolicyKitIntegration