## ## First, modify cupsd.conf to allow local access to /admin: ## DATE=$(date +%Y%m%d) TMP_DIR=/tmp TMP_FILE="$(mktemp ${TMP_DIR}/.cupsd.conf.XXXXXX)" EDIT_TAG="Edited by Novell-iPrint:" CONF_FILE="/etc/cups/cupsd.conf" BACKUP_FILE=${CONF_FILE}.bak.${DATE}.$$ # Modify CONF_FILE for 'high' security model for /admin section if [ -f ${CONF_FILE} ]; then sed -e "/^ *< *Location *\/admin/,/^ *< *\/Location *>/{ # Work only in the '' block /^.*Location/!d; # Delete all but the location directives s@$^ *< *Location.*$$@\1\n# ${EDIT_TAG} ${DATE}\n#\n# Security setting: high\n# Original configuration backed up to ${BACKUP_FILE}\n#\n\nAuthType BasicDigest\nAuthClass Group\nAuthGroupName sys\n\n## Restrict access to local domain\nOrder Deny,Allow\nDeny From All\nAllow From 127.0.0.1\n#Encryption Required@; }" ${CONF_FILE} > "${TMP_FILE}" # Replace the CONF_FILE with our modified version if ! cp "${CONF_FILE}" "${BACKUP_FILE}"; then echo "Error: Failed to create backup of $(basename ${CONF_FILE})" echo "Add 'Allow From 127.0.0.1' for all users to section manualy." elif ! mv "${TMP_FILE}" ${CONF_FILE}; then echo "Error: Failed to modify $(basename ${CONF_FILE})" echo "Add 'Allow From 127.0.0.1' for all users to section manualy." fi rm -rf "${TMP_FILE}" else echo "${CONF_FILE}: No such file or directory or already modified by Novell iPrint" fi /sbin/ldconfig # Restart cups # only if it is running ... test -n "$FIRST_ARG" || FIRST_ARG=$1 if test "$FIRST_ARG" -ge 1 ; then test -f /etc/sysconfig/services && . /etc/sysconfig/services if test "$YAST_IS_RUNNING" != "instsys" -a "$DISABLE_RESTART_ON_UPDATE" != yes ; then for service in cups ; do /etc/init.d/$service try-restart > /dev/null || : done fi fi