Roman Cheplyaka

Debugging a CUPS Forbidden error

July 8, 2016

When I try to install a printer on a fresh Fedora 24 system through the CUPS web interface (http://localhost:631/admin/), I get

Add Printer Error

Unable to add printer:

    Forbidden

Here’s the relevant part of the config file, /etc/cups/cupsd.conf:

<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
  AuthType Default
  Require user @SYSTEM
  Order deny,allow
</Limit>

Now look at man cupsd.conf for the explanation:

Require user {user-name|@group-name} ...
     Specifies  that  an authenticated user must match one of the named
     users or be a member of one of the named groups.  The  group  name
     "@SYSTEM" corresponds to the list of groups defined by the System‐
     Group directive in the cups-files.conf(5) file.   The  group  name
     "@OWNER" corresponds to the owner of the resource, for example the
     person that submitted a print job.

Let’s look at /etc/cups/cups-files.conf and find out what those groups are:

SystemGroup sys root

Alright, so the solution is:

sudo usermod -a -G sys feuerbach

(where feuerbach is my username).

Frankly, I think it’s a bug that an admin user cannot add a printer by default, but luckily it’s not hard to fix.