R
raydawg
I have requirments to build a kiosk that disables the users ability to print upon login, and then under certain circumstances enable them to print. All users will be logging in using a generic user account. This is my idea so far:
I am going to use CUPS to manage printing ability and Utilize the AllowUser and DenyUser directives for print control.
1) When user logs in I want to run a script that will add that user to the DenyUser list. I want to do this every login just to ensure they didn't somehow keep their printing ability from previous login.
2) I am developing a java application that the user will run, and a potential end result of that will remove them from DenyUser and put them on AllowUser list, thus giving them their printing ability.
3) Shutting down the application or logging off will run the script from #1 to disable their printing again.
My concerns are that I will have to give the user account sudo access to /usr/sbin/lpadmin for both the login/logout script and the java application. If the person has the knowledge they can just give themselves access via the terminal. If there any way to disable terminal access for a user? Can i simply just chmod the shell binary to root only?
If anyone has any suggestions on how to imporove on this, or maybe a totally different way of doing this entirely i am open for suggestions. Thanks!
Continue reading...
I am going to use CUPS to manage printing ability and Utilize the AllowUser and DenyUser directives for print control.
1) When user logs in I want to run a script that will add that user to the DenyUser list. I want to do this every login just to ensure they didn't somehow keep their printing ability from previous login.
2) I am developing a java application that the user will run, and a potential end result of that will remove them from DenyUser and put them on AllowUser list, thus giving them their printing ability.
3) Shutting down the application or logging off will run the script from #1 to disable their printing again.
My concerns are that I will have to give the user account sudo access to /usr/sbin/lpadmin for both the login/logout script and the java application. If the person has the knowledge they can just give themselves access via the terminal. If there any way to disable terminal access for a user? Can i simply just chmod the shell binary to root only?
If anyone has any suggestions on how to imporove on this, or maybe a totally different way of doing this entirely i am open for suggestions. Thanks!
Continue reading...