The Samba-Bugzilla – Bug 2850
Domain Administrator and Everyone set as privileged by default
Last modified: 2005-07-15 09:43:22 UTC
A printer is created from Windows 2003 server on to a samba server. The logged
in user account belongs to cups PrintAdmin group and also Administrators group.
However, once the printer is created, the security tab shows that
"DOMAIN\Administrator" and "Everyone" have access to this printer. Also the
printAdmin group or the user creating the printer are not included.
Now if the user logs in as Administrator and tries accessing this printer, he is
not able to add new drivers but is able to choose from already existing drivers.
Are you really using version 3.0.1? If so, could you please try
to reproduce this against a more recent release such as 3.0.14a?
Are you running with drivers installed on the Samba host?
We'll need a lot more details here, but it sounds like you
don't have the groups or access setup correctly. Or possibly
there is just a misunderstanding on how things should work.
(In reply to comment #1)
The version of samba being used is 3.0.13.
The drivers are installed in the Samba host. The user is able to choose between
the drivers already installed. However, the "New Driver" button of Add printer
wizard is disabled.
The account used to create the printer is part of a group configured as cups
admin group in samba server.
re-reading the original report I notice that what you
are describing is behavior by design. The current default
access control on new printers is
Administrator - Full Control
DOmain Admins - Full Control
Everyone - Print
We do not make use of the CREATOR OWNER built in SID.
You can only install new drivers on the server if
you are a printer admin on the Samba host (not for a
specific printer) or possess the SePrintOperatorPrivilege
on the Samba server. There's not bug here in that things work
as they are expected to work.