Oct 08, '08 07:30:00AM • Contributed by: macsadmn
pMy techs and I were searching for a way to allow non-admin users to add and remove printers under 10.5. Unfortunately, we could only find a few hints that involved modifying /etc/cups/cupsd.conf -- which did not really meet our needs (those hints did not allow a standard way for a non-admin user to remove printers). So, here's our solution...
Please note that we have only tested this a few times, but it seems to work. What we're doing is editing /etc/authorization. More specifically, we're changing the system.preferences dictionary item within the authorization file so that the group string is set to everyone, rather than admin. One way to do this through the GUI is to copy /etc/authorization to your desktop, add .plist to the end of the filename, edit the file with Property List Editor, save, and remove the .plist extension. Then replace the original authorization file in /etc with your edited copy -- please make a backup of the original before replacing! Be sure to check permissions of the new file after copying it. This seems to open up the ability to add/remove printers to anyone -- beware, though, that it also opens up a few, select, other System Preferences, but nothing that cannot be managed through Workgroup Manager.
After some more testing, we plan to blast out our modified /etc/authorization file with FileWave -- unless we get flamed on here for some obvious mistake :-). As for a CLI method, here's what seems to work (and potentially could be pushed out via Apple Remote Desktop):
$ cp -pr /etc/authorization /etc/authorization-original
$ cp -pr /etc/authorization /tmp/authorization.plist
$ defaults write /tmp/authorization rights -dict-add system.preferences "<dict><key>allow-root</key><true/><key>class</key><string>user</string><key>comment</key><string>MODIFIED BY SYSTEMS ADMINISTRATOR TO ALLOW ANYONE TO ADD PRINTERS. Note: This does open up other system preferences. - Checked by the Admin framework when making changes to certain System Preferences.</string><key>group</key><string>everyone</string><key>shared</key><true/></dict>"
$ mv /tmp/authorization.plist /etc/authorization[robg adds: I haven't tested this one.]
