[gutsy tribe 5] a user with sudo privileges cannot change printer settings

An additional point: When I give the command

gksudo system-config-printer

I get a different, more familiar window requesting my password before the system displays the Printer configuration window.
I type my password and can then make all the changes I like to the printers without supplying a password again.

I think the problem is that system-config-printer (or any application) cannot query the CUPS policy to discover whether it will be allowed to perform an operation before it tries to do it.

What we have to do at Ubuntu is to assure that a privileged user is not only in the "admin" group (to perform commands as root using sudo) but also in the "lpadmin" group (to send administrative requests to the CUPS daemon) and perhaps also in other groups to get admin privileges on other daemons/services.

This must be assured on updates from any Ubuntu distro to Gutsy and also on fresh Gutsy installations. I have seen complaints elsewhere that the "lpadmin" membership got lost on updates to Gutsy.

On a properly configured Ubuntu

gksudo system-config-printer

is not needed. It only annoys the user. In addition, it makes the GUI running as root which is also not necessary here.

Closing system-config-printer task ...

By default, the first user is put into both admin and lpadmin. Distro upgrades should not change group membership at all; if it does, this might be the infamous bug 26338, but we should not do any further messing with groups on upgrades.

This is not an installer bug at all, it does the right thing as it is ATM.

What we actually want, is telling in s-c-p's .desktop file: "If the user is in lpadmin, run s-c-p as normal user, otherwise run it through gksu". This is not possible to do in the .desktop file itself, but this condition can be checked in s-c-p code: either in the binary itself (if it does not have sufficient permissions, it could exec itself through gksu), or the .desktop file calls a wrapper shell script instead, which checks for group membership and then execs the real s-c-p through gksudo IFF the user is not in lpadmin.

The latter is preferable, since s-c-p shuold not hardcode gksu (you can certainly use it from KDE, too). So the wrapper script should detect what's available (based on running session, then gksu/kdesudo availability).

It seems that this should be upgraded from "wishlist" status to something higher. This is a going to be a problem that users will often run into since s-c-p is now the default print manager GUI. If a normal user can't just run the panel and have their password entry work as expected that will reflect negatively in a major way. At the very, very least, a dialog should come up explaining the failure and suggesting adding oneself to lpadmin.

I strongly agree this should be more than "wishlist" - it hinders the normal ability for users to add printers, and does not give you the information required to understand the fact that you need to be a part of the 'lpadmin' group. I personally have been dealing with this bug for a long time, and just now have been able to sift through the (numerous) bug reports involving this very issue. It should be treated as Medium/High.

(Added in duplicate #152504)
---
I can confirm this behavior in Hardy 8.04.1 with all updates, on 9 different servers that I administrate.

I can confirm the workaround of adding the user to the "lpadmin" group to bypass the prompt for a password and add a printer, whereas before it would continually ask for a password, even when entering it correctly.

This issue probably affects anyone trying to add a printer that isn't part of the "lpadmin" group. Yikes.