How do I organize printers and user groups

You can base the organization on application of UNIX file permissions. An installed printer is only displayed in the Printer Selection dialog (even when List All Printers is enabled) if the user has read permission to the printer initialization file defining the printer in the printers directory. You can thus reserve a printer for a certain group of users simply by means of ownership and permission flags for the printer inititialisation file. This is a very flexible way because there are no specific requirements as to how your organization should be structured.
The best definition of groups for printer access is not necessarily identical to the group structure already defined in your system. The group of users who shall have access to one or more specific printers could reflect a department, a specific physical location, a job function, or any other unit within your company’s infrastructure. The group could also be related to the printer itself, say a group of large format plotters, or a group of photorealistic color printers.

The rules of the game are simple:

  1. A group "owns" one or more printers.
  2. A group has one or more members (users).
  3. A user can be member of more than one group.
  4. Two groups cannot share a printer (you can, however, let a third group own the printer, and just admit all members of the first two groups).

Groups are defined by adding new group definition lines to the file /etc/groups. The group definition specifies the members of the group. For example: 


  dept_a:!:150:john,jane,peter,billy
  dept_b:!:151:susan,lisa,cliff
  plotter:!:159:peter,lisa

This defines three groups. Two of these are departments, namely dept_a (users john, jane, peter, and billy) and dept_b (users susan, lisa, and cliff). In addition peter from dept_a and lisa from dept_b are members of another group called plotter.


You can now allocate printers for Department A and B by changing ownership and permissions for their initialization files in the printers directory:


  # chown root:dept_a hp8500_a
  # chown root:dept_b epson940
  # chown root:dept_b qms2425
  # chmod 440 hp8500_a
  # chmod 440 epson940
  # chmod 440 qms2425

(default permission setting is 444, that is, visible to all users).

In a similar way you can reserve a printer for the two users in the special plotter group:


  # chown root:plotter novajet
  # chmod 440 novajet


The users john, jane, and billy can only see the printer hp8500_a, whereas peter can see both hp8500_a and novajet. In department B susan and cliff can see epson940 and qms2425, and lisa can see epson940, qms2425, and novajet. And of course you, the System Administrator, can see them all.