CUPS Software Administrators Manual
CUPS-SAM-1.1.19
Easy Software Products
Copyright 1997-2003, All Rights Reserved
This software administrators manual provides printer administration information for the Common UNIX Printing SystemTM ("CUPS TM"), version 1.1.19.
CUPS provides a portable printing layer for UNIX®-based operating systems. It has been developed by Easy Software Products to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces.
CUPS uses the Internet Printing Protocol ("IPP") as the basis for managing print jobs and queues. The Line Printer Daemon ("LPD") Server Message Block ("SMB"), and AppSocket (a.k.a. JetDirect) protocols are also supported with reduced functionality. CUPS adds network printer browsing and PostScript Printer Description ("PPD") based printing options to support real-world printing under UNIX.
CUPS includes an image file RIP that supports printing of image files to non-PostScript printers. A customized version of GNU Ghostscript 7.05 for CUPS called ESP Ghostscript is available separately to support printing of PostScript files within the CUPS driver framework. Sample drivers for Dymo, EPSON, HP, and OKIDATA printers are included that use these filters.
Drivers for thousands of printers are provided with our ESP Print Pro software, available at:
http://www.easysw.com/printpro/
CUPS is licensed under the GNU General Public License and GNU Library General Public License. Please contact Easy Software Products for commercial support and "binary distribution" rights.
This software administrators manual is organized into the following sections:
Various font and syntax conventions are used in this guide. Examples and their meanings and uses are explained below:
| Example | Description | |
|---|---|---|
lpstat
lpstat(1) | The names of commands; the first mention of a command or function in a chapter is followed by a manual page section number. | |
| /var
/usr/share/cups/data/testprint.ps | File and directory names. | |
| Request ID is Printer-123 | Screen output. | |
| lp -d printer filename ENTER | Literal user input; special keys like ENTER are in ALL CAPS. | |
| 12.3 | Numbers in the text are written using the period (.) to indicate the decimal point. |
This chapter provides an overview of how the Common UNIX Printing System works.
For years the printing problem has plagued UNIX. Unlike Microsoft® Windows® or Mac OS, UNIX has no standard interface or system in place for supporting printers. Among the solutions currently available, the Berkeley and System V printing systems are the most prevalent.
These printing systems support line printers (text only) or PostScript printers (text and graphics), and with some coaxing they can be made to support a full range of printers and file formats. However, because each varient of the UNIX operating system uses a different printing system than the next developing printer drivers for a wide range of printers and operating systems is extremely difficult. That combined with the limited volume of customers for each UNIX varient has forced most printer vendors to give up supporting UNIX entirely.
CUPS is designed to eliminate the printing problem. One common printing system can be used by all UNIX varients to support the printing needs of users. Printer vendors can use its modular filter interface to develop a single driver program that supports a wide range of file formats with little or no effort. Since CUPS provides both the System V and Berkeley printing commands, users (and applications) can reap the benefits of this new technology with no changes.
CUPS is based upon an emerging Internet standard called the Internet Printing Protocol. IPP has been embraced by dozens of printer and printer server manufacturers and is supported by Microsoft Windows 2000.
IPP defines a standard protocol for printing as well as managing print jobs and printer options like media size, resolution, and so forth. Like all IP-based protocols, IPP can be used locally or over the Internet to printers hundreds or thousands of miles away. Unlike other protocols, however, IPP also supports access control, authentication, and encryption, making it a much more capable and secure printing solution than older ones.
IPP is layered on top of the Hyper-Text Transport Protocol ("HTTP") which is the basis of web servers on the Internet. This allows users to view documentation, check status information on a printer or server, and manage their printers, classes, and jobs using their web browser.
CUPS provides a complete IPP/1.1 based printing system that provides Basic, Digest, and local certificate authentication and user, domain, or IP-based access control. TLS encryption will be available in future versions of CUPS.
Each file or set of files that is submitted for printing is called a job. Jobs are identified by a unique number starting at 1 and are assigned to a particular destination, usually a printer. Jobs can also have options associated with them such as media size, number of copies, and priority.
CUPS supports collections of printers known as classes. Jobs sent to a class are forwarded to the first available printer in the class.
Filters allow a user or application to print many types of files without extra effort. Print jobs sent to a CUPS server are filtered before sending them to a printer. Some filters convert job files to different formats that the printer can understand. Others perform page selection and ordering tasks.
CUPS provides filters for printing many types of image files, HP-GL/2 files, PDF files, and text files. CUPS also supplies PostScript and image file Raster Image Processor ("RIP") filters that convert PostScript or image files into bitmaps that can be sent to a raster printer.
Backends perform the most important task of all - they send the filtered print data to the printer.
CUPS provides backends for printing over parallel, serial, and USB ports, and over the network via the IPP, JetDirect (AppSocket), and Line Printer Daemon ("LPD") protocols. Additional backends are available in network service packages such as the SMB backend included with the popular SAMBA software.
Backends are also used to determine the available devices. On startup each backend is asked for a list of devices it supports, and any information that is available. This allows the parallel backend to tell CUPS that an EPSON Stylus Color 600 printer is attached to parallel port 1, for example.
Printer drivers in CUPS consist of one of more filters specific to a printer. CUPS includes sample printer drivers for Hewlett-Packard LaserJet and DeskJet printers and EPSON 9-pin, 24-pin, Stylus Color, and Stylus Photo printers. While these drivers do not generate optimal output for the different printer models, they do provide basic printing and demonstrate how you can write your own printer drivers and incorporate them into CUPS.
Printers and classes on the local system are automatically shared with other systems on the network. This allows you to setup one system to print to a printer and use this system as a printer server or spool host for all of the others. Users may then select a local printer by name or a remote printer using "name@server".
CUPS also provides implicit classes, which are collections of printers and/or classes with the same name. This allows you to setup multiple servers pointing to the same physical network printer, for example, so that you aren't relying on a single system for printing. Because this also works with printer classes, you can setup multiple servers and printers and never worry about a single point of failure unless all of the printers and servers go down!
This chapter shows how to build and install the Common UNIX Printing System. If you are installing a binary distribution from the CUPS web site, proceed to the section titled, Installing a Binary Distribution.
This section describes how to compile and install CUPS on your system from the source code.
You'll need ANSI-compliant C and C++ compilers to build CUPS on your system. As its name implies, CUPS is designed to run on the UNIX operating system, however the CUPS interface library and most of the filters and backends supplied with CUPS should also compile and run under Microsoft Windows.
For the image file filters and PostScript RIP, you'll need the JPEG, PNG, TIFF, and ZLIB libraries. CUPS will build without these, but with significantly reduced functionality. Easy Software Products maintains a mirror of the current versions of these libraries at:
ftp://ftp.easysw.com/pub/libraries
If you make changes to the man pages you'll need GNU groff or another nroff-like package. GNU groff is available from:
ftp://ftp.gnu.org/pub/groff
The documentation is formatted using the HTMLDOC software. If you need to make changes you can get the HTMLDOC software from:
http://www.easysw.com/htmldoc
Finally, you'll need a make program that understands the
include directive - FreeBSD, NetBSD, and OpenBSD
developers should use the gmake program.
CUPS uses GNU autoconf to configure the makefiles and source code for your system. Type the following command to configure CUPS for your system:
./configure ENTER
The default installation will put the CUPS software in the /etc
, /usr, and /var directories on your system, which
will overwrite any existing printing commands on your system. Use the
--prefix option to install the CUPS software in another location:
./configure --prefix=/some/directory ENTER
If the PNG, JPEG, TIFF, and ZLIB libraries are not installed in a
system default location (typically /usr/include and
/usr/lib) you'll need to set the CFLAGS,
CXXFLAGS, and LDFLAGS environment variables prior to
running configure:
setenv CFLAGS "-I/some/directory" ENTER setenv CXXFLAGS "-I/some/directory" ENTER setenv LDFLAGS "-L/some/directory" ENTER setenv DSOFLAGS "-L/some/directory" ENTER ./configure ... ENTER
or:
CFLAGS="-I/some/directory"; export CFLAGS ENTER CXXFLAGS="-I/some/directory"; export CXXFLAGS ENTER LDFLAGS="-L/some/directory"; export LDFLAGS ENTER DSOFLAGS="-L/some/directory"; export DSOFLAGS ENTER ./configure ... ENTER
To enable support for encryption, you'll also want to add the "--enable-ssl" option:
./configure --enable-ssl
SSL and TLS support require the OpenSSL library, available at:
http://www.openssl.org
If the OpenSSL headers and libraries are not installed in the
standard directories, use the --with-openssl-includes and
--with-openssl-libs options:
./configure --enable-ssl \
--with-openssl-includes=/foo/bar/include \
--with-openssl-libs=/foo/bar/lib
Once you have configured things, just type:
make ENTER
to build the software.
Use the "install" target to install the software:
make install ENTER
| WARNING:
Installing CUPS will overwrite your existing printing system. If you experience difficulties with the CUPS software and need to go back to your old printing system, you will need to reinstall the old printing system from your operating system CDs. |
Once you have installed the software you can start the CUPS server by typing:
/usr/sbin/cupsd ENTER
CUPS comes in a variety of binary distribution formats. Easy Software Products provides binaries in TAR format with installation and removal scripts ("portable" distributions), and in RPM and DPKG formats for Red Hat and Debian-based distributions. Portable distributions are available for all platforms, while the RPM and DPKG distributions are only available for Linux.
| WARNING:
Installing CUPS will overwrite your existing printing system. If you experience difficulties with the CUPS software and need to go back to your old printing system, you will need to remove the CUPS software with the provided script and/or reinstall the old printing system from your operating system CDs. |
To install the CUPS software from a portable distribution you will
need to be logged in as root; doing an su is good enough.
Once you are the root user, run the installation script with:
./cups.install ENTER
After asking you a few yes/no questions the CUPS software will be installed and the scheduler will be started automatically.
To install the CUPS software from an RPM distribution you will need
to be logged in as root; doing an su is good enough. Once
you are the root user, run RPM with:
rpm -e lpr rpm -i cups-1.1-linux-M.m.n-intel.rpm ENTER
After a short delay the CUPS software will be installed and the scheduler will be started automatically.
To install the CUPS software from a Debian distribution you will need
to be logged in as root; doing an su is good enough. Once
you are the root user, run dpkg with:
dpkg -i cups-1.1-linux-M.m.n-intel.deb ENTER
After a short delay the CUPS software will be installed and the scheduler will be started automatically.
This chapter describes how to add your first printer and how to manage your printers.
Each printer queue has a name associated with it; the printer name must start with any printable character except " ", "/", and "@". It can contain up to 127 letters, numbers, and the underscore (_). Case is not significant, e.g. "PRINTER", "Printer", and "printer" are considered to be the same name.
Printer queues also have a device associated with them. The device
can be a parallel port, a network interface, and so forth. Devices
within CUPS use Uniform Resource Identifiers ("URIs") which are a more
general form of Uniform Resource Locators ("URLs") that are used in
your web browser. For example, the first parallel port in Linux usually
uses a device URI of parallel:/dev/lp1.
You can see a complete list of supported devices by running the
lpinfo(8) command:
lpinfo -v ENTER network socket network http network ipp network lpd direct parallel:/dev/lp1 serial serial:/dev/ttyS1?baud=115200 serial serial:/dev/ttyS2?baud=115200 direct usb:/dev/usb/lp0 network smb
The -v option specifies that you want a list of
available devices. The first word in each line is the type of device
(direct, file, network, or serial) and is followed by the device URI or
method name for that device. File devices have device URIs of the form
file:/directory/filename while network devices use the more
familiar method://server or method://server/path
format.
Finally, printer queues usually have a PostScript Printer Description ("PPD") file associated with them. PPD files describe the capabilities of each printer, the page sizes supported, etc., and are used for PostScript and non-PostScript printers. CUPS includes PPD files for HP LaserJet, HP DeskJet, EPSON 9-pin, EPSON 24-pin, and EPSON Stylus printers.
CUPS provides two methods for adding printers: a command-line program
called lpadmin(8) and a Web interface. The lpadmin
command allows you to perform most printer administration tasks from
the command-line and is located in /usr/sbin. The Web
interface is located at:
http://localhost:631/admin
and steps you through printer configuration. If you don't like command-line interfaces, try the Web interface instead.
Run the lpadmin command with the -p option
to add a printer to CUPS:
/usr/sbin/lpadmin -p printer -E -v device -m ppd ENTER
For a HP DeskJet printer connected to the parallel port this would look like:
/usr/sbin/lpadmin -p DeskJet -E -v parallel:/dev/lp1 -m deskjet.ppd ENTER
Similarly, a HP LaserJet printer using a JetDirect network interface at IP address 11.22.33.44 would be added with the command:
/usr/sbin/lpadmin -p LaserJet -E -v socket://11.22.33.44 -m laserjet.ppd ENTER
As you can see, deskjet.ppd and laserjet.ppd
are the PPD files for the HP DeskJet and HP LaserJet drivers included
with CUPS. You'll find a complete list of PPD files and the printers
they will work with in Appendix C, "Printer
Drivers".
For a dot matrix printer connected to the serial port this would might look like:
/usr/sbin/lpadmin -p DotMatrix -E -m epson9.ppd \
-v serial:/dev/ttyS0?baud=9600+size=8+parity=none+flow=soft ENTER
Here you specify the serial port (e.g. S0,S1, d0, d1), baud rate (e.g. 9600, 19200, 38400, 115200, etc.), number of bits, parity, and flow control. If you do not need flow control, delete the "+flow=soft" portion.
The CUPS web server provides a user-friendly "wizard" interface for adding your printers. Rather than figuring out which device URI and PPD file to use, you can instead click on the appropriate listings and fill in some simple information. Enter the following URL in your web browser to begin:
http://localhost:631/admin
Click on the Add Printer button to add a printer.
The lpadmin command enables you to perform most printer
administration tasks from the command-line. You'll find lpadmin
in the /usr/sbin directory.
Run the lpadmin command with the -p option
to add or modify a printer:
/usr/sbin/lpadmin -p printer options ENTER
The options arguments can be any of the following:
lpinfo command with the -m option.
A list of printer drivers included with CUPS can be found in
Appendix C, "Printer Drivers".enable(1) and accept(8) commands
on the printer.Run the lpadmin command with the -x option
to delete a printer:
/usr/sbin/lpadmin -x printer ENTER
Run the lpadmin command with the -d option
to set a default printer:
/usr/sbin/lpadmin -d printer ENTER
The default printer can be overridden by the user using the
lpoptions(1) command.
The enable and disable commands start and
stop printer queues, respectively:
/usr/bin/enable printer ENTER /usr/bin/disable printer ENTER
Printers that are disabled may still accept jobs for printing, but won't actually print any files until they are restarted. This is useful if the printer malfunctions and you need time to correct the problem. Any queued jobs are printed after the printer is enabled (started).
The accept and reject commands accept and
reject print jobs for the named printer, respectively:
/usr/sbin/accept printer ENTER /usr/sbin/reject printer ENTER
As noted above, a printer can be stopped but accepting new print jobs. A printer can also be rejecting new print jobs while it finishes those that have been queued. This is useful for when you must perform maintenance on the printer and will not have it available to users for a long period of time.
CUPS supports page and size-based quotas for each printer. The quotas are tracked individually for each user, but a single set of limits applies to all users for a partiuclar printer. For example, you can limit every user to 5 pages per day on an expensive printer, but you cannot limit every user except Johnny.
The job-k-limit, job-page-limit, and job-quota-peiod options determine whether and how quotas are enforced for a printer. The job-quota-period option determines the time interval for quota tracking. The interval is expressed in seconds, so a day is 86,400, a week is 604,800 and a month is 2,592,000 seconds. The job-k-limit option specifies the job size limit in killobytes. The job-page-limit option specifies the number of pages limit.
For quotas to be enforced, the period and at least one of the limits must be set to a non-zero value. The following options will enable quotas:
/usr/sbin/lpadmin -p printer -o job-quota-period=604800 -o job-k-limit=1024 ENTER /usr/sbin/lpadmin -p printer -o job-quota-period=604800 -o job-page-limit=100 ENTER
Or, you can combine all three options on the same line.
The -u option of the lpadmin command
controls which users can print to a printer. The default configuration
allows all users to print to a printer:
/usr/sbin/lpadmin -p printer -u allow:all ENTER
CUPS supports allow and deny lists so that you can specify a list of users who are allowed to print or not allowed to print. Along with your list of users, you can specify whether they are allowed or not allowed to use the printer:
/usr/sbin/lpadmin -p printer -u allow:peter,paul,mary ENTER
This command allows peter, paul, and mary to print to the named printer, but all other users cannot print. The command:
/usr/sbin/lpadmin -p printer -u deny:peter,paul,mary ENTER
has the opposite effect. All users except peter, paul, and mary will be able to print to the named printer.
You can control access by UNIX groups as well by placing an "@" character before each group name. The command:
/usr/sbin/lpadmin -p printer -u allow:peter,paul,mary,@printgods ENTER
allows the users peter, paul, and mary to print, as well as any user in the printgods group to print.
| NOTE:
The allow and deny options are not cummulative. That is, you must provide the complete list of users to allow or deny each time. Also, CUPS only maintains one list of users - the list can allow or deny users from printing. If you specify an allow list and then specify a deny list, the deny list will replace the allow list - only one list is active at any time. |
The Web interface is located at:
http://localhost:631/admin
From there you can perform all printer management tasks with a few simple mouse clicks.
This chapter describes what printer classes are and how to manage them.
CUPS provides collections of printers called printer classes. Jobs sent to a class are forwarded to the first available printer in the class. Classes can themselves be members of other classes, so it is possible for you to define very large, distributed printer classes for high-availability printing.
CUPS also supports implicit classes. Implicit classes work just like printer classes, but they are created automatically based upon the available printers and classes on the network. This allows you to setup multiple print servers with identical printer configurations and have the client machines send their print jobs to the first available server. If one or more servers go down, the jobs are automatically redirected to the servers that are running, providing fail-safe printing.
Run the lpadmin command with the -p and
-c options to add a printer to a class:
/usr/sbin/lpadmin -p printer -c class ENTER
The class is created automatically if it doesn't exist. To
remove a printer from a class use the -r option:
/usr/sbin/lpadmin -p printer -r class ENTER
To remove the entire class just use the -x option:
/usr/sbin/lpadmin -x class ENTER
The Web interface is located at:
http://localhost:631/admin
The Add Class and Modify Class interfaces provide a list of available printers; click on the printers of interest to add them to the class.
A noted earlier, implicit classes are created automatically from the
available network printers and classes. To disable this functionality,
set the ImplicitClasses
directive to Off in the cupsd.conf file. You
will find more information on doing this in
Chapter 6, "Printing System Management".
This chapter discusses several ways to configure CUPS clients for printing.
A client is any machine that sends print jobs to another machine for final printing. Clients can also be servers if they communicate directly with any printers of their own.
CUPS supports several methods of configuring client machines:
The most tedious method of configuring client machines is to
configure each remote queue by hand using the lpadmin
command:
lpadmin -p printer -E -v ipp://server/printers/printer ENTER
The printer name is the name of the printer on the
server machine. The server name is the hostname or IP
address of the server machine. Repeat the lpadmin command
for each remote printer you wish to use.
| NOTE:
Manual configuration of print queues is not recommended for large numbers of client machines because of the administration nightmare it creates. For busy networks, consider subnetting groups of clients and polling and relaying printer information instead. |
CUPS can be configured to run without a local spooler and send all jobs to a single server. However, if that server goes down then all printing will be disabled. Use this configuration only as absolutely needed.
The default server is normally "localhost". To override the default server create a file named /etc/cups/client.conf and add a line reading:
ServerName server
to the file. The server name can be the hostname or IP address of the default server.
The default server can also be customized on a per-user basis. To set a user-specific server create a file named ~/.cupsrc and add a line reading:
ServerName server
to the file. The server name can be the hostname or IP address of the default server.
CUPS supports automatic client configuration of printers on the same subnet. To configure printers on the same subnet, do nothing. Each client should see the available printers within 30 seconds automatically. The printer and class lists are updated automatically as printers and servers are added or removed.
If you want to see printers on other subnets as well, use the
BrowsePoll directive as described next.
| NOTE:
The Use the |
If you have CUPS servers on different subnets, then you should configure CUPS to poll those servers. Polling provides the benefits of automatic configuration without significant configuration on the clients, and multiple clients on the same subnet can share the same configuration information.
Polling is enabled by specifying one or more
BrowsePoll directives in the /etc/cups/cupsd.conf
file. For information on making these changes, see
Chapter 6, "Printing System Management".
Multiple BrowsePoll lines can
be used to poll multiple CUPS servers. To limit the amount of polling
you do from client machines, you can have only one of the clients do
the polling and relay that information to the others on the same subnet
(described next).
When you have clients and servers spread across multiple subnets, the
polling method is inefficient. CUPS provides a
BrowseRelay directive that enables a single client to relay
(broadcast) the polled printer information to the local subnet.
For example, Server A and Server B are on subnet 1 and subnet 2, while the clients are on subnet 3. To provide printers to all of the clients in subnet 3, client C will be configured with the following directives in /etc/cups/cupsd.conf:
# Poll the two servers BrowsePoll ServerA ENTER BrowsePoll ServerB ENTER # Relay the printers to the local subnet BrowseRelay 127.0.0.1 192.168.3.255 ENTER
The BrowseRelay line
specifies a source address and mask. Any browse packets coming from a
matching address wil be sent to the given broadcast address. In this
case, we want the packets from the local machine (127.0.0.1) relayed to
the other clients.
As printers are found using polling, they are relayed from client C to the rest of the clients through a broadcast on subnet 3. The rest of the clients can use the standard cupsd.conf configuration.
The BrowseRelay directive can
also be used to relay browsing packets from one network interface to
another. For example, if client C in the previous example had network
interfaces attaches to both subnet 1 and subnet 2, it could use the
BrowseRelay directive exclusively:
# Relay the printers from subnet 1 and 2 to subnet 3 BrowseRelay 192.168.1 192.168.3.255 ENTER BrowseRelay 192.168.2 192.168.3.255 ENTER
When using server polling or broadcasting, CUPS clients can automatically merge identical printers on multiple servers into a single implicit class queue. Clients assume that printers with the same name on multiple servers are in fact the same printer or type of printer being served by multiple machines.
If you have two printers, LaserJet@ServerA and LaserJet@ServerB, a
third implicit class called LaserJet will be created
automatically on the client that refers to both printers. If the client
also has a local printer with the name LaserJet and the
ImplicitAnyClasses directive is enabled, then an
implicit class named AnyLaserJet will be created instead.
Otherwise, the local printer will prevent the creation of an implicit
class, since CUPS will assume that the local printer will always be
more available than a remote one.
The client will alternate between servers and automatically stop sending jobs to a server if it goes down, providing a load-balancing effect and fail-safe operation with automatic switchover.
| NOTE:
Note that implicit classes ( |
This chapter shows how you can configure the CUPS server.
Several text files are used to configure CUPS. All of the server configuration files are located in the /etc/cups directory:
lpadmin command or the Web
interface.
lpadmin command or the Web
Interface.
Once you have made a change to a configuration file you need to
restart the CUPS server by sending it a HUP signal or
using the supplied initialization script. The CUPS distributions
install the script in the init.d directory with the name
cups. The location varies based upon the operating system:
/etc/software/init.d/cups restart ENTER /etc/rc.d/init.d/cups restart ENTER /etc/init.d/cups restart ENTER /sbin/init.d/cups restart ENTER
The /etc/cups/cupsd.conf file contains configuration directives that control how the server functions. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line. Since the server configuration file consists of plain text, you can use your favorite text editor to make changes to it.
The cupsd.conf file contains many directives that determine how the server operates:
AccessLog /var/log/cups/access_log AccessLog /var/log/cups/access_log-%s AccessLog syslog
The AccessLog directive sets the name of the access log
file. If the filename is not absolute then it is assumed to be relative
to the ServerRoot directory. The
access log file is stored in "common log format" and can be used by any
web access reporting tool to generate a report on CUPS server activity.
The server name can be included in the filename by using %s
in the name.
The special name "syslog" can be used to send the access information to the system log instead of a plain file.
The default access log file is /var/log/cups/access_log.
Allow from All Allow from None Allow from *.domain.com Allow from .domain.com Allow from host.domain.com Allow from nnn.* Allow from nnn.nnn.* Allow from nnn.nnn.nnn.* Allow from nnn.nnn.nnn.nnn Allow from nnn.nnn.nnn.nnn/mm Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Allow from @LOCAL Allow from @IF(name)
The Allow directive specifies a hostname, IP address, or
network that is allowed access to the server. Allow
directives are cummulative, so multiple Allow directives
can be used to allow access for multiple hosts or networks. The
/mm notation specifies a CIDR netmask:
| mm | netmask | mm | netmask |
|---|---|---|---|
| 0 | 0.0.0.0 | 8 | 255.0.0.0 |
| 1 | 128.0.0.0 | 16 | 255.255.0.0 |
| 2 | 192.0.0.0 | 24 | 255.255.255.0 |
| ... | ... | 32 | 255.255.255.255 |
The @LOCAL name will allow access from all local network
interfaces, but not remote point-to-point interfaces. The
@IF(name) name will allow access from the named interface.
The Allow directive must appear inside a
Location directive.
AuthClass Anonymous AuthClass User AuthClass System AuthClass Group
The AuthClass directive defines what level of
authentication is required:
Anonymous - No authentication should be performed
(default.)User - A valid username and password is required.System - A valid username and password is required, and
the username must belong to the "sys" group; this can be changed using
the SystemGroup directive.Group - A valid username and password is required, and
the username must belong to the group named by the AuthGroupName
directive.The AuthClass directive must appear inside a
Location directive.
AuthGroupName mygroup AuthGroupName lp
The AuthGroupName directive sets the group to use for
Group authentication.
The AuthGroupName directive must appear inside a
Location directive.
AuthType None AuthType Basic AuthType Digest AuthType BasicDigest
The AuthType directive defines the type of
authentication to perform:
None - No authentication should be performed (default.)Basic - Basic authentication should be performed using
the UNIX password and group files.Digest - Digest authentication should be performed
using the /etc/cups/passwd.md5 file.BasicDigest - Basic authentication should be performed
using the /etc/cups/passwd.md5 file.When using Basic, Digest, or
BasicDigest authentication, clients connecting through the
localhost interface can also authenticate using
certificates.
The AuthType directive must appear inside a
Location directive.
AutoPurgeJobs Yes AutoPurgeJobs No
The AutoPurgeJobs directive specifies whether or not to
purge completed jobs once they are no longer required for quotas. This
option has no effect if quotas are not enabled. The default setting is
No.
BrowseAddress 255.255.255.255:631 BrowseAddress 192.0.2.255:631 BrowseAddress host.domain.com:631 BrowseAddress @LOCAL BrowseAddress @IF(name)
The BrowseAddress directive specifies an address to send
browsing information to. Multiple BrowseAddress directives
can be specified to send browsing information to different networks or
systems.
The @LOCAL name will broadcast printer information to
all local interfaces. The @IF(name) name will broadcast to
the named interface.
No browse addresses are set by default.
| NOTE:
If you are using HP-UX 10.20 and a subnet that is not 24, 16, or 8 bits, printer browsing (and in fact all broadcast reception) will not work. This problem appears to be fixed in HP-UX 11.0. |
BrowseAllow from all BrowseAllow from none BrowseAllow from 192.0.2 BrowseAllow from 192.0.2.0/24 BrowseAllow from 192.0.2.0/255.255.255.0 BrowseAllow from *.domain.com BrowseAllow from @LOCAL BrowseAllow from @IF(name)
The BrowseAllow directive specifies a system or network
to accept browse packets from. The default is to accept browse packets
from all hosts.
Host and domain name matching require that you enable the
HostNameLookups directive.
IP address matching supports exact matches, partial addresses that match networks using netmasks of 255.0.0.0, 255.255.0.0, and 255.255.255.0, or network addresses using the specified netmask or bit count.
The @LOCAL name will allow browse data from all local
network interfaces, but not remote point-to-point interfaces. The
@IF(name) name will allow browse data from the named interface.
BrowseDeny from all BrowseDeny from none BrowseDeny from 192.0.2 BrowseDeny from 192.0.2.0/24 BrowseDeny from 192.0.2.0/255.255.255.0 BrowseDeny from *.domain.com BrowseDeny from @LOCAL BrowseDeny from @IF(name)
The BrowseDeny directive specifies a system or network
to reject browse packets from. The default is to deny browse packets
from no hosts.
Host and domain name matching require that you enable the
HostNameLookups directive.
IP address matching supports exact matches, partial addresses that match networks using netmasks of 255.0.0.0, 255.255.0.0, and 255.255.255.0, or network addresses using the specified netmask or bit count.
The @LOCAL name will block browse data from all local
network interfaces, but not remote point-to-point interfaces. The
@IF(name) name will block browse data from the named interface.
BrowseInterval 0 BrowseInterval 30
The BrowseInterval directive specifies the maximum
amount of time between browsing updates. Specifying a value of 0
seconds disables outgoing browse updates but allows a server to receive
printer information from other hosts.
The BrowseInterval value should always be less than the BrowseTimeout value. Otherwise
printers and classes will disappear from client systems between
updates.
BrowseOrder allow,deny BrowseOrder deny,allow
The BrowseOrder directive specifies the order of
allow/deny processing. The default order is deny,allow:
allow,deny - Browse packets are accepted unless
specifically denied.deny,allow - Browse packets are rejected unless
specifically allowed.BrowsePoll 192.0.2.2:631 BrowsePoll host.domain.com:631
The BrowsePoll directive polls a server for available
printers once every BrowseInterval
seconds. Multiple BrowsePoll directives can be
specified to poll multiple servers.
If BrowseInterval is set to 0 then the server is polled
once every 30 seconds.
BrowsePort 631 BrowsePort 9999
The BrowsePort directive specifies the UDP port number
used for browse packets. The default port number is 631.
| NOTE:
You must set the |
BrowseProtocols CUPS BrowseProtocols SLP BrowseProtocols CUPS SLP BrowseProtocols all
The BrowseProtocols directive specifies the protocols to
use when collecting and distributing shared printers on the local
network. The default protocol is CUPS, which is a
broadcast-based protocol.
| NOTE:
When using the |
BrowseRelay 193.0.2.1 192.0.2.255 BrowseRelay 193.0.2.0/255.255.255.0 192.0.2.255 BrowseRelay 193.0.2.0/24 192.0.2.255 BrowseRelay *.domain.com 192.0.2.255 BrowseRelay host.domain.com 192.0.2.255
The BrowseRelay directive specifies source and
destination addresses for relaying browsing information from one host
or network to another. Multiple BrowseRelay directives can
be specified as needed.
BrowseRelay is typically used on systems that bridge
multiple subnets using one or more network interfaces. It can also be
used to relay printer information from polled servers with the line:
BrowseRelay 127.0.0.1 255.255.255.255
This effectively provides access to printers on a WAN for all clients on the LAN(s).
BrowseShortNames Yes BrowseShortNames No
The BrowseShortNames directive specifies whether or not
short names are used for remote printers when possible. Short names are
just the remote printer name, without the server ("printer"). If more
than one remote printer is detected with the same name, the printers
will have long names ("printer@server1", "printer@server2".)
The default value for this option is Yes.
BrowseTimeout 300 BrowseTimeout 60
The BrowseTimeout directive sets the timeout for printer
or class information that is received in browse packets. Once a printer
or class times out it is removed from the list of available
destinations.
The BrowseTimeout value should always be greater than
the BrowseInterval value.
Otherwise printers and classes will disappear from client systems
between updates.
Browsing On Browsing Off
The Browsing directive controls whether or not network
printer browsing is enabled. The default setting is On.
| NOTE:
If you are using HP-UX 10.20 and a subnet that is not 24, 16, or 8 bits, printer browsing (and in fact all broadcast reception) will not work. This problem appears to be fixed in HP-UX 11.0. |
Classification Classification classified Classification confidential Classification secret Classification topsecret Classification unclassified
The Classification directive sets the classification
level on the server. When this option is set, at least one of the
banner pages is forced to the classification level, and the
classification is placed on each page of output. The default is no
classification level.
ClassifyOverride Yes ClassifyOverride No
The ClassifyOverride directive specifies whether users
can override the default classification level on the server. When the
server classification is set, users can change the classification using
the job-sheets option and can choose to only print one
security banner before or after the job. If the job-sheets
option is set to none then the server default
classification is used.
The default is to not allow classification overrides.
ConfigFilePerm 0644 ConfigFilePerm 0600
The ConfigFilePerm directive specifies the permissions
to use when writing configuration files. The default is 0600.
DataDir /usr/share/cups
The DataDir directive sets the directory to use for data
files.
DefaultCharset utf-8 DefaultCharset iso-8859-1 DefaultCharset windows-1251
The DefaultCharset directive sets the default character
set to use for client connections. The default character set is
utf-8 but is overridden by the character set for the language
specified by the client or the DefaultLanguage directive.
DefaultLanguage de DefaultLanguage en DefaultLanguage es DefaultLanguage fr DefaultLanguage it
The DefaultLanguage directive specifies the default
language to use for client connections. Setting the default language
also sets the default character set if a language localization file
exists for it. The default language is "en" for English.
Deny from All Deny from None Deny from *.domain.com Deny from .domain.com Deny from host.domain.com Deny from nnn.* Deny from nnn.nnn.* Deny from nnn.nnn.nnn.* Deny from nnn.nnn.nnn.nnn Deny from nnn.nnn.nnn.nnn/mm Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Deny from @LOCAL Deny from @IF(name)
The Deny directive specifies a hostname, IP address, or
network that is allowed access to the server. Deny
directives are cummulative, so multiple Deny directives
can be used to allow access for multiple hosts or networks. The
/mm notation specifies a CIDR netmask:
| mm | netmask | mm | netmask |
|---|---|---|---|
| 0 | 0.0.0.0 | 8 | 255.0.0.0 |
| 1 | 128.0.0.0 | 16 | 255.255.0.0 |
| 2 | 192.0.0.0 | 24 | 255.255.255.0 |
| ... | ... | 32 | 255.255.255.255 |
The @LOCAL name will deny access from all local network
interfaces, but not remote point-to-point interfaces. The
@IF(name) name will deny access from the named interface.
The Deny directive must appear inside a
Location directive.
DocumentRoot /usr/share/doc/cups DocumentRoot /foo/bar/doc/cups
The DocumentRoot directive specifies the location of web
content for the HTTP server in CUPS. If an absolute path is not
specified then it is assumed to be relative to the
ServerRoot directory. The default directory is
/usr/share/doc/cups.
Documents are first looked up in a sub-directory for the primary
language requested by the client (e.g. /usr/share/doc/cups/fr/...
) and then directly under the DocumentRoot directory (e.g.
/usr/share/doc/cups/...), so it is possible to localize the web
content by providing subdirectories for each language needed.
Encryption Never Encryption IfRequested Encryption Required
The Encryption directive must appear instead a
Location section and specifies the encryption settings
for that location. The default setting is IfRequested for
all locations.
ErrorLog /var/log/cups/error_log ErrorLog /var/log/cups/error_log-%s ErrorLog syslog
The ErrorLog directive sets the name of the error log
file. If the filename is not absolute then it is assumed to be relative
to the ServerRoot directory. The
default error log file is /var/log/cups/error_log.
The server name can be included in the filename by using %s
in the name.
The special name "syslog" can be used to send the error information to the system log instead of a plain file.
FaxRetryInterval 300 FaxRetryInterval 30
The FaxRetryInterval directive determines how often fax
print jobs are retried when the backend is unable to send the fax. The
value is the number of seconds between tries.
The default setting is 300 seconds.
FaxRetryLimit 5 FaxRetryLimit 100
The FaxRetryLimit directive determines how many times a
fax job is retried before it is canceled.
The default setting is 5.
FileDevice Yes FileDevice No
The FileDevice directive determines whether the
scheduler allows new printers to be added using device URIs of the form
file:/filename. File devices are most often used to test
new printer drivers and do no support raw file printing.
The default setting is No.
| Note:
File devices are managed by the scheduler. Since the scheduler
normally runs as the root user, file devices can be used to overwrite
system files and potentially gain unauthorized access to the system. If
you must create printers using file devices, we recommend that you set
the |
FilterLimit 0 FilterLimit 200 FilterLimit 1000
The FilterLimit directive sets the maximum cost of all
running job filters. It can be used to limit the number of filter
programs that are run on a server to minimize disk, memory, and CPU
resource problems. A limit of 0 disables filter limiting.
An average print to a non-PostScript printer needs a filter limit of about 200. A PostScript printer needs about half that (100). Setting the limit below these thresholds will effectively limit the scheduler to printing a single job at any time.
The default limit is 0.
FilterNice 0 FilterNice 39 FilterNice -10
The FilterNice directive sets the scheduling priority of
job filters. Values larger than 0 give filters a lower priority while
values smaller than 0 give filters a higher priority. The
FilterNice value does not affect the priority of job backends.
The default priority is 0.
FontPath /foo/bar/fonts FontPath /usr/share/cups/fonts:/foo/bar/fonts
The FontPath directive specifies the font path to use
when searching for fonts. The default font path is
/usr/share/cups/fonts.
Group sys Group system Group root
The Group directive specifies the UNIX group that filter
and CGI programs run as. The default group is sys,
system, or root depending on the operating system.
HideImplicitMembers Yes HideImplicitMembers No
The HideImplicitMembers directive controls whether the
individual printers in an implicit class are shown to the user. The
default is No.
ImplicitClasses must be
enabled for this directive to have any effect.
HostNameLookups On HostNameLookups Off HostNameLookups Double
The HostNameLookups directive controls whether or not
CUPS looks up the hostname for connecting clients. The Double
setting causes CUPS to verify that the hostname resolved from the
address matches one of the addresses returned for that hostname.
Double lookups also prevent clients with unregistered addresses
from connecting to your server. The default is Off to
avoid the potential server performance problems with hostname lookups.
Set this option to On or Double only if
absolutely required.
ImplicitAnyClasses On ImplicitAnyClasses Off
The ImplicitAnyClasses directive controls whether
implicit classes for local and remote printers are created with the
name AnyPrinter. The default setting is Off.
ImplicitClasses must be
enabled for this directive to have any effect.
ImplicitClasses On ImplicitClasses Off
The ImplicitClasses directive controls whether implicit
classes are created based upon the available network printers and
classes. The default setting is On but is automatically
turned Off if Browsing
is turned Off.
Include filename Include /foo/bar/filename
The Include directive includes the named file in the
cupsd.conf file. If no leading path is provided, the file is
assumed to be relative to the ServerRoot
directory.
KeepAlive On KeepAlive Off
The KeepAlive directive controls whether or not to
support persistent HTTP connections. The default is On.
HTTP/1.1 clients automatically support persistent connections, while
HTTP/1.0 clients must specifically request them using the
Keep-Alive attribute in the Connection: field of
each request.
KeepAliveTimeout 60 KeepAliveTimeout 30
The KeepAliveTimeout directive controls how long a
persistent HTTP connection will remain open after the last request. The
default is 60 seconds.
<Limit GET POST> ... </Limit> <Limit ALL> ... </Limit>
The Limit directive groups access control directives for
specific types of HTTP requests and must appear inside a
Location section. Access can be limited for individual
request types (DELETE, GET, HEAD
, OPTIONS, POST, PUT, and
TRACE) or for all request types (ALL). The request
type names are case-sensitive for compatibility with Apache.
<LimitExcept GET POST> ... </LimitExcept>
The LimitExcept directive groups access control
directives for specific types of HTTP requests and must appear inside a Location section. Unlike the
Limit directive, LimitExcept restricts
access for all requests except those listed on the
LimitExcept line.
LimitRequestBody 10485760 LimitRequestBody 10m LimitRequestBody 0
The LimitRequestBody directive controls the maximum size
of print files, IPP requests, and HTML form data in HTTP POST requests.
The default limit is 0 which disables the limit check.
Also see the identical MaxRequestSize
directive.
Listen 127.0.0.1:631 Listen 192.0.2.1:631
The Listen directive specifies a network address and
port to listen for connections. Multiple Listen directives
can be provided to listen on multiple addresses.
The Listen directive is similar to the
Port directive but allows you to restrict access to specific
interfaces or networks.
<Location /> ... </Location> <Location /admin> ... </Location> <Location /printers> ... </Location> <Location /printers/name> ... </Location> <Location /classes> ... </Location> <Location /classes/name> ... </Location>
The Location directive specifies access control and
authentication options for the specified HTTP resource or path. The
Allow, AuthClass
, AuthGroupName,
AuthType, Deny,
Encryption, Limit,
LimitExcept, Order, Require, and
Satisfy directives may all appear inside a location.
| Location | Description |
|---|---|
| / | The path for all get operations (get-printers, get-jobs, etc.) |
| /admin | The path for all administration operations (add-printer, delete-printer, start-printer, etc.) |
| /admin/conf | The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.) |
| /classes | The path for all classes |
| /classes/name | The resource for class name |
| /jobs | The path for all jobs (hold-job, release-job, etc.) |
| /jobs/id | The resource for job id |
| /printers | The path for all printers |
| /printers/name | The path for printer name |
| /printers/name.ppd | The PPD file path for printer
name |
Note that more specific resources override the less specific ones. So
the directives inside the /printers/name location will
override ones from /printers. Directives inside
/printers will override ones from /. None of the
directives are inherited. More information can be found in section
"Printing System Security".
LogFilePerm 0644 LogFilePerm 0600
The LogFilePerm directive specifies the permissions to
use when writing configuration files. The default is 0644.
LogLevel none LogLevel emerg LogLevel alert LogLevel crit LogLevel error LogLevel warn LogLevel notice LogLevel info LogLevel debug LogLevel debug2
The LogLevel directive specifies the level of logging
for the ErrorLog file. The
following values are recognized (each level logs everything under the
preceding levels):
none - Log nothing.emerg - Log emergency conditions that prevent the
server from running.alert - Log alerts that must be handled immediately.crit - Log critical errors that don't prevent the
server from running.error - Log general errors.warn - Log errors and warnings.notice - Log temporary error conditions.info - Log all requests and state changes (default).debug - Log basic debugging information.debug2 - Log all debugging information.MaxClients 100 MaxClients 1024
The MaxClients directive controls the maximum number of
simultaneous clients that will be allowed by the server. The default is
100 clients.
| NOTE:
Since each print job requires a file descriptor for the status pipe,
the CUPS server internally limits the |
MaxClientsPerHost 0 MaxClientsPerHost 10
The MaxClientsPerHost directive controls the maximum
number of simultaneous clients that will be allowed from a single host
by the server. The default is the MaxClients value. A
value of 0 uses the automatic setting based on the MaxClients
value.
This directive provides a small measure of protection against Denial of Service attacks from a single host.
MaxCopies 100 MaxCopies 65535
The MaxCopies directive controls the maximum number of
copies that a user can print of a job. The default is 100 copies.
| NOTE:
Most HP PCL laser printers internally limit the number of copies to 100. |
MaxJobs 100 MaxJobs 9999 MaxJobs 0
The MaxJobs directive controls the maximum number of
jobs that are kept in memory. Once the number of jobs reaches the
limit, the oldest completed job is automatically purged from the system
to make room for the new one. If all of the known jobs are still
pending or active then the new job will be rejected.
Setting the maximum to 0 disables this functionality. The default setting is 500.
MaxJobsPerPrinter 100 MaxJobsPerPrinter 9999 MaxJobsPerPrinter 0
The MaxJobsPerPrinter directive controls the maximum
number of active jobs that are allowed for each printer or class. Once
a printer or class reaches the limit, new jobs will be rejected until
one of the active jobs is completed, stopped, aborted, or cancelled.
Setting the maximum to 0 disables this functionality. The default setting is 0.
MaxJobsPerUser 100 MaxJobsPerUser 9999 MaxJobsPerUser 0
The MaxJobsPerUser directive controls the maximum number
of active jobs that are allowed for each user. Once a user reaches the
limit, new jobs will be rejected until one of the active jobs is
completed, stopped, aborted, or cancelled.
Setting the maximum to 0 disables this functionality. The default setting is 0.
MaxLogSize 1048576 MaxLogSize 1m MaxLogSize 0
The MaxLogSize directive controls the maximum size of
each log file. Once a log file reaches or exceeds the maximum size it
is closed and renamed to filename.O. This allows you to
rotate the logs automatically. The default size is 1048576 bytes (1MB).
Setting the maximum size to 0 disables log rotation.
MaxRequestSize 10485760 MaxRequestSize 10m MaxRequestSize 0
The MaxRequestSize directive controls the maximum size
of print files, IPP requests, and HTML form data in HTTP POST requests.
The default limit is 0 which disables the limit check.
Also see the identical
LimitRequestBody directive.
Order Allow,Deny Order Deny,Allow
The Order directive defines the default access control.
The following values are supported:
Allow,Deny - Allow requests from all systems except
for those listed in a Deny directive.Deny,Allow - Allow requests only from those listed in
an Allow directive.The Order directive must appear inside a
Location directive.
PageLog /var/log/cups/page_log PageLog /var/log/cups/page_log-%s PageLog syslog
The PageLog directive sets the name of the page log
file. If the filename is not absolute then it is assumed to be relative
to the ServerRoot directory. The
default page log file is /var/log/cups/page_log.
The server name can be included in the filename by using %s
in the name.
The special name "syslog" can be used to send the page information to the system log instead of a plain file.
Port 631 Port 80
The Port directive specifies a port to listen on.
Multiple Port lines can be specified to listen on multiple
ports. The Port directive is equivalent to "Listen
*:nnn". The default port is 631.
PreserveJobFiles On PreserveJobFiles Off
The PreserveJobFiles directive controls whether the
document files of completed, cancelled, or aborted print jobs are
stored on disk.
A value of On preserves job files until the
administrator purges them with the cancel command. Jobs
can be restarted (and reprinted) as desired until they are purged.
A value of Off (the default) removes the job files as
soon as each job is completed, cancelled, or aborted.
PreserveJobHistory On PreserveJobHistory Off
The PreserveJobHistory directive controls whether the
history of completed, cancelled, or aborted print jobs is stored on
disk.
A value of On (the default) preserves job information
until the administrator purges it with the cancel command.
A value of Off removes the job information as soon as
each job is completed, cancelled, or aborted.
Printcap Printcap /etc/printcap Printcap /etc/printers.conf
The Printcap directive controls whether or not a
printcap file is automatically generated and updated with a list of
available printers. If specified with no value, then no printcap file
will be generated. The default is to generate a file named
/etc/printcap.
When a filename is specified (e.g. /etc/printcap), the printcap file is written whenever a printer is added or removed. The printcap file can then be used by applications that are hardcoded to look at the printcap file for the available printers.
PrintcapFormat BSD PrintcapFormat Solaris
The PrintcapFormat directive controls the output format
of the printcap file. The default is to generate a BSD printcap file.
PrintcapGUI /usr/bin/glpoptions
The PrintcapGUI directive sets the program to use when
displaying an option panel from an IRIX application that uses the
Impressario print API. The default program is the ESP Print Pro
"glpoptions" GUI.
The program must accept the -d option to specify a
printer and the -o option to specify one or more options.
After allowing the user to select/change options, the program must then
write the list of printing options without the -o to the
standard output.
RemoteRoot remroot RemoteRoot root
The RemoteRoot directive sets the username for
unauthenticated root requests from remote hosts. The default username
is remroot. Setting RemoteRoot to root
effectively disables this security mechanism.
RequestRoot /var/spool/cups RequestRoot /foo/bar/spool/cups
The RequestRoot directive sets the directory for
incoming IPP requests and HTML forms. If an absolute path is not
provided then it is assumed to be relative to the
ServerRoot directory. The default request directory is
/var/spool/cups.
Require group foo bar Require user john mary Require valid-user
The Require directive specifies that authentication is
required for the resource. The group keyword specifies
that the authenticated user must be a member of one or more of the
named groups that follow.
The user keyboard specifies that the authenticated user
must be one of the named users that follow.
The valid-user keyword specifies that any authenticated
user may access the resource.
The default is to do no authentication. This directive must appear
inside a Location directive.
RIPCache 8m RIPCache 1g RIPCache 2048k
The RIPCache directive sets the size of the memory cache
used by Raster Image Processor ("RIP") filters such as
imagetoraster and pstoraster. The size can be
suffixed with a "k" for kilobytes, "m" for megabytes, or "g" for
gigabytes. The default cache size is "8m", or 8 megabytes.
RootCertDuration 300 RootCertDuration 0
The RootCertDuration directive controls the interval
between updates of the root authentication certificate. The default is
300 seconds which updates the root certificate approximately once
every 5 minutes. Set the interval to 0 to disable certificate updates
entirely.
RunAsUser Yes RunAsUser No
The RunAsUser directive controls whether the scheduler
runs as the unpriviledged user account (usually lp). The
default is No which leaves the scheduler running as the
root user.
Note: Running as a non-priviledged user may prevent LPD and
locally connected printers from working due to permission problems. The
lpd backend will automatically use a non-priviledged mode
that is not 100% compliant with RFC 1179. The parallel,
serial, and usb backends will need write access to
the corresponding device files.
Satisfy all Satisfy any
The Satisfy directive specifies whether all conditions
must be satisfied to allow access to the resource. If set to all
, then all authentication and access control conditions must be satified
to allow access.
Setting Satisfy to any allows a user to
gain access if the authentication or access control requirements are
satisfied. For example, you might require authentication for remote
access, but allow local access without authentication.
The default is all. This directive must appear inside a Location directive.
ServerAdmin user@host ServerAdmin root@foo.bar.com
The ServerAdmin directive identifies the email address
for the administrator on the system. By default the administrator email
address is root@server, where server is the
server name.
ServerBin /usr/lib/cups ServerBin /foo/bar/lib/cups
The ServerBin directive sets the directory for
server-run executables. If an absolute path is not provided then it is
assumed to be relative to the ServerRoot
directory. The default executable directory is /usr/lib/cups
.
ServerCertificate /etc/cups/ssl/server.crt
The ServerCertificate directive specifies the location
of the SSL certificate file used by the server when negotiating
encrypted connections. The certificate must not be encrypted (password
protected) since the scheduler normally runs in the background and will
be unable to ask for a password. The default certificate file is
/etc/cups/ssl/server.crt.
ServerKey /etc/cups/ssl/server.key
The ServerKey directive specifies the location of the
SSL private key file used by the server when negotiating encrypted
connections. The default key file is /etc/cups/ssl/server.crt
.
ServerName foo.domain.com ServerName myserver.domain.com
The ServerName directive specifies the hostname that is
reported to clients. By default the server name is the hostname.
ServerRoot /etc/cups ServerRoot /foo/bar/cups
The ServerRoot directive specifies the absolute path to
the server configuration and state files. It is also used to resolve
relative paths in the cupsd.conf file. The default server
directory is /etc/cups.
SSLListen 127.0.0.1:443 SSLListen 192.0.2.1:443
The SSLListen directive specifies a network address and
port to listen for secure connections. Multiple SSLListen
directives can be provided to listen on multiple addresses.
The SSLListen directive is similar to the
SSLPort directive but allows you to restrict access to
specific interfaces or networks.
SSLPort 443
The SSLPort directive specifies a port to listen on for
secure connections. Multiple SSLPort lines can be
specified to listen on multiple ports.
SystemGroup sys SystemGroup system SystemGroup root
The SystemGroup directive specifies the system
administration group for System authentication. More
information can be found later in this chapter in
"Printing System Security".
TempDir /var/tmp TempDir /foo/bar/tmp
The TempDir directive specifies an absolute path for the
directory to use for temporary files. The default directory is
/var/tmp.
Temporary directories must be world-writable and should have the "sticky" permission bit enabled so that other users cannot delete filter temporary files. The following commands will create an appropriate temporary directory called /foo/bar/tmp:
mkdir /foo/bar/tmp ENTER chmod a+rwxt /foo/bar/tmp ENTER
Timeout 300 Timeout 90
The Timeout directive controls the amount of time to
wait before an active HTTP or IPP request times out. The default
timeout is 300 seconds.
User lp User guest
The User directive specifies the UNIX user that filter
and CGI programs run as. The default user is lp.
The CUPS client application (lp, lpr, and
so forth) use the /etc/cups/client.conf file for default
settings. The client application also look in the user's home directory
for a file called .cupsrc. Each directive is listed on a
line by itself followed by its value. Comments are introduced using the
number sign ("#") character at the beginning of a line.
Since the client configuration file consists of plain text, you can use your favorite text editor to make changes to it.
The client.conf file contains many directives that determine how the client behaves:
Encryption Never Encryption IfRequested Encryption Required Encryption Always
The Encryption directive specifies the default
encryption settings for the client. The default setting is
IfRequested.
ServerName foo.bar.com ServerName 11.22.33.44
The ServerName directive specifies sets the remote
server that is to be used for all client operations. That is, it
redirects all client requests to the remote server. The default is to
use the local server ("localhost").
The CUPS scheduler (cupsd) uses the /etc/cups/printers.conf file to store the list of available printers. This file contains only locally defined printers, but not remote printers that are created automatically. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.
Since the printer configuration file consists of plain text, you can use your favorite text editor to make changes to it.
The printers.conf file contains many directives that determine how the printer behaves:
AcceptingAllowUserDefaultPrinterDenyUserDeviceURI |
InfoJobSheetsKLimitLocationPageLimit |
PrinterQuotaPeriodStateStateMessage |
Accepting yes Accepting no
The Accepting directive defines the initial Boolean
value for the printer-is-accepting-job attribute which can
be set by the accept and reject commands.
This directive must appear inside a Printer
or DefaultPrinter
directive.
AllowUser foo_user AllowUser bar_user
The AllowUser directive adds a username to the
requesting-user-name-allowed attribute which can be set by the
lpadmin -u command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
<DefaultPrinter name/> ... </Printer>
The DefaultPrinter directive begins a printer definition
for the default server destination. It can be added by the
lpadmin command or if already defined, set as default by the
lpoptions -d command.
DenyUser foo_user DenyUser bar_user
The DenyUser directive adds a username to the
requesting-user-name-allowed attribute which can be set by the
lpadmin -u command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
DeviceURI socket://foo.bar.com:9100
The DeviceURI directive defines the value of the
device-uri-attribute attribute which can be set by the
lpadmin -v command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
Info My Printer
The Info directive defines the string for the
printer-info attribute which can be set by the lpadmin -D
command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
JobSheets none,standard
The JobSheets directive specifies the default banner
pages to print before and after a print job. In the above example, only
a standard banner will print after each job.
The lpoptions -o job-sheets= command can be used to set
banners. For example, the following command would produce the same
results of a standard banner at the end of each print job
for the default printer.
If only one banner file is specified, it will be printed before the files in the job. If a second banner file is specified, it is printed after the files in the job.
The available banner pages depend on the local system configuration; CUPS includes the following banner files:
none - Do not produce a banner page.classified - A banner page with a "classified" label at
the top and bottom.confidential - A banner page with a "confidential"
label at the top and bottom.secret - A banner page with a "secret" label at the top
and bottom.standard - A banner page with no label at the top and
bottom.topsecret - A banner page with a "top secret" label at
the top and bottom.unclassified - A banner page with an "unclassified"
label at the top and bottom.This directive must appear inside a Printer
or DefaultPrinter
directive.
KLimit 1234
The KLimit directive defines the value of the
job-k-limit attribute which can be set by the lpadmin -o
job-k-limit= command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
Location Building 3321
The Location directive defines the string for the
printer-location attribute which can be set by the lpadmin
-L command.
| NOTE:
Do not confuse this |
This directive must appear inside a Printer
or DefaultPrinter
directive.
PageLimit 1234
The PageLimit directive defines the value of the
job-page-limit attribute which can be set by the lpadmin -o
job-page-limit= command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
<Printer name/> ... </Printer>
The Printer directive begins a printer definition. It
can be added by the lpadmin command.
QuotaPeriod 604800
The QuotaPeriod directive defines the value of the
job-quota-period attribute which can be set by the lpadmin
-o job-quota-period= command.
This directive must appear inside a Printer
or DefaultPrinter
directive.
State stopped
The State directive defines the initial value of the
printer-state attribute. The strings idle and
stopped correspond to the IPP enumeration values.
This directive must appear inside a Printer
or DefaultPrinter
directive.
StateMessage Ready to print.
The StateMessage directive defines the initial string
for the printer-state-message attribute. The following are
some example messages:
This directive must appear inside a Printer
or DefaultPrinter
directive.
The CUPS scheduler (cupsd) uses the /etc/cups/classes.conf file to store the list of available classes. This file contains only locally defined classes, but not remote or implicit classes that are created automatically. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.
Since the classes configuration file consists of plain text, you can use