Viewing file:  ref-cupsd-conf.html (73.28 KB) -rw-r--r--
Select action/file-type:
 (+) | (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
cupsd.conf
The /etc/cups/cupsd.conf file contains
configuration directives that control how the server
functions. Each directive is listed on a line by itself followed
by its value. Comments are introduced using the number sign ("#")
character at the beginning of a line.
Since the server configuration file consists of plain text,
you can use your favorite text editor to make changes to it.
After making any changes, restart the cupsd(8)
process using the startup script for your operating system:
You can also edit this file from the CUPS web interface, which
automatically handles restarting the scheduler.
Examples
AccessLog /var/log/cups/access_log
AccessLog /var/log/cups/access_log-%s
AccessLog syslog
Description
The AccessLog directive sets the name of the
access log file. If the filename is not absolute then it is
assumed to be relative to the ServerRoot directory. The
access log file is stored in "common log format" and can be used
by any web access reporting tool to generate a report on CUPS
server activity.
The server name can be included in the filename by using
%s in the name.
The special name "syslog" can be used to send the access
information to the system log instead of a plain file.
The default access log file is
/var/log/cups/access_log.
Examples
<Location /path>
...
Allow from All
Allow from None
Allow from *.domain.com
Allow from .domain.com
Allow from host.domain.com
Allow from nnn.*
Allow from nnn.nnn.*
Allow from nnn.nnn.nnn.*
Allow from nnn.nnn.nnn.nnn
Allow from nnn.nnn.nnn.nnn/mm
Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
Allow from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Allow from @LOCAL
Allow from @IF(name)
</Location>
Description
The Allow directive specifies a hostname, IP
address, or network that is allowed access to the server.
Allow directives are cummulative, so multiple
Allow directives can be used to allow access for
multiple hosts or networks. The /mm notation
specifies a CIDR netmask, as shown in Table 1.
Table 1: CIDR Netmasks
| mm |
netmask |
mm |
netmask |
| 0 |
0.0.0.0 |
8 |
255.0.0.0 |
| 1 |
128.0.0.0 |
16 |
255.255.0.0 |
| 2 |
192.0.0.0 |
24 |
255.255.255.0 |
| ... |
... |
32 |
255.255.255.255 |
The @LOCAL name will allow access from all local
interfaces. The @IF(name) name will allow access
from the named interface. In both cases, CUPS only allows access
from the network that the interface(s) are configured for -
requests arriving on the interface from a foreign network will
not be accepted.
The Allow directive must appear inside a Location or Limit section.
Examples
<Location /path>
...
AuthClass Anonymous
AuthClass User
AuthClass System
AuthClass Group
</Location>
Description
The AuthClass directive defines what level of
authentication is required:
Anonymous - No authentication should be
performed (default)User - A valid username and password is
requiredSystem - A valid username and password
is required, and the username must belong to the "sys"
group; this can be changed using the SystemGroup
directiveGroup - A valid username and password is
required, and the username must belong to the group named
by the AuthGroupName
directive
The AuthClass directive must appear inside a Location or Limit section.
This directive is deprecated and will be removed from a
future release of CUPS. Consider using the more flexible Require directive instead.
Examples
<Location /path>
...
AuthGroupName mygroup
AuthGroupName lp
</Location>
Description
The AuthGroupName directive sets the group to use
for Group authentication.
The AuthGroupName directive must appear inside a
Location or Limit section.
This directive is deprecated and will be removed from a
future release of CUPS. Consider using the more flexible Require directive instead.
Examples
<Location /path>
...
AuthType None
AuthType Basic
AuthType Digest
AuthType BasicDigest
AuthType Negotiate
</Location>
Description
The AuthType directive defines the type of
authentication to perform:
None - No authentication should be
performed (default)Basic - Basic authentication should be
performed using the UNIX password and group filesDigest - Digest authentication should be
performed using the /etc/cups/passwd.md5
fileBasicDigest - Basic authentication
should be performed using the
/etc/cups/passwd.md5 fileNegotiate - Kerberos authentication
should be performed
When using Basic, Digest,
BasicDigest, or Negotiate authentication,
clients connecting through the localhost interface can
also authenticate using certificates.
The AuthType directive must appear inside a Location or Limit section.
Examples
AutoPurgeJobs Yes
AutoPurgeJobs No
Description
The AutoPurgeJobs directive specifies whether or
not to purge completed jobs once they are no longer required for
quotas. This option has no effect if quotas are not enabled. The
default setting is No.
Examples
BrowseAddress 255.255.255.255:631
BrowseAddress 192.0.2.255:631
BrowseAddress host.domain.com:631
BrowseAddress @LOCAL
BrowseAddress @IF(name)
Description
The BrowseAddress directive specifies an address
to send browsing information to. Multiple
BrowseAddress directives can be specified to send
browsing information to different networks or systems.
The @LOCAL name will broadcast printer
information to all local interfaces. The @IF(name)
name will broadcast to the named interface.
There is no default browse address.
Note:
If you are using HP-UX 10.20 and a subnet that is not 24,
16, or 8 bits, printer browsing (and in fact all broadcast
reception) will not work. This problem appears to be fixed in
HP-UX 11.0.
Examples
BrowseAllow from all
BrowseAllow from none
BrowseAllow from 192.0.2
BrowseAllow from 192.0.2.0/24
BrowseAllow from 192.0.2.0/255.255.255.0
BrowseAllow from *.domain.com
BrowseAllow from @LOCAL
BrowseAllow from @IF(name)
Description
The BrowseAllow directive specifies a system or
network to accept browse packets from. The default is to accept
browse packets from all hosts.
Host and domain name matching require that you enable the HostNameLookups
directive.
IP address matching supports exact matches, partial addresses
that match networks using netmasks of 255.0.0.0, 255.255.0.0, and
255.255.255.0, or network addresses using the specified netmask
or bit count.
The @LOCAL name will allow browse data from all
local interfaces. The @IF(name) name will allow
browse data from the named interface. In both cases, CUPS only
allows data from the network that the interface(s) are configured
for - data arriving on the interface from a foreign network will
not be allowed.
Examples
BrowseDeny from all
BrowseDeny from none
BrowseDeny from 192.0.2
BrowseDeny from 192.0.2.0/24
BrowseDeny from 192.0.2.0/255.255.255.0
BrowseDeny from *.domain.com
BrowseDeny from @LOCAL
BrowseDeny from @IF(name)
Description
The BrowseDeny directive specifies a system or
network to reject browse packets from. The default is to not deny
browse packets from any hosts.
Host and domain name matching require that you enable the HostNameLookups
directive.
IP address matching supports exact matches, partial addresses
that match networks using netmasks of 255.0.0.0, 255.255.0.0, and
255.255.255.0, or network addresses using the specified netmask
or bit count.
The @LOCAL name will block browse data from all
local interfaces. The @IF(name) name will block
browse data from the named interface. In both cases, CUPS only
blocks data from the network that the interface(s) are configured
for - data arriving on the interface from a foreign network will
not be blocked.
Examples
BrowseInterval 0
BrowseInterval 30
Description
The BrowseInterval directive specifies the
maximum amount of time between browsing updates. Specifying a
value of 0 seconds disables outgoing browse updates but allows a
server to receive printer information from other hosts.
The BrowseInterval value should always be less
than the BrowseTimeout
value. Otherwise printers and classes will disappear from client
systems between updates.
Examples
BrowseLDAPBindDN foo
Description
The BrowseLDAPBindDN directive specifies the LDAP
domain name to use when listening for printer registrations. The
default is undefined.
Examples
BrowseLDAPDN bar
Description
The BrowseLDAPDN directive specifies the LDAP
domain name to use when registering local shared printers. The
default is undefined.
Examples
BrowseLDAPPassword foo123
Description
The BrowseLDAPPassword directive specifies the
access password to use when connecting to the LDAP server. The
default is undefined.
Examples
BrowseLDAPServer localhost
Description
The BrowseLDAPServer directive specifies the name
of the LDAP server to connect to. The default is undefined.
Examples
BrowseLocalOptions compression=yes
BrowseLocalOptions encryption=required
BrowseLocalOptions compression=yes&encryption=required
Description
The BrowseLocalOptions directive specifies
additional IPP backend options to advertise with local shared
printers. The default is to not include any options.
Examples
BrowseLocalProtocols all
BrowseLocalProtocols none
BrowseLocalProtocols cups
BrowseLocalProtocols dnssd
BrowseLocalProtocols ldap
BrowseLocalProtocols slp
BrowseLocalProtocols cups dnssd
Description
The BrowseLocalProtocols directive specifies the
protocols to use when advertising local shared printers on the
network. Multiple protocols can be specified by separating them
with spaces. The default is CUPS.
Examples
BrowseOrder allow,deny
BrowseOrder deny,allow
Description
The BrowseOrder directive specifies the order of
allow/deny processing. The default order is
deny,allow:
allow,deny - Deny browse packets by
default, then check BrowseAllow lines
followed by BrowseDeny lines.deny,allow - Allow browse packets by
default, then check BrowseDeny lines
followed by BrowseAllow lines.
Examples
BrowsePoll 192.0.2.2:631
BrowsePoll host.domain.com:631
Description
The BrowsePoll directive polls a server for
available printers once every BrowseInterval seconds.
Multiple BrowsePoll directives can be specified to
poll multiple servers.
If BrowseInterval is set to 0 then the server is
polled once every 30 seconds.
Examples
BrowsePort 631
BrowsePort 9999
Description
The BrowsePort directive specifies the UDP port number
used for browse packets. The default port number is 631.
Note:
You must set the BrowsePort to the same value
on all of the systems that you want to see.
Examples
BrowseProtocols all
BrowseProtocols none
BrowseProtocols cups
BrowseProtocols dnssd
BrowseProtocols ldap
BrowseProtocols slp
BrowseProtocols cups dnssd
Description
The BrowseProtocols directive specifies the
protocols to use when showing and advertising shared printers on
the local network. Multiple protocols can be specified by
separating them with spaces. The default protocol is
CUPS dnssd for
BrowseLocalProtocols and
CUPS for
BrowseRemoteProtocols.
Note:
When using the SLP protocol, you must have at least
one Directory Agent (DA) server on your network. Otherwise the
CUPS scheduler (cupsd) will not respond to client
requests for several seconds while polling the network.
Examples
BrowseRelay 193.0.2.1 192.0.2.255
BrowseRelay 193.0.2.0/255.255.255.0 192.0.2.255
BrowseRelay 193.0.2.0/24 192.0.2.255
BrowseRelay *.domain.com 192.0.2.255
BrowseRelay host.domain.com 192.0.2.255
Description
The BrowseRelay directive specifies source and
destination addresses for relaying browsing information from one
host or network to another. Multiple BrowseRelay
directives can be specified as needed.
BrowseRelay is typically used on systems that
bridge multiple subnets using one or more network interfaces. It
can also be used to relay printer information from polled servers
with the line:
BrowseRelay 127.0.0.1 @LOCAL
This effectively provides access to printers on a WAN for all
clients on the LAN(s).
Examples
BrowseRemoteOptions compression=yes
BrowseRemoteOptions encryption=required
BrowseRemoteOptions ?compression=yes&encryption=required
Description
The BrowseRemoteOptions directive specifies
additional IPP backend options to include with remote shared
printers. If the options string begins with a question mark (?),
the options replace any options specified by the remote server.
The default is to not include any options.
Examples
BrowseRemoteProtocols all
BrowseRemoteProtocols none
BrowseRemoteProtocols cups
BrowseRemoteProtocols dnssd
BrowseRemoteProtocols ldap
BrowseRemoteProtocols slp
BrowseRemoteProtocols cups dnssd
Description
The BrowseRemoteProtocols directive specifies the
protocols to use when finding remote shared printers on the
network. Multiple protocols can be specified by separating them
with spaces. The default is CUPS.
Examples
BrowseShortNames Yes
BrowseShortNames No
Description
The BrowseShortNames directive specifies whether
or not short names are used for remote printers when possible.
Short names are just the remote printer name, without the server
("printer"). If more than one remote printer is detected with the
same name, the printers will have long names ("printer@server1",
"printer@server2".)
The default value for this option is Yes.
Examples
BrowseTimeout 300
BrowseTimeout 60
Description
The BrowseTimeout directive sets the timeout for
printer or class information that is received in browse packets.
Once a printer or class times out it is removed from the list of
available destinations.
The BrowseTimeout value should always be greater
than the BrowseInterval value.
Otherwise printers and classes will disappear from client systems
between updates.
Examples
Browsing On
Browsing Off
Description
The Browsing directive controls whether or not
network printer browsing is enabled. The default setting is
Yes.
This directive does not enable sharing of local printers by
itself; you must also use the BrowseAddress or BrowseProtocols
directives to advertise local printers to other systems.
Note:
If you are using HP-UX 10.20 and a subnet that is not 24,
16, or 8 bits, printer browsing (and in fact all broadcast
reception) will not work. This problem appears to be fixed in
HP-UX 11.0.
Examples
Classification
Classification classified
Classification confidential
Classification secret
Classification topsecret
Classification unclassified
Description
The Classification directive sets the
classification level on the server. When this option is set, at
least one of the banner pages is forced to the classification
level, and the classification is placed on each page of output.
The default is no classification level.
Examples
ClassifyOverride Yes
ClassifyOverride No
Description
The ClassifyOverride directive specifies whether
users can override the default classification level on the
server. When the server classification is set, users can change
the classification using the job-sheets option and
can choose to only print one security banner before or after the
job. If the job-sheets option is set to
none then the server default classification is
used.
The default is to not allow classification overrides.
Examples
ConfigFilePerm 0644
ConfigFilePerm 0640
Description
The ConfigFilePerm directive specifies the
permissions to use when writing configuration files. The default
is 640.
Examples
DataDir /usr/share/cups
Description
The DataDir directive sets the directory to use
for data files.
Examples
DefaultAuthType Basic
DefaultAuthType BasicDigest
DefaultAuthType Digest
DefaultAuthType Negotiate
Description
The DefaultAuthType directive specifies the type
of authentication to use for IPP operations that require a
username. The default is Basic.
Examples
DefaultCharset utf-8
DefaultCharset iso-8859-1
DefaultCharset windows-1251
Description
The DefaultCharset directive sets the default
character set to use for client connections. The default
character set is utf-8 but is overridden by the
character set for the language specified by the client or the
DefaultLanguage directive.
Examples
DefaultEncryption Never
DefaultEncryption IfRequested
DefaultEncryption Required
Description
The DefaultEncryption directive specifies the
type of encryption to use when performing authentication. The
default is Required.
Examples
DefaultLanguage de
DefaultLanguage en
DefaultLanguage es
DefaultLanguage fr
DefaultLanguage it
Description
The DefaultLanguage directive specifies the
default language to use for client connections. Setting the
default language also sets the default character set if a
language localization file exists for it. The default language
is "en" for English.
Examples
DefaultPolicy default
DefaultPolicy foo
Description
The DefaultPolicy directive specifies the default
policy to use for IPP operation. The default is
default.
Examples
DefaultShared yes
DefaultShared no
Description
The DefaultShared directive specifies whether
printers are shared (published) by default. The default is
Yes.
Examples
<Location /path>
..
Deny from All
Deny from None
Deny from *.domain.com
Deny from .domain.com
Deny from host.domain.com
Deny from nnn.*
Deny from nnn.nnn.*
Deny from nnn.nnn.nnn.*
Deny from nnn.nnn.nnn.nnn
Deny from nnn.nnn.nnn.nnn/mm
Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
Deny from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
Deny from @LOCAL
Deny from @IF(name)
</Location>
Description
The Deny directive specifies a hostname, IP
address, or network that is allowed access to the server.
Deny directives are cummulative, so multiple
Deny directives can be used to allow access for
multiple hosts or networks. The /mm notation
specifies a CIDR netmask, a shown in Table
1.
The @LOCAL name will deny access from all local
interfaces. The @IF(name) name will deny access from
the named interface. In both cases, CUPS only denies access from
the network that the interface(s) are configured for - requests
arriving on the interface from a foreign network will
not be denied.
The Deny directive must appear inside a Location or Limit section.
Examples
DocumentRoot /usr/share/doc/cups
DocumentRoot /foo/bar/doc/cups
Description
The DocumentRoot directive specifies the location
of web content for the HTTP server in CUPS. If an absolute path
is not specified then it is assumed to be relative to the ServerRoot directory. The
default directory is /usr/share/doc/cups-1.3.7.
Documents are first looked up in a sub-directory for the
primary language requested by the client (e.g.
/usr/share/doc/cups-1.3.7/fr/...) and then directly under
the DocumentRoot directory (e.g.
/usr/share/doc/cups-1.3.7/...), so it is possible to
localize the web content by providing subdirectories for each
language needed.
Examples
<Location /path>
...
Encryption Never
Encryption IfRequested
Encryption Required
</Location>
Description
The Encryption directive must appear instead a Location or Limit section and specifies the
encryption settings for that location. The default setting is
IfRequested for all locations.
Examples
ErrorLog /var/log/cups/error_log
ErrorLog /var/log/cups/error_log-%s
ErrorLog syslog
Description
The ErrorLog directive sets the name of the error
log file. If the filename is not absolute then it is assumed to
be relative to the ServerRoot directory. The
default error log file is /var/log/cups/error_log.
The server name can be included in the filename by using
%s in the name.
The special name "syslog" can be used to send the error
information to the system log instead of a plain file.
Examples
ErrorPolicy abort-job
ErrorPolicy retry-job
ErrorPolicy stop-printer
Description
The ErrorPolicy directive defines the default policy that
is used when a backend is unable to send a print job to the
printer.
The following values are supported:
abort-job - Abort the job and proceed
with the next job in the queueretry-job - Retry the job after waiting
for N seconds; the cupsd.conf JobRetryInterval
directive controls the value of Nstop-printer - Stop the printer and keep
the job for future printing; this is the default
value
Examples
FatalErrors none
FatalErrors all
FatalErrors browse
FatalErrors config
FatalErrors listen
FatalErrors log
FatalErrors permissions
FatalErrors all -permissions
FatalErrors config permissions log
Description
The FatalErrors directive determines whether certain kinds of
errors are fatal. The following kinds of errors are currently recognized:
none - No errors are fatalall - All of the errors below are fatalbrowse - Browsing initialization errors are fatal,
for example failed binding to the CUPS browse port or failed connections
to LDAP serversconfig - Configuration file syntax errors are
fatallisten - Listen or Port errors are fatal, except for
IPv6 failures on the loopback or "any" addresseslog - Log file creation or write errors are fatalpermissions - Bad startup file permissions are
fatal, for example shared SSL certificate and key files with world-
read permissions
Multiple errors can be listed, and the form "-kind" can be used with
all to remove specific kinds of errors. The default setting is
config.
Examples
FileDevice Yes
FileDevice No
Description
The FileDevice directive determines whether the
scheduler allows new printers to be added using device URIs of
the form file:/filename. File devices are most often
used to test new printer drivers and do not support raw file
printing.
The default setting is No.
Note:
File devices are managed by the scheduler. Since the
scheduler normally runs as the root user, file devices
can be used to overwrite system files and potentially
gain unauthorized access to the system. If you must
create printers using file devices, we recommend that
you set the FileDevice directive to
Yes for only as long as you need to add the
printers to the system, and then reset the directive to
No.
Examples
FilterLimit 0
FilterLimit 200
FilterLimit 1000
Description
The FilterLimit directive sets the maximum cost
of all running job filters. It can be used to limit the number of
filter programs that are run on a server to minimize disk,
memory, and CPU resource problems. A limit of 0 disables filter
limiting.
An average print to a non-PostScript printer needs a filter
limit of about 200. A PostScript printer needs about half that
(100). Setting the limit below these thresholds will effectively
limit the scheduler to printing a single job at any time.
The default limit is 0.
Examples
FilterNice 0
FilterNice 10
FilterNice 19
Description
The FilterNice directive sets the nice(1)
value to assign to filter processes. The nice value ranges from
0, the highest priority, to 19, the lowest priority. The default
is 0.
Examples
FontPath /foo/bar/fonts
FontPath /usr/share/cups/fonts:/foo/bar/fonts
Description
The FontPath directive specifies the font path to
use when searching for fonts. The default font path is
/usr/share/cups/fonts.
Examples
Group lp
Group nobody
Description
The Group directive specifies the UNIX group that
filter and CGI programs run as. The default group is
system-specific but is usually lp or
nobody.
Examples
GSSServiceName IPP
GSSServiceName HTTP
Description
The GSSServiceName directive specifies the Kerberos service name that is used when passing authorization tickets. The default name is IPP.
Examples
HideImplicitMembers Yes
HideImplicitMembers No
Description
The HideImplicitMembers directive controls
whether the individual printers in an implicit class are hidden
from the user. The default is Yes.
ImplicitClasses
must be enabled for this directive to have any effect.
Examples
HostNameLookups On
HostNameLookups Off
HostNameLookups Double
Description
The HostNameLookups directive controls whether or
not CUPS looks up the hostname for connecting clients. The
Double setting causes CUPS to verify that the
hostname resolved from the address matches one of the addresses
returned for that hostname. Double lookups also
prevent clients with unregistered addresses from connecting to
your server.
The default is Off to avoid the potential server
performance problems with hostname lookups. Set this option to
On or Double only if absolutely
required.
Examples
ImplicitAnyClasses On
ImplicitAnyClasses Off
Description
The ImplicitAnyClasses directive controls
whether implicit classes for local and remote printers are
created with the name AnyPrinter. The default
setting is Off.
ImplicitClasses
must be enabled for this directive to have any effect.
Examples
ImplicitClasses On
ImplicitClasses Off
Description
The ImplicitClasses directive controls whether
implicit classes are created based upon the available network
printers and classes. The default setting is
Yes but is automatically turned
Off if Browsing is turned
Off.
Examples
Include filename
Include /foo/bar/filename
Description
The Include directive includes the named file in
the cupsd.conf file. If no leading path is provided,
the file is assumed to be relative to the ServerRoot directory.
Examples
JobRetryInterval 30
JobRetryInterval 120
Description
The JobRetryInterval directive specifies the
number of seconds to wait before retrying a job. This is
typically used for fax queues but can also be used with normal
print queues whose error policy is retry-job. The
default is 30 seconds.
Examples
JobRetryLimit 5
JobRetryLimit 50
Description
The JobRetryLimit directive specifies the maximum
number of times the scheduler will try to print a job. This is
typically used for fax queues but can also be used with normal
print queues whose error policy is retry-job. The
default is 5 times.
Examples
KeepAlive On
KeepAlive Off
Description
The KeepAlive directive controls whether or not
to support persistent HTTP connections. The default is
On.
HTTP/1.1 clients automatically support persistent connections,
while HTTP/1.0 clients must specifically request them using the
Keep-Alive attribute in the Connection:
field of each request.
Examples
KeepAliveTimeout 60
KeepAliveTimeout 30
Description
The KeepAliveTimeout directive controls how long
a persistent HTTP connection will remain open after the last
request. The default is 60 seconds.
Examples
<Location /path>
<Limit GET POST>
...
</Limit>
<Limit ALL>
...
</Limit>
</Location>
Description
The Limit directive groups access control
directives for specific types of HTTP requests and must appear
inside a Location section.
Access can be limited for individual request types
(DELETE, GET, HEAD,
OPTIONS, POST, PUT, and
TRACE) or for all request types (ALL).
The request type names are case-sensitive for compatibility with
Apache.
Examples
<Policy name>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer>
...
</Limit>
<Limit All>
...
</Limit>
</Policy>
Description
When included in Policy
sections, the Limit directive groups access control
directives for specific IPP operations. Multiple operations can
be listed, separated by spaces. Table 2 lists the supported
operations.
Table 2: Supported IPP Operations
| Operation Name |
Description |
| All |
All operations - used as the default limit for
operations that are not listed |
| Cancel-Job |
Cancel a job |
| Cancel-Subscription |
Cancel a subscription |
| Create-Job |
Create a new, empty job |
| Create-Job-Subscription |
Creates a notification subscription on a job |
| Create-Printer-Subscription |
Creates a notification subscription on a printer |
| CUPS-Accept-Jobs |
Sets the printer-is-accepting-jobs value for a printer to true |
| CUPS-Add-Modify-Class |
Adds or modifies a class |
| CUPS-Add-Modify-Printer |
Adds or modifies a printer |
| CUPS-Authenticate-Job |
Authenticates a job for printing |
| CUPS-Delete-Class |
Deletes a class |
| CUPS-Delete-Printer |
Deletes a printer |
| CUPS-Get-Classes |
Gets a list of classes |
| CUPS-Get-Default |
Gets the (network/server) default printer or class |
| CUPS-Get-Devices |
Gets a list of available devices |
| CUPS-Get-PPDs |
Gets a list of available manufacturers or drivers |
| CUPS-Get-Printers |
Gets a list of printers and/or classes |
| CUPS-Move-Job |
Moves a job to a new destination |
| CUPS-Reject-Jobs |
Sets the printer-is-accepting-jobs value for a printer to false |
| CUPS-Set-Default |
Sets the network/server default printer or class |
| Disable-Printer |
Sets the printer-state value for a printer to stopped |
| Enable-Printer |
Sets the printer-state value for a printer to idle/processing |
| Get-Job-Attributes |
Gets information about a job |
| Get-Jobs |
Gets a list of jobs |
| Get-Notifications |
Gets a list of events |
| Get-Printer-Attributes |
Gets informaion about a printer or class |
| Get-Subscription-Attributes |
Gets informaion about a notification subscription |
| Get-Subscriptions |
Gets a list of notification subscriptions |
| Hold-Job |
Holds a job for printing |
| Pause-Printer |
Sets the printer-state value for a printer to stopped |
| Print-Job |
Creates a job with a single file for printing |
| Purge-Jobs |
Removes all jobs from a printer |
| Release-Job |
Releases a previously held job for printing |
| Renew-Subscription |
Renews a notification subscription |
| Restart-Job |
Reprints a job |
| Resume-Printer |
Sets the printer-stae value for a printer to idle/processing |
| Send-Document |
Adds a file to an job created with Create-Job |
| Set-Job-Attributes |
Changes job options |
| Validate-Job |
Validates job options prior to printing |
Examples
<Location /path>
<LimitExcept GET POST>
...
</LimitExcept>
</Location>
Description
The LimitExcept directive groups access control
directives for specific types of HTTP requests and must appear
inside a Location section.
Unlike the Limit directive,
LimitExcept restricts access for all requests
except those listed on the LimitExcept
line.
Examples
LimitRequestBody 10485760
LimitRequestBody 10m
LimitRequestBody 0
Description
The LimitRequestBody directive controls the
maximum size of print files, IPP requests, and HTML form data in
HTTP POST requests. The default limit is 0 which disables the
limit check.
Examples
Listen 127.0.0.1:631
Listen 192.0.2.1:631
Listen [::1]:631
Listen *:631
Description
The Listen directive specifies a network address
and port to listen for connections. Multiple Listen
directives can be provided to listen on multiple addresses.
The Listen directive is similar to the Port directive but allows you to
restrict access to specific interfaces or networks.
Examples
ListenBackLog 5
ListenBackLog 10
Description
The ListenBackLog directive sets the maximum
number of pending connections the scheduler will allow. This
normally only affects very busy servers that have reached the MaxClients limit, but can
also be triggered by large numbers of simultaneous connections.
When the limit is reached, the operating system will refuse
additional connections until the scheduler can accept the pending
ones. The default is the OS-defined default limit, typically
either 5 for older operating systems or 128 for newer operating
systems.
Examples
<Location />
...
</Location>
<Location /admin>
...
</Location>
<Location /admin/conf>
...
</Location>
<Location /admin/log>
...
</Location>
<Location /classes>
...
</Location>
<Location /classes/name>
...
</Location>
<Location /jobs>
...
</Location>
<Location /printers>
...
</Location>
<Location /printers/name>
...
</Location>
Description
The Location directive specifies access control
and authentication options for the specified HTTP resource or
path. The Allow, AuthType, Deny, Encryption, Limit, LimitExcept, Order, Require, and Satisfy directives may all
appear inside a location.
Note that more specific resources override the less specific
ones. So the directives inside the /printers/name
location will override ones from /printers.
Directives inside /printers will override ones from
/. None of the directives are inherited.
Table 3: Common Locations on the Server
| Location | Description |
|---|
/ | The path for all get operations (get-printers, get-jobs, etc.) |
/admin | The path for all administration operations (add-printer, delete-printer, start-printer, etc.) |
/admin/conf | The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.) |
/admin/log | The path for access to the CUPS log files (access_log, error_log, page_log) |
/classes | The path for all classes |
/classes/name | The resource for class name |
/jobs | The path for all jobs (hold-job, release-job, etc.) |
/jobs/id | The resource for job id |
/printers | The path for all printers |
/printers/name | The path for printer name |
/printers/name.ppd | The PPD file path for printer name |
Examples
LogFilePerm 0644
LogFilePerm 0600
Description
The LogFilePerm directive specifies the
permissions to use when writing configuration files. The default
is 0600.
Examples
LogLevel none
LogLevel emerg
LogLevel alert
LogLevel crit
LogLevel error
LogLevel warn
LogLevel notice
LogLevel info
LogLevel debug
LogLevel debug2
Description
The LogLevel directive specifies the level of
logging for the ErrorLog
file. The following values are recognized (each level logs
everything under the preceding levels):
none - Log nothingemerg - Log emergency conditions that
prevent the server from runningalert - Log alerts that must be handled
immediatelycrit - Log critical errors that don't
prevent the server from runningerror - Log general errorswarn - Log errors and warningsnotice - Log temporary error conditionsinfo - Log all requests and state
changes (default)debug - Log basic debugging
informationdebug2 - Log all debugging
information
Examples
MaxClients 100
MaxClients 1024
Description
The MaxClients directive controls the maximum
number of simultaneous clients that will be allowed by the
server. The default is 100 clients.
Note:
Since each print job requires a file descriptor for the status
pipe, the scheduler internally limits the MaxClients
value to 1/3 of the available file descriptors to avoid possible
problems when printing large numbers of jobs.
Examples
MaxClientsPerHost 10
Description
The MaxClientsPerHost directive controls the
maximum number of simultaneous clients that will be allowed from
a single host by the server. The default is the
MaxClients value.
This directive provides a small measure of protection against
Denial of Service attacks from a single host.
Examples
MaxCopies 100
MaxCopies 65535
Description
The MaxCopies directive controls the maximum
number of copies that a user can print of a job. The default is
100 copies.
Note:
Most HP PCL laser printers internally limit the number of
copies to 100.
Examples
MaxJobs 100
MaxJobs 9999
MaxJobs 0
Description
The MaxJobs directive controls the maximum number
of jobs that are kept in memory. Once the number of jobs reaches
the limit, the oldest completed job is automatically purged from
the system to make room for the new one. If all of the known jobs
are still pending or active then the new job will be
rejected.
Setting the maximum size to 0 disables this functionality. The
default setting is 500.
Examples
MaxJobsPerPrinter 100
MaxJobsPerPrinter 9999
MaxJobsPerPrinter 0
Description
The MaxJobsPerPrinter directive controls the
maximum number of active jobs that are allowed for each printer
or class. Once a printer or class reaches the limit, new jobs
will be rejected until one of the active jobs is completed,
stopped, aborted, or canceled.
Setting the maximum to 0 disables this functionality. The
default setting is 0.
Examples
MaxJobsPerUser 100
MaxJobsPerUser 9999
MaxJobsPerUser 0
Description
The MaxJobsPerUser directive controls the maximum
number of active jobs that are allowed for each user. Once a user
reaches the limit, new jobs will be rejected until one of the
active jobs is completed, stopped, aborted, or canceled.
Setting the maximum to 0 disables this functionality. The
default setting is 0.
Examples
MaxLogSize 1048576
MaxLogSize 1m
MaxLogSize 0
Description
The MaxLogSize directive controls the maximum
size of each log file. Once a log file reaches or exceeds the
maximum size it is closed and renamed to filename.O.
This allows you to rotate the logs automatically. The default
size is 1048576 bytes (1MB).
Setting the maximum size to 0 disables log rotation.
Examples
MaxRequestSize 10485760
MaxRequestSize 10m
MaxRequestSize 0
Description
The MaxRequestSize directive controls the maximum
size of print files, IPP requests, and HTML form data in HTTP
POST requests. The default limit is 0 which disables the limit
check.
This directive is deprecated and will be removed in a
future CUPS release. Use the LimitRequestBody
directive instead.
Examples
<Location /path>
...
Order Allow,Deny
Order Deny,Allow
</Location>
Description
The Order directive defines the default access
control. The following values are supported:
allow,deny - Deny requests by default,
then check the Allow
lines followed by the Deny linesdeny,allow - Allow requests by default,
then check the Deny
lines followed by the Allow lines
The Order directive must appear inside a Location or Limit section.
Examples
PageLog /var/log/cups/page_log
PageLog /var/log/cups/page_log-%s
PageLog syslog
Description
The PageLog directive sets the name of the page
log file. If the filename is not absolute then it is assumed to
be relative to the ServerRoot directory. The
default page log file is /var/log/cups/page_log.
The server name can be included in the filename by using
%s in the name.
The special name "syslog" can be used to send the page
information to the system log instead of a plain file.
Examples
PassEnv MY_ENV_VARIABLE
Description
The PassEnv directive specifies an environment
variable that should be passed to child processes. Normally, the
scheduler only passes the DYLD_LIBRARY_PATH,
LD_ASSUME_KERNEL, LD_LIBRARY_PATH,
LD_PRELOAD, NLSPATH,
SHLIB_PATH, TZ, and VGARGS
environment variables to child processes.
Examples
<Policy name>
<Limit operation ... operation>
...
</Limit>
<Limit operation ... operation>
...
</Limit>
<Limit All>
...
</Limit>
</Policy>
Description
The Policy directive specifies IPP operation
access control limits. Each policy contains 1 or more Limit sections to set the
access control limits for specific operations - user limits,
authentication, encryption, and allowed/denied addresses,
domains, or hosts. The <Limit All> section
specifies the default access control limits for operations that
are not listed.
Policies are named and associated with printers via the
printer's operation policy setting
(printer-op-policy). The default policy for the
scheduler is specified using the DefaultPolicy
directive.
Examples
Port 631
Port 80
Description
The Port directive specifies a port to listen on.
Multiple Port lines can be specified to listen on
multiple ports. The Port directive is equivalent to
"Listen *:nnn". The default port is 631.
Note:
On systems that support IPv6, this directive will bind to both
the IPv4 and IPv6 wildcard address.
Examples
PreserveJobHistory On
PreserveJobHistory Off
Description
The PreserveJobHistory directive controls whether
the history of completed, canceled, or aborted print jobs is
stored on disk.
A value of On (the default) preserves job
information until the administrator purges it with the
cancel command.
A value of Off removes the job information as
soon as each job is completed, canceled, or aborted.
Examples
PreserveJobFiles On
PreserveJobFiles Off
Description
The PreserveJobFiles directive controls whether
the document files of completed, canceled, or aborted print jobs
are stored on disk.
A value of On preserves job files until the
administrator purges them with the cancel command.
Jobs can be restarted (and reprinted) as desired until they are
purged.
A value of Off (the default) removes the job
files as soon as each job is completed, canceled, or aborted.
Examples
Printcap
Printcap /etc/printcap
Printcap /etc/printers.conf
Description
The Printcap directive controls whether or not a
printcap file is automatically generated and updated with a list
of available printers. If specified with no value, then no
printcap file will be generated. The default is to generate a
file named /etc/printcap.
When a filename is specified (e.g. /etc/printcap),
the printcap file is written whenever a printer is added or
removed. The printcap file can then be used by applications that
are hardcoded to look at the printcap file for the available
printers.
Examples
PrintcapFormat BSD
PrintcapFormat Solaris
Description
The PrintcapFormat directive controls the output
format of the printcap file. The default is to generate a BSD
printcap file.
Examples
PrintGUI /usr/bin/glpoptions
Description
The PrintcapGUI directive sets the program to
associate with the IRIX printer GUI interface script which is
used by IRIX applications to display printer-specific options.
There is no default program.
Examples
ReloadTimeout 0
ReloadTimeout 60
Description
The ReloadTimeout directive specifies the number
of seconds the scheduler will wait for active jobs to complete
before doing a restart. The default is 60 seconds.
Examples
RemoteRoot remroot
RemoteRoot root
Description
The RemoteRoot directive sets the username for
unauthenticated root requests from remote hosts. The default
username is remroot. Setting RemoteRoot
to root effectively disables this security
mechanism.
Examples
RequestRoot /var/spool/cups
RequestRoot /foo/bar/spool/cups
Description
The RequestRoot directive sets the directory for
incoming IPP requests and HTML forms. If an absolute path is not
provided then it is assumed to be relative to the ServerRoot directory. The
default request directory is /var/spool/cups.
Examples
<Location /path>
...
Require group foo bar
Require user john mary
Require valid-user
Require user @groupname
Require user @SYSTEM
Require user @OWNER
</Location>
Description
The Require directive specifies that
authentication is required for the resource. The
group keyword specifies that the authenticated user
must be a member of one or more of the named groups that
follow.
The user keyboard specifies that the
authenticated user must be one of the named users or groups that
follow. Group names are specified using the "@" prefix.
The valid-user keyword specifies that any
authenticated user may access the resource.
The default is to do no authentication. This directive must
appear inside a Location or
Limit section.
Examples
RIPCache 8m
RIPCache 1g
RIPCache 2048k
Description
The RIPCache directive sets the size of the
memory cache used by Raster Image Processor ("RIP") filters such
as imagetoraster and pstoraster. The
size can be suffixed with a "k" for kilobytes, "m" for megabytes,
or "g" for gigabytes. The default cache size is "8m", or 8
megabytes.
Examples
RootCertDuration 0
RootCertDuration 300
Description
The RootCertDuration directive specifies the
number of seconds the root certificate remains valid.
The scheduler will generate a new certificate as needed when the
number of seconds has expired. If set to 0, the root certificate
is generated only once on startup or on a restart. The default is
300 seconds.
Examples
<Location /path>
...
Satisfy all
Satisfy any
</Location>
Description
The Satisfy directive specifies whether all
conditions must be satisfied to allow access to the resource. If
set to all, then all authentication and access
control conditions must be satified to allow access.
Setting Satisfy to any allows a user
to gain access if the authentication or access control
requirements are satisfied. For example, you might require
authentication for remote access, but allow local access without
authentication.
The default is all. This directive must appear
inside a Location or Limit section.
Examples
ServerAdmin user@host
ServerAdmin root@foo.bar.com
Description
The ServerAdmin directive identifies the email
address for the administrator on the system. By default the
administrator email address is root@server, where
server is the ServerName.
Examples
ServerBin /usr/lib/cups
ServerBin /foo/bar/lib/cups
Description
The ServerBin directive sets the directory for
server-run executables. If an absolute path is not provided then
it is assumed to be relative to the ServerRoot directory. The
default executable directory is /usr/lib/cups,
/usr/lib32/cups, or /usr/libexec/cups
depending on the operating system.
Examples
ServerCertificate /etc/cups/ssl/server.crt
Description
The ServerCertificate directive specifies the
location of the SSL certificate file used by the server when
negotiating encrypted connections. The certificate must not be
encrypted (password protected) since the scheduler normally runs
in the background and will be unable to ask for a password.
The default certificate file is
/etc/cups/ssl/server.crt.
Examples
ServerKey /etc/cups/ssl/server.key
Description
The ServerKey directive specifies the location of
the SSL private key file used by the server when negotiating
encrypted connections.
The default key file is
/etc/cups/ssl/server.crt.
Examples
ServerName foo.domain.com
ServerName myserver.domain.com
Description
The ServerName directive specifies the hostname
that is reported to clients. By default the server name is the
hostname.
Examples
ServerRoot /etc/cups
ServerRoot /foo/bar/cups
Description
The ServerRoot directive specifies the absolute
path to the server configuration and state files. It is also used
to resolve relative paths in the cupsd.conf file. The
default server directory is /etc/cups.
Examples
ServerTokens None
ServerTokens ProductOnly
ServerTokens Major
ServerTokens Minor
ServerTokens Minimal
ServerTokens OS
ServerTokens Full
Description
The ServerTokens directive specifies the
information that is included in the Server: header
of all HTTP responses. Table 4 lists the token name along with
the text that is returned. The default is
Minimal.
Table 4: ServerToken Names and Values
| Name |
Value |
| None |
No Server: header is returned |
| ProductOnly |
"CUPS" |
| Major |
"CUPS 1" |
| Minor |
"CUPS 1.2" |
| Minimal |
"CUPS 1.2.N" where N is the patch release |
| OS |
"CUPS 1.2.N (UNAME)" where N is the patch release and
UNAME is the output of the uname(1) command |
| Full |
"CUPS 1.2.N (UNAME) IPP/1.1" where N is the patch
release and UNAME is the output of the uname(1)
command |
Examples
SetEnv PATH /usr/lib/cups/filter:/bin:/usr/bin:/usr/local/bin
SetEnv MY_ENV_VAR foo
Description
The SetEnv directive specifies an environment
variable that should be passed to child processes.
Examples
SSLListen 127.0.0.1:443
SSLListen 192.0.2.1:443
Description
The SSLListen directive specifies a network
address and port to listen for secure connections. Multiple
SSLListen directives can be provided to listen on
multiple addresses.
The SSLListen directive is similar to the SSLPort directive but allows you
to restrict access to specific interfaces or networks.
Examples
SSLPort 443
Description
The SSLPort directive specifies a port to listen
on for secure connections. Multiple SSLPort lines
can be specified to listen on multiple ports.
Examples
SystemGroup lpadmin
SystemGroup sys
SystemGroup system
SystemGroup root
SystemGroup root lpadmin
Description
The SystemGroup directive specifies the system
administration group for System authentication.
Multiple groups can be listed, separated with spaces. The default
group list is sys root.
Examples
TempDir /var/tmp
TempDir /foo/bar/tmp
Description
The TempDir directive specifies an absolute path
for the directory to use for temporary files. The default
directory is /var/spool/cups/tmp.
Temporary directories must be world-writable and should have
the "sticky" permission bit enabled so that other users cannot
delete filter temporary files. The following commands will create
an appropriate temporary directory called
/foo/bar/tmp:
mkdir /foo/bar/tmp
chmod a+rwxt /foo/bar/tmp
Examples
Timeout 300
Timeout 90
Description
The Timeout directive controls the amount of time
to wait before an active HTTP or IPP request times out. The
default timeout is 300 seconds.
Examples
UseNetworkDefault yes
UseNetworkDefault no
Description
The UseNetworkDefault directive controls whether
the client will use a network/remote printer as a default
printer. If enabled, the default printer of a server is used as
the default printer on a client. When multiple servers are
advertising a default printer, the client's default printer is
set to the first discovered printer, or to the implicit class for
the same printer available from multiple servers.
The default is Yes.
Examples
User lp
User guest
Description
The User directive specifies the UNIX user that
filter and CGI programs run as. The default user is
lp.
Note:
You may not use user root, as that would expose
the system to unacceptable security risks. The scheduler will
automatically choose user nobody if you specify a
user whose ID is 0.
|