The /etc/cups/cupsd.conf file contains configuration directives that control how the server functions. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.
Since the server configuration file consists of plain text,
you can use your favorite text editor to make changes to it.
After making any changes, restart the cupsd(8)
process using the startup script for your operating system:
/etc/init.d/cups restart
sudo launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist sudo launchctl load /System/Library/LaunchDaemons/org.cups.cupsd.plist
You can also edit this file from the CUPS web interface, which automatically handles restarting the scheduler.
Note:The specification of time units ("w" for weeks, "h" for hours, etc.) in the various time interval directives is new in CUPS 1.6/OS X 10.8. Prior releases of CUPS only supported time intervals in seconds.
AccessLogLevel config AccessLogLevel actions AccessLogLevel all AccessLogLevel none
The AccessLogLevel
directive controls which requests are logged
to the access log file. The following levels are defined:
config
; Log when printers and classes are added,
deleted, or modified and when configuration files are accessed or
updated.actions
; Log when print jobs are submitted,
held, released, modified, or canceled, and any of the conditions
for config
.all
; Log all requests.none
; Log no requests.The default access log level is @CUPS_ACCESS_LOG_LEVEL@
.
<Location /path> ... Allow from All Allow from None Allow from *.example.com Allow from .example.com Allow from host.example.com Allow from nnn.* Allow from nnn.nnn.* Allow from nnn.nnn.nnn.* Allow from nnn.nnn.nnn.nnn Allow from nnn.nnn.nnn.nnn/mm Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Allow from [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx] Allow from [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]/mmm Allow from @LOCAL Allow from @IF(name) </Location>
The Allow
directive specifies a hostname, IP
address, or network that is allowed access to the server.
Allow
directives are cumulative, so multiple
Allow
directives can be used to allow access for
multiple hosts or networks.
Host and domain name matching require that you enable the HostNameLookups
directive.
The /mm
notation specifies a CIDR netmask, as shown in
Table 1.
mm | netmask | mm | netmask |
---|---|---|---|
0 | 0.0.0.0 | 8 | 255.0.0.0 |
1 | 128.0.0.0 | 16 | 255.255.0.0 |
2 | 192.0.0.0 | 24 | 255.255.255.0 |
... | ... | 32 | 255.255.255.255 |
The @LOCAL
name will allow access from all local
interfaces. The @IF(name)
name will allow access
from the named interface. In both cases, CUPS only allows access
from the network that the interface(s) are configured for -
requests arriving on the interface from a foreign network will
not be accepted.
The Allow
directive must appear inside a Location
or Limit
section.
<Location /path> ... AuthType None AuthType Basic AuthType Digest AuthType BasicDigest AuthType Negotiate </Location>
The AuthType
directive defines the type of
authentication to perform:
None
- No authentication should be
performed (default)Basic
- Basic authentication should be
performed using the UNIX password and group filesDigest
- Digest authentication should be
performed using the /etc/cups/passwd.md5
fileBasicDigest
- Basic authentication
should be performed using the
/etc/cups/passwd.md5 fileNegotiate
- Kerberos authentication
should be performedWhen using Basic
, Digest
,
BasicDigest
, or Negotiate
authentication,
clients connecting through the localhost
interface can
also authenticate using certificates.
The AuthType
directive must appear inside a Location
or Limit
section.
AutoPurgeJobs Yes AutoPurgeJobs No
The AutoPurgeJobs
directive specifies whether or
not to purge completed jobs once they are no longer required for
quotas. This option has no effect if quotas are not enabled. The
default setting is No
.
BrowseLocalProtocols all BrowseLocalProtocols none BrowseLocalProtocols dnssd
The BrowseLocalProtocols
directive specifies the protocols to use when advertising local shared printers on the network. Multiple protocols can be specified by separating them with spaces. The default is "dnssd
" on systems that support Bonjour and "none
" on all others.
BrowseWebIF On BrowseWebIF Off
The BrowseWebIF
directive controls whether the CUPS web
interface is advertised via DNS-SD. The default setting is
Off
.
Browsing On Browsing Off
The Browsing
directive controls whether or not printer sharing is enabled. The default setting is On
.
Classification Classification classified Classification confidential Classification secret Classification topsecret Classification unclassified
The Classification
directive sets the
classification level on the server. When this option is set, at
least one of the banner pages is forced to the classification
level, and the classification is placed on each page of output.
The default is no classification level.
ClassifyOverride Yes ClassifyOverride No
The ClassifyOverride
directive specifies whether
users can override the default classification level on the
server. When the server classification is set, users can change
the classification using the job-sheets
option and
can choose to only print one security banner before or after the
job. If the job-sheets
option is set to
none
then the server default classification is
used.
The default is to not allow classification overrides.
DefaultAuthType Basic DefaultAuthType BasicDigest DefaultAuthType Digest DefaultAuthType Negotiate
The DefaultAuthType
directive specifies the type
of authentication to use for IPP operations that require a
username. The default is Basic
.
DefaultEncryption Never DefaultEncryption IfRequested DefaultEncryption Required
The DefaultEncryption
directive specifies the
type of encryption to use when performing authentication. The
default is Required
.
DefaultLanguage de DefaultLanguage en DefaultLanguage es DefaultLanguage fr DefaultLanguage it
The DefaultLanguage
directive specifies the
default language to use for client connections. Setting the
default language also sets the default character set if a
language localization file exists for it. The default language
is "en" for English.
DefaultPaperSize Letter DefaultPaperSize A4 DefaultPaperSize Auto DefaultPaperSize None
The DefaultPaperSize
directive specifies the default paper
size to use when creating new printers. The default is Auto
which uses a paper size appropriate for the system default locale. A value
of None
tells the scheduler to not set the default paper
size.
DefaultPolicy default DefaultPolicy authenticated DefaultPolicy foo
The DefaultPolicy
directive specifies the default
policy to use for IPP operation. The default is
default
. CUPS also includes a policy called
authenticated
that requires a username and password for printing
and other job operations.
DefaultShared Yes DefaultShared No
The DefaultShared
directive specifies whether printers are shared (published) by default. The default is Yes
.
<Location /path> .. Deny from All Deny from None Deny from *.example.com Deny from .example.com Deny from host.example.com Deny from nnn.* Deny from nnn.nnn.* Deny from nnn.nnn.nnn.* Deny from nnn.nnn.nnn.nnn Deny from nnn.nnn.nnn.nnn/mm Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Deny from [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx] Deny from [xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx]/mmm Deny from @LOCAL Deny from @IF(name) </Location>
The Deny
directive specifies a hostname, IP
address, or network that is denied access to the server.
Deny
directives are cumulative, so multiple
Deny
directives can be used to deny access for
multiple hosts or networks.
Host and domain name matching require that you enable the HostNameLookups
directive.
The /mm
notation specifies a CIDR netmask, a shown in
Table 1.
The @LOCAL
name will deny access from all local
interfaces. The @IF(name)
name will deny access from
the named interface. In both cases, CUPS only denies access from
the network that the interface(s) are configured for - requests
arriving on the interface from a foreign network will
not be denied.
The Deny
directive must appear inside a Location
or Limit
section.
DirtyCleanInterval 1w DirtyCleanInterval 1d DirtyCleanInterval 1h DirtyCleanInterval 1m DirtyCleanInterval 30 DirtyCleanInterval 0
The DirtyCleanInterval
directive specifies the amount of time to wait before updating configuration and state files for printers, classes, subscriptions, and jobs in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix). A value of 0
causes the update to occur as soon as possible, typically within a few milliseconds.
The default value is 30
(30 seconds).
<Location /path> ... Encryption Never Encryption IfRequested Encryption Required </Location>
The Encryption
directive must appear instead a Location
or Limit
section and specifies the
encryption settings for that location. The default setting is
IfRequested
for all locations.
ErrorPolicy abort-job ErrorPolicy retry-job ErrorPolicy stop-printer
The ErrorPolicy
directive defines the default policy that
is used when a backend is unable to send a print job to the
printer.
The following values are supported:
abort-job
- Abort the job and proceed
with the next job in the queueretry-job
- Retry the job after waiting
for N seconds; the cupsd.conf JobRetryInterval
directive controls the value of Nretry-this-job
- Retry the current job immediately
and indefinitely.stop-printer
- Stop the printer and keep
the job for future printing; this is the default
valueFilterLimit 0 FilterLimit 200 FilterLimit 1000
The FilterLimit
directive sets the maximum cost
of all running job filters. It can be used to limit the number of
filter programs that are run on a server to minimize disk,
memory, and CPU resource problems. A limit of 0 disables filter
limiting.
An average print to a non-PostScript printer needs a filter limit of about 200. A PostScript printer needs about half that (100). Setting the limit below these thresholds will effectively limit the scheduler to printing a single job at any time.
The default limit is 0.
FilterNice 0 FilterNice 10 FilterNice 19
The FilterNice
directive sets the nice(1)
value to assign to filter processes. The nice value ranges from
0, the highest priority, to 19, the lowest priority. The default
is 0.
GSSServiceName http GSSServiceName ipp
The GSSServiceName
directive sets the Kerberos service name to use. The default is http
for compatibility with Microsoft Windows.
HostNameLookups On HostNameLookups Off HostNameLookups Double
The HostNameLookups
directive controls whether or
not CUPS looks up the hostname for connecting clients. The
Double
setting causes CUPS to verify that the
hostname resolved from the address matches one of the addresses
returned for that hostname. Double
lookups also
prevent clients with unregistered addresses from connecting to
your server.
The default is Off
to avoid the potential server
performance problems with hostname lookups. Set this option to
On
or Double
only if absolutely
required.
Include filename Include /foo/bar/filename
The Include
directive includes the named file in
the cupsd.conf
file. If no leading path is provided,
the file is assumed to be relative to the ServerRoot
directory.
JobPrivateAccess all JobPrivateAccess default JobPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
The JobPrivateAccess
directive specifies the access list for a
job's private values. The "default" access list is "@OWNER @SYSTEM". "@ACL" maps
to the printer's requesting-user-name-allowed or requesting-user-name-denied
values.
The JobPrivateAccess
directive must appear inside a Policy
section.
JobPrivateValues all JobPrivateValues default JobPrivateValues none JobPrivateValues attribute-name-1 [ ... attribute-name-N ]
The JobPrivateValues
directive specifies the list of job values
to make private. The "default" values are "job-name",
"job-originating-host-name", "job-originating-user-name", and "phone".
The JobPrivateValues
directive must appear inside a Policy
section.
JobRetryInterval 1w JobRetryInterval 1d JobRetryInterval 1h JobRetryInterval 1m JobRetryInterval 30
The JobRetryInterval
directive specifies the amount of time to wait before retrying a job in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix). This is typically used for fax queues but can also be used with normal print queues whose error policy is retry-job
or retry-current-job
.
The default is 30
(30 seconds).
JobKillDelay 1w JobKillDelay 1d JobKillDelay 1h JobKillDelay 1m JobKillDelay 30
The JobKillDelay
directive specifies the amount of time to wait before killing the filters and backend associated with a canceled or held job in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default is 30
(30 seconds).
JobRetryLimit 5 JobRetryLimit 50
The JobRetryLimit
directive specifies the maximum
number of times the scheduler will try to print a job. This is
typically used for fax queues but can also be used with normal
print queues whose error policy is retry-job
. The
default is 5 times.
KeepAlive On KeepAlive Off
The KeepAlive
directive controls whether or not
to support persistent HTTP connections. The default is
On
.
HTTP/1.1 clients automatically support persistent connections,
while HTTP/1.0 clients must specifically request them using the
Keep-Alive
attribute in the Connection:
field of each request.
KeepAliveTimeout 1w KeepAliveTimeout 1d KeepAliveTimeout 1h KeepAliveTimeout 1m KeepAliveTimeout 30
The KeepAliveTimeout
directive controls how long a persistent HTTP connection will remain open after the last request in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default is 30
(30 seconds).
<Location /path> <Limit GET POST> ... </Limit> <Limit ALL> ... </Limit> </Location>
The Limit
directive groups access control
directives for specific types of HTTP requests and must appear
inside a Location
section.
Access can be limited for individual request types
(DELETE
, GET
, HEAD
,
OPTIONS
, POST
, PUT
, and
TRACE
) or for all request types (ALL
).
The request type names are case-sensitive for compatibility with
Apache.
<Policy name> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer> ... </Limit> <Limit All> ... </Limit> </Policy>
When included in Policy
sections, the Limit
directive groups access control
directives for specific IPP operations. Multiple operations can
be listed, separated by spaces. Table 2 lists the supported
operations.
Operation Name | Description |
---|---|
All | All operations - used as the default limit for operations that are not listed |
Cancel-Job | Cancel a job |
Cancel-Subscription | Cancel a subscription |
Create-Job | Create a new, empty job |
Create-Job-Subscription | Creates a notification subscription on a job |
Create-Printer-Subscription | Creates a notification subscription on a printer |
CUPS-Accept-Jobs | Sets the printer-is-accepting-jobs value for a printer to true |
CUPS-Add-Modify-Class | Adds or modifies a class |
CUPS-Add-Modify-Printer | Adds or modifies a printer |
CUPS-Authenticate-Job | Authenticates a job for printing |
CUPS-Delete-Class | Deletes a class |
CUPS-Delete-Printer | Deletes a printer |
CUPS-Get-Classes | Gets a list of classes |
CUPS-Get-Default | Gets the (network/server) default printer or class |
CUPS-Get-Devices | Gets a list of available devices |
CUPS-Get-PPDs | Gets a list of available manufacturers or drivers |
CUPS-Get-Printers | Gets a list of printers and/or classes |
CUPS-Move-Job | Moves a job to a new destination |
CUPS-Reject-Jobs | Sets the printer-is-accepting-jobs value for a printer to false |
CUPS-Set-Default | Sets the network/server default printer or class |
Disable-Printer | Sets the printer-state value for a printer to stopped |
Enable-Printer | Sets the printer-state value for a printer to idle/processing |
Get-Job-Attributes | Gets information about a job |
Get-Jobs | Gets a list of jobs |
Get-Notifications | Gets a list of events |
Get-Printer-Attributes | Gets information about a printer or class |
Get-Subscription-Attributes | Gets information about a notification subscription |
Get-Subscriptions | Gets a list of notification subscriptions |
Hold-Job | Holds a job for printing |
Pause-Printer | Sets the printer-state value for a printer to stopped |
Print-Job | Creates a job with a single file for printing |
Purge-Jobs | Removes all jobs from a printer |
Release-Job | Releases a previously held job for printing |
Renew-Subscription | Renews a notification subscription |
Restart-Job | Reprints a job |
Resume-Printer | Sets the printer-state value for a printer to idle/processing |
Send-Document | Adds a file to an job created with Create-Job |
Set-Job-Attributes | Changes job options |
Validate-Job | Validates job options prior to printing |
<Location /path> <LimitExcept GET POST> ... </LimitExcept> </Location>
The LimitExcept
directive groups access control
directives for specific types of HTTP requests and must appear
inside a Location
section.
Unlike the Limit
directive,
LimitExcept
restricts access for all requests
except those listed on the LimitExcept
line.
LimitRequestBody 10485760 LimitRequestBody 10m LimitRequestBody 0
The LimitRequestBody
directive controls the
maximum size of print files, IPP requests, and HTML form data in
HTTP POST requests. The default limit is 0 which disables the
limit check.
Listen 127.0.0.1:631 Listen 192.0.2.1:631 Listen [::1]:631 Listen *:631
The Listen
directive specifies a network address
and port to listen for connections. Multiple Listen
directives can be provided to listen on multiple addresses.
The Listen
directive is similar to the Port
directive but allows you to
restrict access to specific interfaces or networks.
ListenBackLog 5 ListenBackLog 10
The ListenBackLog
directive sets the maximum
number of pending connections the scheduler will allow. This
normally only affects very busy servers that have reached the MaxClients
limit, but can
also be triggered by large numbers of simultaneous connections.
When the limit is reached, the operating system will refuse
additional connections until the scheduler can accept the pending
ones. The default is the OS-defined default limit, typically
either 5 for older operating systems or 128 for newer operating
systems.
<Location /> ... </Location> <Location /admin> ... </Location> <Location /admin/conf> ... </Location> <Location /admin/log> ... </Location> <Location /classes> ... </Location> <Location /classes/name> ... </Location> <Location /jobs> ... </Location> <Location /printers> ... </Location> <Location /printers/name> ... </Location>
The Location
directive specifies access control
and authentication options for the specified HTTP resource or
path. The Allow
, AuthType
, Deny
, Encryption
, Limit
, LimitExcept
, Order
, Require
, and Satisfy
directives may all
appear inside a location.
Note that more specific resources override the less specific
ones. So the directives inside the /printers/name
location will override ones from /printers
.
Directives inside /printers
will override ones from
/
. None of the directives are inherited.
Location | Description |
---|---|
/ | The path for all get operations (get-printers, get-jobs, etc.) |
/admin | The path for all administration operations (add-printer, delete-printer, start-printer, etc.) |
/admin/conf | The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.) |
/admin/log | The path for access to the CUPS log files (access_log, error_log, page_log) |
/classes | The path for all classes |
/classes/name | The resource for class name |
/jobs | The path for all jobs (hold-job, release-job, etc.) |
/jobs/id | The resource for job id |
/printers | The path for all printers |
/printers/name | The path for printer name |
/printers/name.ppd | The PPD file path for printer name |
LogDebugHistory 0 LogDebugHistory 200
When LogLevel
is not set to
debug
or debug2
, the LogDebugHistory
directive specifies the number of debugging messages that are logged when an
error occurs during printing. The default is 200 messages. A value of 0
disables debugging history entirely and is not recommended.
LogLevel none LogLevel emerg LogLevel alert LogLevel crit LogLevel error LogLevel warn LogLevel notice LogLevel info LogLevel debug LogLevel debug2
The LogLevel
directive specifies the level of
logging for the ErrorLog
file. The following values are recognized (each level logs
everything under the preceding levels):
none
- Log nothingemerg
- Log emergency conditions that
prevent the server from runningalert
- Log alerts that must be handled
immediatelycrit
- Log critical errors that don't
prevent the server from runningerror
- Log general errorswarn
- Log errors and warningsnotice
- Log temporary error conditionsinfo
- Log all requests and state
changesdebug
- Log basic debugging
informationdebug2
- Log all debugging
informationThe default LogLevel
is @CUPS_LOG_LEVEL@
.
LogTimeFormat standard LogTimeFormat usecs
The LogTimeFormat
directive specifies the format used for the
date and time in the log files. Standard
uses the standard Apache
Common Log Format date and time while usecs
adds microseconds.
The default is standard
.
MaxClients 100 MaxClients 1024
The MaxClients
directive controls the maximum
number of simultaneous clients that will be allowed by the
server. The default is 100 clients.
Note:Since each print job requires a file descriptor for the status pipe, the scheduler internally limits the
MaxClients
value to 1/3 of the available file descriptors to avoid possible problems when printing large numbers of jobs.
MaxClientsPerHost 10
The MaxClientsPerHost
directive controls the
maximum number of simultaneous clients that will be allowed from
a single host by the server. The default is the
MaxClients
value.
This directive provides a small measure of protection against Denial of Service attacks from a single host.
MaxCopies 100 MaxCopies 65535
The MaxCopies
directive controls the maximum
number of copies that a user can print of a job. The default is
@CUPS_MAX_COPIES@ copies.
Note:Most HP PCL laser printers internally limit the number of copies to 100.
MaxHoldTime 10800 MaxHoldTime 3h MaxHoldTime 180m MaxHoldTime 0
The MaxHoldTime
directive controls the maximum number of seconds allowed for a job to remain in the "indefinite" hold state. The job is canceled automatically if it remains held indefinitely longer than the specified time interval in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default setting is 0
which disables this functionality.
MaxJobs 100 MaxJobs 9999 MaxJobs 0
The MaxJobs
directive controls the maximum number
of jobs that are kept in memory. Once the number of jobs reaches
the limit, the oldest completed job is automatically purged from
the system to make room for the new one. If all of the known jobs
are still pending or active then the new job will be
rejected.
Setting the maximum size to 0 disables this functionality. The default setting is 500.
MaxJobsPerPrinter 100 MaxJobsPerPrinter 9999 MaxJobsPerPrinter 0
The MaxJobsPerPrinter
directive controls the
maximum number of active jobs that are allowed for each printer
or class. Once a printer or class reaches the limit, new jobs
will be rejected until one of the active jobs is completed,
stopped, aborted, or canceled.
Setting the maximum to 0 disables this functionality. The default setting is 0.
MaxJobsPerUser 100 MaxJobsPerUser 9999 MaxJobsPerUser 0
The MaxJobsPerUser
directive controls the maximum
number of active jobs that are allowed for each user. Once a user
reaches the limit, new jobs will be rejected until one of the
active jobs is completed, stopped, aborted, or canceled.
Setting the maximum to 0 disables this functionality. The default setting is 0.
MaxJobTime 10800 MaxJobTime 3h MaxJobTime 180m MaxJobTime 0
The MaxJobTime
directive controls the maximum number of
seconds allowed for a job to complete printing before it is considered "stuck".
The job is canceled automatically if it takes longer than the specified time to complete in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
Setting the maximum time to 0
disables this functionality. The default setting is 3h
(3 hours).
MaxLogSize 1048576 MaxLogSize 1m MaxLogSize 0
The MaxLogSize
directive controls the maximum
size of each log file. Once a log file reaches or exceeds the
maximum size it is closed and renamed to filename.O.
This allows you to rotate the logs automatically. The default
size is 1048576 bytes (1MB).
Setting the maximum size to 0 disables log rotation.
MaxRequestSize 10485760 MaxRequestSize 10m MaxRequestSize 0
The MaxRequestSize
directive controls the maximum
size of print files, IPP requests, and HTML form data in HTTP
POST requests. The default limit is 0 which disables the limit
check.
This directive is deprecated and will be removed in a
future CUPS release. Use the LimitRequestBody
directive instead.
MultipleOperationTimeout 1w MultipleOperationTimeout 1d MultipleOperationTimeout 1h MultipleOperationTimeout 5m MultipleOperationTimeout 300
The MultipleOperationTimeout
directive sets the maximum amount of time between files in a multi-file print job in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default is 5m
(five minutes).
<Location /path> ... Order Allow,Deny Order Deny,Allow </Location>
The Order
directive defines the default access
control. The following values are supported:
allow,deny
- Deny requests by default,
then check the Allow
lines followed by the Deny
linesdeny,allow
- Allow requests by default,
then check the Deny
lines followed by the Allow
linesThe Order
directive must appear inside a Location
or Limit
section.
PageLogFormat %p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides} PageLogFormat PAGE %p %u %j %P %C %{job-billing} %{job-originating-host-name}
The PageLogFormat
directive sets the format of lines
that are logged to the page log file. Sequences beginning with percent (%)
characters are replaced with the corresponding information, while all other
characters are copied literally. The following percent sequences are
recognized:
%%
: Inserts a single percent character.%{name}
: Inserts the value of the specified IPP
attribute.%C
: Inserts the number of copies for the current page.%P
: Inserts the current page number.%T
: Inserts the current date and time in common log
format.%j
: Inserts the job ID.%p
: Inserts the printer name.%u
: Inserts the username.The default is "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}".
PassEnv MY_ENV_VARIABLE
The PassEnv
directive specifies an environment
variable that should be passed to child processes. Normally, the
scheduler only passes the DYLD_LIBRARY_PATH
,
LD_ASSUME_KERNEL
, LD_LIBRARY_PATH
,
LD_PRELOAD
, NLSPATH
,
SHLIB_PATH
, TZ
, and VGARGS
environment variables to child processes.
<Policy name> <Limit operation ... operation> ... </Limit> <Limit operation ... operation> ... </Limit> <Limit All> ... </Limit> </Policy>
The Policy
directive specifies IPP operation
access control limits. Each policy contains 1 or more Limit
sections to set the
access control limits for specific operations - user limits,
authentication, encryption, and allowed/denied addresses,
domains, or hosts. The <Limit All>
section
specifies the default access control limits for operations that
are not listed.
Policies are named and associated with printers via the
printer's operation policy setting
(printer-op-policy
). The default policy for the
scheduler is specified using the DefaultPolicy
directive.
Port 631 Port 80
The Port
directive specifies a port to listen on.
Multiple Port
lines can be specified to listen on
multiple ports. The Port
directive is equivalent to
"Listen *:nnn
". The default port is 631.
Note:On systems that support IPv6, this directive will bind to both the IPv4 and IPv6 wildcard address.
PreserveJobHistory On PreserveJobHistory Off PreserveJobHistory 1w PreserveJobHistory 7d PreserveJobHistory 168h PreserveJobHistory 10080m PreserveJobHistory 604800
The PreserveJobHistory
directive controls whether the history of completed, canceled, or aborted print jobs is retained by the scheduler. A value of On
preserves job information until the administrator purges it with the cancel
command. A value of Off
removes the job information as soon as each job is completed, canceled, or aborted. Numeric values preserve job information for the specified number of seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default value is On
.
Note:The
MaxJobs
,MaxJobsPerPrinter
, andMaxJobsPerUser
directives can cause job history to be discarded to make room for new jobs.
PreserveJobFiles On PreserveJobFiles Off PreserveJobFiles 1w PreserveJobFiles 7d PreserveJobFiles 168h PreserveJobFiles 10080m PreserveJobFiles 604800
The PreserveJobFiles
directive controls whether the document files of completed, canceled, or aborted print jobs are retained. Jobs can be restarted (and reprinted) as desired until they are purged.
A value of On
preserves job files until the administrator purges them with the cancel
command. A value of Off
removes the job files as soon as each job is completed, canceled, or aborted. Numeric values preserve job files for the specified number of seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default value is 1d
(one day).
Note:The
MaxJobs
,MaxJobsPerPrinter
,MaxJobsPerUser
, andPreserveJobHistory
directives can cause job files to be discarded sooner than specified.
ReloadTimeout 0 ReloadTimeout 30
The ReloadTimeout
directive specifies the number
of seconds the scheduler will wait for active jobs to complete
before doing a restart. The default is 30 seconds.
<Location /path> ... Require group foo bar Require user john mary Require valid-user Require user @groupname Require user @SYSTEM Require user @OWNER </Location>
The Require
directive specifies that
authentication is required for the resource. The
group
keyword specifies that the authenticated user
must be a member of one or more of the named groups that
follow.
The user
keyword specifies that the
authenticated user must be one of the named users or groups that
follow. Group names are specified using the "@" prefix.
The valid-user
keyword specifies that any
authenticated user may access the resource.
The default is to do no authentication. This directive must
appear inside a Location
or
Limit
section.
RIPCache 128m RIPCache 1g RIPCache 2048k
The RIPCache
directive sets the size of the
memory cache used by Raster Image Processor ("RIP") filters such
as imagetoraster
and pstoraster
. The
size can be suffixed with a "k" for kilobytes, "m" for megabytes,
or "g" for gigabytes. The default cache size is "128m", or 128
megabytes.
RootCertDuration 0 RootCertDuration 1w RootCertDuration 1d RootCertDuration 1h RootCertDuration 5m RootCertDuration 300
The RootCertDuration
directive specifies the amount of time the root certificate remains valid in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix). The scheduler will generate a new certificate as needed when the given time interval has expired. If set to 0, the root certificate is generated only once on startup or on a restart.
The default is 5m
(five minutes).
<Location /path> ... Satisfy all Satisfy any </Location>
The Satisfy
directive specifies whether all
conditions must be satisfied to allow access to the resource. If
set to all
, then all authentication and access
control conditions must be satisfied to allow access.
Setting Satisfy
to any
allows a user
to gain access if the authentication or access control
requirements are satisfied. For example, you might require
authentication for remote access, but allow local access without
authentication.
The default is all
. This directive must appear
inside a Location
or Limit
section.
ServerAdmin user@host ServerAdmin root@foo.bar.com
The ServerAdmin
directive identifies the email
address for the administrator on the system. By default the
administrator email address is root@server
, where
server
is the ServerName
.
ServerAlias althost ServerAlias foo.example.com ServerAlias bar.example.com ServerAlias one.example.com two.example.com ServerAlias *
The ServerAlias
directive specifies alternate names that the server is known by. By default it contains a list of all aliases associated with the ServerName
. The special name "*" can be used to allow any hostname when accessing CUPS via an external network interfaces.
NoteThe
ServerAlias
directive is used for HTTP Host header validation when clients connect to the scheduler from external interfaces. Using the special name "*" can expose your system to known browser-based DNS rebinding attacks, even when accessing sites through a firewall. If the auto-discovery of alternate names does not work, we recommend listing each alternate name with a ServerAlias directive instead of using "*".
ServerName foo.example.com ServerName myserver.example.com
The ServerName
directive specifies the hostname
that is reported to clients. By default the server name is the
hostname.
ServerTokens None ServerTokens ProductOnly ServerTokens Major ServerTokens Minor ServerTokens Minimal ServerTokens OS ServerTokens Full
The ServerTokens
directive specifies the
information that is included in the Server:
header
of all HTTP responses. Table 4 lists the token name along with
the text that is returned. The default is
Minimal
.
Name | Value |
---|---|
None | No Server: header is returned |
ProductOnly | "CUPS" |
Major | "CUPS 1" |
Minor | "CUPS 1.2" |
Minimal | "CUPS 1.2.N" where N is the patch release |
OS | "CUPS 1.2.N (UNAME)" where N is the patch release and UNAME is the output of the uname(1) command |
Full | "CUPS 1.2.N (UNAME) IPP/1.1" where N is the patch release and UNAME is the output of the uname(1) command |
SetEnv PATH /usr/lib/cups/filter:/bin:/usr/bin:/usr/local/bin SetEnv MY_ENV_VAR foo
The SetEnv
directive specifies an environment
variable that should be passed to child processes.
SSLListen 127.0.0.1:443 SSLListen 192.0.2.1:443
The SSLListen
directive specifies a network
address and port to listen for secure connections. Multiple
SSLListen
directives can be provided to listen on
multiple addresses.
The SSLListen
directive is similar to the SSLPort
directive but allows you
to restrict access to specific interfaces or networks.
SSLPort 443
The SSLPort
directive specifies a port to listen
on for secure connections. Multiple SSLPort
lines
can be specified to listen on multiple ports.
StrictConformance No StrictConformance Yes
The StrictConformance
directive specifies whether the scheduler
requires strict IPP conformance for client requests, for example to not allow
document attributes in a Create-Job request. The default is
No
.
SubscriptionPrivateAccess all SubscriptionPrivateAccess default SubscriptionPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
The SubscriptionPrivateAccess
directive specifies the access list for a
subscription's private values. The "default" access list is "@OWNER @SYSTEM".
"@ACL" maps to the printer's requesting-user-name-allowed or
requesting-user-name-denied values.
The SubscriptionPrivateAccess
directive must appear inside a Policy
section.
SubscriptionPrivateValues all SubscriptionPrivateValues default SubscriptionPrivateValues none SubscriptionPrivateValues attribute-name-1 [ ... attribute-name-N ]
The SubscriptionPrivateValues
directive specifies the list of
subscription values to make private. The "default" values are "notify-events",
"notify-pull-method", "notify-recipient-uri", "notify-subscriber-user-name", and
"notify-user-data".
The SubscriptionPrivateValues
directive must appear inside a Policy
section.
Timeout 1w Timeout 1d Timeout 1h Timeout 5m Timeout 300
The Timeout
directive controls the amount of time
to wait before an active HTTP or IPP request times out in seconds (no suffix), minutes ("m" suffix), hours ("h" suffix), days ("d" suffix), or weeks ("w" suffix).
The default timeout is 5m
(five minutes).
WebInterface Yes WebInterface No
The WebInterface
directive specifies whether the web interface is enabled. The default value is No
on OS X and Yes
on all other operating systems.