.\" which should have been included with this file. If this file is
.\" file is missing or damaged, see the license at "http://www.cups.org/".
.\"
-.TH cupsd.conf 5 "CUPS" "28 March 2014" "Apple Inc."
+.TH cupsd.conf 5 "CUPS" "20 October 2014" "Apple Inc."
.SH NAME
cupsd.conf \- server configuration file for cups
.SH DESCRIPTION
.I cupsd.conf
file configures the CUPS scheduler,
.BR cupsd (8).
-It is normally located in the \fI/etc/cups\fR directory. \fBNote:\fR File, directory, and user configuration directives that used to be allowed in the \fIcupsd.conf\fR file are now stored in the \fIcups-files.conf(5)\fR instead in order to prevent certain types of privilege escalation attacks.
+It is normally located in the
+.I /etc/cups
+directory.
+\fBNote:\fR File, directory, and user configuration directives that used to be allowed in the \fBcupsd.conf\fR file are now stored in the
+.BR cups-files.conf (5)
+file instead in order to prevent certain types of privilege escalation attacks.
.LP
-Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. The configuration directives are intentionally similar to those used by the popular Apache web server software and are described below.
-.SH TOP-LEVEL DIRECTIVES
-The following directives are understood by
-.B cupsd (8).
-Consult the online help (http://localhost:631/help) for detailed descriptions:
+Each line in the file can be a configuration directive, a blank line, or a comment.
+Configuration directives typically consist of a name and zero or more values separated by whitespace.
+The configuration directive name and values are case-insensitive.
+Comment lines start with the # character.
+.SS TOP-LEVEL DIRECTIVES
+The following top-level directives are understood by
+.BR cupsd (8):
.TP 5
-AccessLogLevel config
+\fBAccessLogLevel config\fR
.TP 5
-AccessLogLevel actions
+\fBAccessLogLevel actions\fR
.TP 5
-AccessLogLevel all
+\fBAccessLogLevel all\fR
Specifies the logging level for the AccessLog file.
+The "config" level logs when printers and classes are added, deleted, or modified and when configuration files are accessed or updated.
+The "actions" level logs when print jobs are submitted, held, released, modified, or canceled, and any of the conditions for "config".
+The "all" level logs all requests.
+The default access log level is "actions".
.TP 5
-AutoPurgeJobs Yes
+\fBAutoPurgeJobs Yes\fR
.TP 5
-AutoPurgeJobs No
+\fBAutoPurgeJobs No\fR
.br
-Specifies whether to purge job history data automatically when
-it is no longer required for quotas.
+Specifies whether to purge job history data automatically when it is no longer required for quotas.
+The default is "No".
.TP 5
-BrowseLocalProtocols [
-.I All
-] [
-.I DNSSD
-]
-Specifies the protocols to use for local printer sharing.
+\fBBrowseLocalProtocols all\fR
.TP 5
-BrowseWebIF Yes
+\fBBrowseLocalProtocols dnssd\fR
.TP 5
-BrowseWebIF No
+\fBBrowseLocalProtocols none\fR
+Specifies which protocols to use for local printer sharing.
+The default is "dnssd" on systems that support Bonjour and "none" otherwise.
+.TP 5
+\fBBrowseWebIF Yes\fR
+.TP 5
+\fBBrowseWebIF No\fR
.br
-Specifies whether the CUPS web interface is advertised via DNS-SD.
+Specifies whether the CUPS web interface is advertised.
+The default is "No".
.TP 5
-Browsing Yes
+\fBBrowsing Yes\fR
.TP 5
-Browsing No
+\fBBrowsing No\fR
.br
-Specifies whether or not shared printers should be advertised.
+Specifies whether shared printers are advertised.
+The default is "No".
.TP 5
-Classification banner
+\fBClassification \fIbanner\fR
.br
Specifies the security classification of the server.
+Any valid banner name can be used, including "classified", "confidential", "secret", "topsecret", and "unclassified", or the banner can be omitted to disable secure printing functions.
+The default is no classification banner.
.TP 5
-ClassifyOverride Yes
+\fBClassifyOverride Yes\fR
.TP 5
-ClassifyOverride No
+\fBClassifyOverride No\fR
.br
-Specifies whether to allow users to override the classification
-of individual print jobs.
+Specifies whether users may override the classification (cover page) of individual print jobs using the "job-sheets" option.
+The default is "No".
.TP 5
-DefaultAuthType Basic
+\fBDefaultAuthType Basic\fR
.TP 5
-DefaultAuthType Negotiate
+\fBDefaultAuthType Negotiate\fR
.br
Specifies the default type of authentication to use.
+The default is "Basic".
.TP 5
-DefaultEncryption Never
+\fBDefaultEncryption Never\fR
.TP 5
-DefaultEncryption IfRequested
+\fBDefaultEncryption IfRequested\fR
.TP 5
-DefaultEncryption Required
-Specifies the type of encryption to use for authenticated requests.
+\fBDefaultEncryption Required\fR
+Specifies whether encryption will be used for authenticated requests.
+The default is "Required".
.TP 5
-DefaultLanguage locale
+\fBDefaultLanguage \fIlocale\fR
Specifies the default language to use for text and web content.
+The default is "en".
.TP 5
-DefaultPaperSize Auto
+\fBDefaultPaperSize Auto\fR
.TP 5
-DefaultPaperSize None
+\fBDefaultPaperSize None\fR
.TP 5
-DefaultPaperSize sizename
-Specifies the default paper size for new print queues. "Auto" uses a locale-
-specific default, while "None" specifies there is no default paper size.
+\fBDefaultPaperSize \fIsizename\fR
+Specifies the default paper size for new print queues. "Auto" uses a locale-specific default, while "None" specifies there is no default paper size.
+Specific size names are typically "Letter" or "A4".
+The default is "Auto".
.TP 5
-DefaultPolicy policy-name
+\fBDefaultPolicy \fIpolicy-name\fR
Specifies the default access policy to use.
+The default access policy is "default".
.TP 5
-DefaultShared Yes
+\fBDefaultShared Yes\fR
.TP 5
-DefaultShared No
+\fBDefaultShared No\fR
Specifies whether local printers are shared by default.
+The default is "Yes".
+.TP 5
+\fBDirtyCleanInterval \fIseconds\fR
+Specifies the delay for updating of configuration and state files.
+A value of 0 causes the update to happen as soon as possible, typically within a few milliseconds.
+The default value is "30".
+.TP 5
+\fBErrorPolicy abort-job\fR
+Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
+.TP 5
+\fBErrorPolicy retry-job\fR
+Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
+.TP 5
+\fBErrorPolicy retry-this-job\fR
+Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
+.TP 5
+\fBErrorPolicy stop-printer\fR
+Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
+.TP 5
+\fBFilterLimit \fIlimit\fR
+Specifies the maximum cost of filters that are run concurrently, which can be used to minimize disk, memory, and CPU resource problems.
+A limit of 0 disables filter limiting.
+An average print to a non-PostScript printer needs a filter limit of about 200.
+A PostScript printer needs about half that (100).
+Setting the limit below these thresholds will effectively limit the scheduler to printing a single job at any time.
+The default limit is "0".
+.TP 5
+\fBFilterNice \fInice-value\fR
+Specifies the scheduling priority (
+.BR nice (8)
+value) of filters that are run to print a job.
+The nice value ranges from 0, the highest priority, to 19, the lowest priority.
+The default is 0.
+.TP 5
+\fBGSSServiceName \fIname\fR
+Specifies the service name when using Kerberos authentication.
+The default service name is "http."
+.TP 5
+\fBHostNameLookups On\fR
+.TP 5
+\fBHostNameLookups Off\fR
+.TP 5
+\fBHostNameLookups Double\fR
+Specifies whether to do reverse lookups on connecting clients.
+The "Double" setting causes
+.BR cupsd (8)
+to verify that the hostname resolved from the address matches one of the addresses returned for that hostname.
+Double lookups also prevent clients with unregistered addresses from connecting to your server.
+The default is "Off" to avoid the potential server performance problems with hostname lookups.
+Only set this option to "On" or "Double" if absolutely required.
+.TP 5
+\fBJobKillDelay \fIseconds\fR
+Specifies the number of seconds to wait before killing the filters and backend associated with a canceled or held job.
+The default is "30".
+.TP 5
+\fBJobRetryInterval \fIseconds\fR
+Specifies the interval between retries of jobs in seconds.
+This is typically used for fax queues but can also be used with normal print queues whose error policy is "retry-job" or "retry-current-job".
+The default is "30".
.TP 5
-DirtyCleanInterval seconds
-Specifies the delay for updating of configuration and state files. A value of 0
-causes the update to happen as soon as possible, typically within a few
-milliseconds.
+\fBJobRetryLimit \fIcount\fR
+Specifies the number of retries that are done for jobs.
+This is typically used for fax queues but can also be used with normal print queues whose error policy is "retry-job" or "retry-current-job".
+The default is "5".
.TP 5
-FilterLimit limit
-Specifies the maximum cost of filters that are run concurrently.
+\fBKeepAlive Yes\fR
.TP 5
-FilterNice nice-value
-Specifies the scheduling priority ("nice" value) of filters that
-are run to print a job.
+\fBKeepAlive No\fR
+Specifies whether to support HTTP keep-alive connections.
+The default is "Yes".
.TP 5
-GSSServiceName name
-Specifies the service name when using Kerberos authentication. The default
-service name is "http".
+\fBKeepAliveTimeout \fIseconds\fR
+Specifies how long an idle client connection remains open.
+The default is "30".
.TP 5
-HostNameLookups On
+\fB<Limit \fIoperation \fR...\fB> \fR... \fB</Limit>\fR
+Specifies the IPP operations that are being limited inside a Policy section. IPP operation names are listed below in the section "IPP OPERATIONS".
.TP 5
-HostNameLookups Off
+\fB<Limit \fImethod \fR...\fB> \fR... \fB</Limit>\fR
.TP 5
-HostNameLookups Double
-Specifies whether or not to do reverse lookups on client addresses.
+\fB<LimitExcept \fImethod \fR...\fB> \fR... \fB</LimitExcept>\fR
+Specifies the HTTP methods that are being limited inside a Location section. HTTP method names are listed below in the section "HTTP METHODS".
.TP 5
-Include filename
-Includes the named file.
+\fBLimitRequestBody \fIsize\fR
+Specifies the maximum size of print files, IPP requests, and HTML form data.
+The default is "0" which disables the limit check.
.TP 5
-JobKillDelay seconds
-Specifies the number of seconds to wait before killing the filters and backend
-associated with a canceled or held job.
+\fBListen \fIipv4-address\fB:\fIport\fR
.TP 5
-JobRetryInterval seconds
-Specifies the interval between retries of jobs in seconds.
+\fBListen [\fIipv6-address\fB]:\fIport\fR
.TP 5
-JobRetryLimit count
-Specifies the number of retries that are done for jobs.
+\fBListen *:\fIport\fR
.TP 5
-KeepAlive Yes
+\fBListen \fI/path/to/domain/socket\fR
+Listens to the specified address and port or domain socket path for connections.
+Multiple Listen directives can be provided to listen on multiple addresses.
+The Listen directive is similar to the Port directive but allows you to restrict access to specific interfaces or networks.
.TP 5
-KeepAlive No
-Specifies whether to support HTTP keep-alive connections.
+\fBListenBackLog \fInumber\fR
+Specifies the number of pending connections that will be allowed.
+This normally only affects very busy servers that have reached the MaxClients limit, but can also be triggered by large numbers of simultaneous connections.
+When the limit is reached, the operating system will refuse additional connections until the scheduler can accept the pending ones.
+The default is the OS-defined default limit, typically either "5" for older operating systems or "128" for newer operating systems.
.TP 5
-KeepAliveTimeout seconds
-Specifies the amount of time that connections are kept alive.
+\fB<Location \fI/path\fB> \fR... \fB</Location>\fR
+Specifies access control for the named location.
+Paths are documented below in the section "LOCATION PATHS".
.TP 5
-<Limit operations> ... </Limit>
-Specifies the IPP operations that are being limited inside a policy.
+\fBLogDebugHistory \fInumber\fR
+Specifies the number of debugging messages that are retained for logging if an error occurs in a print job. Debug messages are logged regardless of the LogLevel setting.
.TP 5
-<Limit methods> ... </Limit>
+\fBLogLevel \fRnone
.TP 5
-<LimitExcept methods> ... </LimitExcept>
-Specifies the HTTP methods that are being limited inside a location.
+\fBLogLevel \fRemerg
.TP 5
-LimitRequestBody
-Specifies the maximum size of any print job request.
+\fBLogLevel \fRalert
.TP 5
-Listen ip-address:port
+\fBLogLevel \fRcrit
.TP 5
-Listen *:port
+\fBLogLevel \fRerror
.TP 5
-Listen /path/to/domain/socket
-Listens to the specified address and port or domain socket path.
+\fBLogLevel \fRwarn
.TP 5
-<Location /path> ... </Location>
-Specifies access control for the named location.
+\fBLogLevel \fRnotice
.TP 5
-LogDebugHistory #-messages
-Specifies the number of debugging messages that are logged when an error
-occurs in a print job.
+\fBLogLevel \fRinfo
.TP 5
-LogLevel alert
+\fBLogLevel \fRdebug
.TP 5
-LogLevel crit
+\fBLogLevel \fRdebug2
+Specifies the level of logging for the ErrorLog file.
+The value "none" stops all logging while "debug2" logs everything.
+The default is "warn".
.TP 5
-LogLevel debug2
+\fBLogTimeFormat \fRstandard
.TP 5
-LogLevel debug
+\fBLogTimeFormat \fRusecs
+Specifies the format of the date and time in the log files.
+The value "standard" is the default and logs whole seconds while "usecs" logs microseconds.
.TP 5
-LogLevel emerg
+\fBMaxClients \fInumber\fR
+Specifies the maximum number of simultaneous clients that are allowed by the scheduler.
+The default is "100".
.TP 5
-LogLevel error
+\fBMaxClientsPerHost \fInumber\fR
+Specifies the maximum number of simultaneous clients that are allowed from a
+single address.
+The default is the MaxClients value.
.TP 5
-LogLevel info
+\fBMaxCopies \fInumber\fR
+Specifies the maximum number of copies that a user can print of each job.
+The default is "9999".
+.TP 5
+\fBMaxHoldTime \fIseconds\fR
+Specifies the maximum time a job may remain in the "indefinite" hold state before it is canceled.
+The default is "0" which disables cancellation of held jobs.
+.TP 5
+\fBMaxJobs \fInumber\fR
+Specifies the maximum number of simultaneous jobs that are allowed.
+Set to "0" to allow an unlimited number of jobs.
+The default is "500".
+.TP 5
+\fBMaxJobsPerPrinter \fInumber\fR
+Specifies the maximum number of simultaneous jobs that are allowed per printer.
+The default is "0" which allows up to MaxJobs jobs per printer.
+.TP 5
+\fBMaxJobsPerUser \fInumber\fR
+Specifies the maximum number of simultaneous jobs that are allowed per user.
+The default is "0" which allows up to MaxJobs jobs per user.
+.TP 5
+\fBMaxJobTime \fIseconds\fR
+Specifies the maximum time a job may take to print before it is canceled.
+Set to "0" to disable cancellation of "stuck" jobs.
+The default is "10800" (3 hours).
+.TP 5
+\fBMaxLogSize \fIsize\fR
+Specifies the maximum size of the log files before they are rotated.
+The value "0" disables log rotation.
+The default is "1048576" (1MB).
+.TP 5
+\fBMultipleOperationTimeout \fIseconds\fR
+Specifies the maximum amount of time to allow between files in a multiple file print job.
+The default is "300" (5 minutes).
+.TP 5
+\fBPageLogFormat \fIformat-string\fR
+Specifies the format of PageLog lines.
+Sequences beginning with percent (%) characters are replaced with the corresponding information, while all other characters are copied literally.
+The following percent sequences are recognized:
+.nf
+
+ "%%" inserts a single percent character.
+ "%{name}" inserts the value of the specified IPP attribute.
+ "%C" inserts the number of copies for the current page.
+ "%P" inserts the current page number.
+ "%T" inserts the current date and time in common log format.
+ "%j" inserts the job ID.
+ "%p" inserts the printer name.
+ "%u" inserts the username.
+
+.fi
+The default is "%p %u %j %T %P %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}".
+.TP 5
+\fBPassEnv \fIvariable \fR[ ... \fIvariable \fR]
+Passes the specified environment variable(s) to child processes.
.TP 5
-LogLevel none
+\fB<Policy \fIname\fB> \fR... \fB</Policy>\fR
+Specifies access control for the named policy.
.TP 5
-LogLevel notice
+\fBPort \fInumber\fR
+Listens to the specified port number for connections.
.TP 5
-LogLevel warn
-Specifies the logging level for the ErrorLog file.
+\fBPreserveJobFiles Yes\fR
.TP 5
-LogTimeFormat standard
+\fBPreserveJobFiles No\fR
.TP 5
-LogTimeFormat usecs
-Specifies the format of the date and time in the log files.
+\fBPreserveJobFiles \fIseconds\fR
+Specifies whether job files (documents) are preserved after a job is printed.
+If a numeric value is specified, job files are preserved for the indicated number of seconds after printing.
+The default is "86400" (preserve 1 day).
.TP 5
-MaxClients number
-Specifies the maximum number of simultaneous clients to support.
+\fBPreserveJobHistory Yes\fR
.TP 5
-MaxClientsPerHost number
-Specifies the maximum number of simultaneous clients to support from a
-single address.
+\fBPreserveJobHistory No\fR
.TP 5
-MaxCopies number
-Specifies the maximum number of copies that a user can print of each job.
+\fBPreserveJobHistory \fIseconds\fR
+Specifies whether the job history is preserved after a job is printed.
+If a numeric value is specified, the job history is preserved for the indicated number of seconds after printing.
+If "Yes", the job history is preserved until the MaxJobs limit is reached.
+The default is "Yes".
.TP 5
-MaxHoldTime seconds
-Specifies the maximum time a job may remain in the "indefinite" hold state
-before it is canceled. Set to 0 to disable cancellation of held jobs.
+\fBReloadTimeout \fIseconds\fR
+Specifies the amount of time to wait for job completion before restarting the scheduler.
+The default is "30".
.TP 5
-MaxJobs number
-Specifies the maximum number of simultaneous jobs to support.
+\fBRIPCache \fIsize\fR
+Specifies the maximum amount of memory to use when converting documents into bitmaps for a printer.
+The default is "128m".
.TP 5
-MaxJobsPerPrinter number
-Specifies the maximum number of simultaneous jobs per printer to support.
+\fBServerAdmin \fIemail-address\fR
+Specifies the email address of the server administrator.
+The default value is "root@ServerName".
.TP 5
-MaxJobsPerUser number
-Specifies the maximum number of simultaneous jobs per user to support.
+\fBServerAlias \fIhostname \fR[ ... \fIhostname \fR]
.TP 5
-MaxJobTime seconds
-Specifies the maximum time a job may take to print before it is canceled. The
-default is 10800 seconds (3 hours). Set to 0 to disable cancellation of "stuck"
-jobs.
+\fBServerAlias *\fR
+The ServerAlias directive is used for HTTP Host header validation when clients connect to the scheduler from external interfaces.
+Using the special name "*" can expose your system to known browser-based DNS rebinding attacks, even when accessing sites through a firewall.
+If the auto-discovery of alternate names does not work, we recommend listing each alternate name with a ServerAlias directive instead of using "*".
.TP 5
-MaxLogSize number-bytes
-Specifies the maximum size of the log files before they are
-rotated (0 to disable rotation)
+\fBServerName \fIhostname\fR
+Specifies the fully-qualified hostname of the server.
+The default is the value reported by the
+.BR hostname (1)
+command.
.TP 5
-MaxRequestSize number-bytes
-Specifies the maximum request/file size in bytes (0 for no limit)
+\fBServerTokens None\fR
.TP 5
-MultipleOperationTimeout seconds
-Specifies the maximum amount of time to allow between files in a multiple file
-print job.
+\fBServerTokens ProductOnly\fR
.TP 5
-PageLogFormat format string
-Specifies the format of page log lines.
+\fBServerTokens Major\fR
.TP 5
-PassEnv variable [... variable]
-Passes the specified environment variable(s) to child processes.
+\fBServerTokens Minor\fR
.TP 5
-<Policy name> ... </Policy>
-Specifies access control for the named policy.
+\fBServerTokens Minimal\fR
.TP 5
-Port number
-Specifies a port number to listen to for HTTP requests.
+\fBServerTokens OS\fR
.TP 5
-PreserveJobFiles Yes
+\fBServerTokens Full\fR
+Specifies what information is included in the Server header of HTTP responses.
+"None" disables the Server header.
+"ProductOnly" reports "CUPS".
+"Major" reports "CUPS 2".
+"Minor" reports "CUPS 2.0".
+"Minimal" reports "CUPS 2.0.0".
+"OS" reports "CUPS 2.0.0 (UNAME)" where UNAME is the output of the
+.BR uname (1)
+command.
+"Full" reports "CUPS 2.0.0 (UNAME) IPP/2.0".
+The default is "Minimal".
.TP 5
-PreserveJobFiles No
-Specifies whether or not to preserve job files after they are printed.
+\fBSetEnv \fIvariable value\fR
+Set the specified environment variable to be passed to child processes.
.TP 5
-PreserveJobHistory Yes
.TP 5
-PreserveJobHistory No
-Specifies whether or not to preserve the job history after they are
-printed.
+\fBSSLListen \fIipv4-address\fB:\fIport\fR
.TP 5
-PrintcapFormat bsd
+\fBSSLListen [\fIipv6-address\fB]:\fIport\fR
.TP 5
-PrintcapFormat plist
+\fBSSLListen *:\fIport\fR
+Listens on the specified address and port for encrypted connections.
.TP 5
-PrintcapFormat solaris
-Specifies the format of the printcap file.
+\fBSSLOptions \fR[\fIAllowRC4\fR] [\fIAllowSSL3\fR]
.TP 5
-ReloadTimeout seconds
-Specifies the amount of time to wait for job completion before
-restarting the scheduler.
+\fBSSLOptions None\fR
+Sets encryption options.
+By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites.
+The \fIAllowRC4\fR option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones.
+The \fIAllowSSL3\fR option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.
.TP 5
-RIPCache bytes
-Specifies the maximum amount of memory to use when converting images
-and PostScript files to bitmaps for a printer.
+\fBSSLPort \fIport\fR
+Listens on the specified port for encrypted connections.
.TP 5
-Satisfy all
+\fBStrictConformance Yes\fR
.TP 5
-Satisfy any
-Specifies whether all or any limits set for a Location must be
-satisfied to allow access.
+\fBStrictConformance No\fR
+Specifies whether the scheduler requires clients to strictly adhere to the IPP specifications.
+The default is "No".
.TP 5
-ServerAdmin user@domain.com
-Specifies the email address of the server administrator.
+\fBTimeout \fIseconds\fR
+Specifies the HTTP request timeout.
+The default is "300" (5 minutes).
.TP 5
-ServerAlias hostname [... hostname]
+\fBWebInterface yes\fR
.TP 5
-ServerAlias *
-Specifies an alternate name that the server is known by. The special name "*"
-allows any name to be used.
+\fBWebInterface no\fR
+Specifies whether the web interface is enabled.
+The default is "No".
+.SS HTTP METHOD NAMES
+The following HTTP methods are supported by
+.BR cupsd (8):
.TP 5
-ServerName hostname-or-ip-address
-Specifies the fully-qualified hostname of the server.
+GET
+Used by a client to download icons and other printer resources and to access the CUPS web interface.
.TP 5
-ServerTokens Full
+HEAD
+Used by a client to get the type, size, and modification date of resources.
.TP 5
-ServerTokens Major
+OPTIONS
+Used by a client to establish a secure (SSL/TLS) connection.
.TP 5
-ServerTokens Minimal
+POST
+Used by a client to submit IPP requests and HTML forms from the CUPS web interface.
.TP 5
-ServerTokens Minor
+PUT
+Used by a client to upload configuration files.
+.SS IPP OPERATION NAMES
+The following IPP operations are supported by
+.BR cupsd (8):
.TP 5
-ServerTokens None
+CUPS\-Accept\-Jobs
+Allows a printer to accept new jobs.
.TP 5
-ServerTokens OS
+CUPS\-Add\-Modify\-Class
+Adds or modifies a printer class.
.TP 5
-ServerTokens ProductOnly
-Specifies what information is included in the Server header of HTTP
-responses.
+CUPS\-Add\-Modify\-Printer
+Adds or modifies a printer.
.TP 5
-SetEnv variable value
-Set the specified environment variable to be passed to child processes.
+CUPS\-Authenticate\-Job
+Releases a job that is held for authentication.
.TP 5
-SSLListen
-Listens on the specified address and port for encrypted connections.
+CUPS\-Delete\-Class
+Deletes a printer class.
.TP 5
-SSLPort
-Listens on the specified port for encrypted connections.
+CUPS\-Delete\-Printer
+Deletes a printer.
.TP 5
-StrictConformance Yes
+CUPS\-Get\-Classes
+Gets a list of printer classes.
.TP 5
-StrictConformance No
-Specifies whether the scheduler requires clients to strictly adhere to the IPP
-specifications. The default is No.
+CUPS\-Get\-Default
+Gets the server default printer or printer class.
.TP 5
-Timeout seconds
-Specifies the HTTP request timeout in seconds.
+CUPS\-Get\-Devices
+Gets a list of devices that are currently available.
.TP 5
-WebInterface yes
+CUPS\-Get\-Document
+Gets a document file for a job.
.TP 5
-WebInterface no
-Specifies whether the web interface is enabled.
-.SH DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS
-The following directives may be placed inside Location and Limit sections in the \fIcupsd.conf\fR file:
+CUPS\-Get\-PPD
+Gets a PPD file.
+.TP 5
+CUPS\-Get\-PPDs
+Gets a list of installed PPD files.
+.TP 5
+CUPS\-Get\-Printers
+Gets a list of printers.
+.TP 5
+CUPS\-Move\-Job
+Moves a job.
+.TP 5
+CUPS\-Reject\-Jobs
+Prevents a printer from accepting new jobs.
+.TP 5
+CUPS\-Set\-Default
+Sets the server default printer or printer class.
+.TP 5
+Cancel\-Job
+Cancels a job.
+.TP 5
+Cancel\-Jobs
+Cancels one or more jobs.
+.TP 5
+Cancel\-My\-Jobs
+Cancels one or more jobs creates by a user.
+.TP 5
+Cancel\-Subscription
+Cancels a subscription.
+.TP 5
+Close\-Job
+Closes a job that is waiting for more documents.
+.TP 5
+Create\-Job
+Creates a new job with no documents.
+.TP 5
+Create\-Job\-Subscriptions
+Creates a subscription for job events.
+.TP 5
+Create\-Printer\-Subscriptions
+Creates a subscription for printer events.
+.TP 5
+Get\-Job\-Attributes
+Gets information about a job.
+.TP 5
+Get\-Jobs
+Gets a list of jobs.
+.TP 5
+Get\-Notifications
+Gets a list of event notifications for a subscription.
+.TP 5
+Get\-Printer\-Attributes
+Gets information about a printer or printer class.
+.TP 5
+Get\-Subscription\-Attributes
+Gets information about a subscription.
+.TP 5
+Get\-Subscriptions
+Gets a list of subscriptions.
+.TP 5
+Hold\-Job
+Holds a job from printing.
+.TP 5
+Hold\-New\-Jobs
+Holds all new jobs from printing.
+.TP 5
+Pause\-Printer
+Stops processing of jobs by a printer or printer class.
+.TP 5
+Pause\-Printer\-After\-Current\-Job
+Stops processing of jobs by a printer or printer class after the current job is finished.
+.TP 5
+Print\-Job
+Creates a new job with a single document.
+.TP 5
+Purge\-Jobs
+Cancels one or more jobs and deletes the job history.
+.TP 5
+Release\-Held\-New\-Jobs
+Allows previously held jobs to print.
+.TP 5
+Release\-Job
+Allows a job to print.
+.TP 5
+Renew\-Subscription
+Renews a subscription.
+.TP 5
+Restart\-Job
+Reprints a job, if possible.
+.TP 5
+Send\-Document
+Adds a document to a job.
+.TP 5
+Set\-Job\-Attributes
+Changes job information.
+.TP 5
+Set\-Printer\-Attributes
+Changes printer or printer class information.
+.TP 5
+Validate\-Job
+Validates options for a new job.
+.SS LOCATION PATHS
+The following paths are commonly used when configuring
+.BR cupsd (8):
+.TP 5
+/
+The path for all get operations (get-printers, get-jobs, etc.)
+.TP 5
+/admin
+The path for all administration operations (add-printer, delete-printer, start-printer, etc.)
+.TP 5
+/admin/conf
+The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.)
+.TP 5
+/admin/log
+The path for access to the CUPS log files (access_log, error_log, page_log)
+.TP 5
+/classes
+The path for all printer classes
+.TP 5
+/classes/name
+The resource for the named printer class
+.TP 5
+/jobs
+The path for all jobs (hold-job, release-job, etc.)
+.TP 5
+/jobs/id
+The path for the specified job.
+.TP 5
+/printers
+The path for all printers
+.TP 5
+/printers/name
+The path for the named printer
+.TP 5
+/printers/name.png
+The icon file path for the named printer
+.TP 5
+/printers/name.ppd
+The PPD file path for the named printer
+.SS DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS
+The following directives may be placed inside Location and Limit sections in the \fBcupsd.conf\fR file:
+.TP 5
+\fBAllow all\fR
+.TP 5
+\fBAllow none\fR
+.TP 5
+\fBAllow \fIhost.domain.com\fR
+.TP 5
+\fBAllow *.\fIdomain.com\fR
+.TP 5
+\fBAllow \fIipv4-address\fR
+.TP 5
+\fBAllow \fIipv4-address\fB/\fInetmask\fR
+.TP 5
+\fBAllow \fIipv4-address\fB/\fImm\fR
.TP 5
-Allow all
+\fBAllow [\fIipv6-address\fB]\fR
.TP 5
-Allow none
+\fBAllow [\fIipv6-address\fB]/\fImm\fR
.TP 5
-Allow host.domain.com
+\fBAllow @IF(\fIname\fB)\fR
.TP 5
-Allow *.domain.com
+\fBAllow @LOCAL\fR
+Allows access from the named hosts, domains, addresses, or interfaces.
+The Order directive controls whether Allow lines are evaluated before or after Deny lines.
.TP 5
-Allow ip-address
+\fBAuthType None\fR
.TP 5
-Allow ip-address/netmask
+\fBAuthType Basic\fR
.TP 5
-Allow ip-address/mm
+\fBAuthType Default\fR
.TP 5
-Allow @IF(name)
+\fBAuthType Negotiate\fR
+Specifies the type of authentication required.
+The value "Default" corresponds to the DefaultAuthType value.
.TP 5
-Allow @LOCAL
-Allows access from the named hosts or addresses.
+\fBDeny all\fR
.TP 5
-AuthType None
+\fBDeny none\fR
.TP 5
-AuthType Basic
+\fBDeny \fIhost.domain.com\fR
.TP 5
-AuthType Negotiate
-Specifies the authentication type (None, Basic, or Negotiate)
+\fBDeny *.\fIdomain.com\fR
.TP 5
-Deny all
+\fBDeny \fIipv4-address\fR
.TP 5
-Deny none
+\fBDeny \fIipv4-address\fB/\fInetmask\fR
.TP 5
-Deny host.domain.com
+\fBDeny \fIipv4-address\fB/\fImm\fR
.TP 5
-Deny *.domain.com
+\fBDeny [\fIipv6-address\fB]\fR
.TP 5
-Deny ip-address
+\fBDeny [\fIipv6-address\fB]/\fImm\fR
.TP 5
-Deny ip-address/netmask
+\fBDeny @IF(\fIname\fB)\fR
.TP 5
-Deny ip-address/mm
+\fBDeny @LOCAL\fR
+Denies access from the named hosts, domains, addresses, or interfaces.
+The Order directive controls whether Deny lines are evaluated before or after Allow lines.
.TP 5
-Deny @IF(name)
+\fBEncryption IfRequested\fR
.TP 5
-Deny @LOCAL
-Denies access to the named host or address.
+\fBEncryption Never\fR
.TP 5
-Encryption IfRequested
+\fBEncryption Required\fR
+Specifies the level of encryption that is required for a particular location.
+The default value is "IfRequested".
.TP 5
-Encryption Never
+\fBOrder allow,deny\fR
+Specifies that access is denied by default. Allow lines are then processed followed by Deny lines to determine whether a client may access a particular resource.
.TP 5
-Encryption Required
-Specifies the level of encryption that is required for a particular
-location.
+\fBOrder deny,allow\fR
+Specifies that access is allowed by default. Deny lines are then processed followed by Allow lines to determine whether a client may access a particular resource.
.TP 5
-Order allow,deny
+\fBRequire group \fIgroup-name \fR[ \fIgroup-name \fR... ]
+Specifies that an authenticated user must be a member of one of the named groups.
.TP 5
-Order deny,allow
-Specifies the order of HTTP access control (allow,deny or deny,allow)
+\fBRequire user {\fIuser-name\fR|\fB@\fIgroup-name\fR} ...
+Specifies that an authenticated user must match one of the named users or be a member of one of the named groups.
+The group name "@SYSTEM" corresponds to the list of groups defined by the SystemGroup directive in the
+.BR cups-files.conf (5)
+file.
+The group name "@OWNER" corresponds to the owner of the resource, for example the person that submitted a print job.
.TP 5
-Require group group-name-list
+\fBRequire valid-user\fR
+Specifies that any authenticated user is acceptable.
.TP 5
-Require user user-name-list
+\fBSatisfy all\fR
+Specifies that all Allow, AuthType, Deny, Order, and Require conditions must be satisfied to allow access.
.TP 5
-Require valid-user
-Specifies that user or group authentication is required.
-.SH DIRECTIVES VALID WITHIN POLICY SECTIONS
-The following directives may be placed inside Policy sections in the \fIcupsd.conf\fR file:
+\fBSatisfy any\fR
+Specifies that any a client may access a resource if either the authentication (AuthType/Require) or address (Allow/Deny/Order) conditions are satisfied.
+For example, this can be used to require authentication only for remote accesses.
+.SS DIRECTIVES VALID WITHIN POLICY SECTIONS
+The following directives may be placed inside Policy sections in the \fBcupsd.conf\fR file:
.TP 5
-JobPrivateAccess all
+\fBJobPrivateAccess all\fR
.TP 5
-JobPrivateAccess default
+\fBJobPrivateAccess default\fR
.TP 5
-JobPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
-Specifies an access list for a job's private values. The "default" access list is "@OWNER @SYSTEM". "@ACL" maps to the printer's requesting-user-name-allowed or requesting-user-name-denied values.
+\fBJobPrivateAccess \fR{\fIuser\fR|\fB@\fIgroup\fR|\fB@ACL\fR|\fB@OWNER\fR|\fB@SYSTEM\fR} ...
+Specifies an access list for a job's private values.
+The "default" access list is "@OWNER @SYSTEM".
+"@ACL" maps to the printer's requesting-user-name-allowed or requesting-user-name-denied values.
+"@OWNER" maps to the job's owner.
+"@SYSTEM" maps to the groups listed for the SystemGroup directive in the
+.BR cups-files.conf (5)
+file.
.TP 5
-JobPrivateValues all
+\fBJobPrivateValues all\fR
.TP 5
-JobPrivateValues default
+\fBJobPrivateValues default\fR
.TP 5
-JobPrivateValues none
+\fBJobPrivateValues none\fR
.TP 5
-JobPrivateValues attribute-name-1 [ ... attribute-name-N ]
-Specifies the list of job values to make private. The "default" values are "job-name", "job-originating-host-name", and "job-originating-user-name".
+\fBJobPrivateValues \fIattribute-name \fR[ ... \fIattribute-name \fR]
+Specifies the list of job values to make private.
+The "default" values are "job-name", "job-originating-host-name", "job-originating-user-name", and "phone".
.TP 5
-SubscriptionPrivateAccess all
+\fBSubscriptionPrivateAccess all\fR
.TP 5
-SubscriptionPrivateAccess default
+\fBSubscriptionPrivateAccess default\fR
.TP 5
-SubscriptionPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
-Specifies an access list for a subscription's private values. The "default"
-access list is "@OWNER @SYSTEM". "@ACL" maps to the printer's
-requesting-user-name-allowed or requesting-user-name-denied values.
+\fBSubscriptionPrivateAccess \fR{\fIuser\fR|\fB@\fIgroup\fR|\fB@ACL\fR|\fB@OWNER\fR|\fB@SYSTEM\fR} ...
+Specifies an access list for a subscription's private values.
+The "default" access list is "@OWNER @SYSTEM".
+"@ACL" maps to the printer's requesting-user-name-allowed or requesting-user-name-denied values.
+"@OWNER" maps to the job's owner.
+"@SYSTEM" maps to the groups listed for the SystemGroup directive in the
+.BR cups-files.conf (5)
+file.
.TP 5
-SubscriptionPrivateValues all
+\fBSubscriptionPrivateValues all\fR
.TP 5
-SubscriptionPrivateValues default
+\fBSubscriptionPrivateValues default\fR
.TP 5
-SubscriptionPrivateValues none
+\fBSubscriptionPrivateValues none\fR
.TP 5
-SubscriptionPrivateValues attribute-name-1 [ ... attribute-name-N ]
-Specifies the list of job values to make private. The "default" values are
-"notify-events", "notify-pull-method", "notify-recipient-uri",
-"notify-subscriber-user-name", and "notify-user-data".
+\fBSubscriptionPrivateValues \fIattribute-name \fR[ ... \fIattribute-name \fR]
+Specifies the list of subscription values to make private.
+The "default" values are "notify-events", "notify-pull-method", "notify-recipient-uri", "notify-subscriber-user-name", and "notify-user-data".
+.SH CONFORMING TO
+The \fBcupsd.conf\fR file format is based on the Apache HTTP Server configuration file format.
+.SH EXAMPLES
+Log everything with a maximum log file size of 32 megabytes:
+.nf
+
+ AccessLogLevel all
+ LogLevel debug2
+ MaxLogSize 32m
+
+.fi
+Require authentication for accesses from outside the 10. network:
+.nf
+
+ <Location />
+ Order allow,deny
+ Allow from 10./8
+ AuthType Basic
+ Require valid-user
+ Satisfy any
+ </Location>
+.fi
.SH SEE ALSO
-.BR classes.conf (5), cups-files.conf (5), cupsd (8), mime.convs (5), mime.types (5), printers.conf (5), subscriptions.conf (5),
-http://localhost:631/help
+.BR classes.conf (5),
+.BR cups-files.conf (5),
+.BR cupsd (8),
+.BR mime.convs (5),
+.BR mime.types (5),
+.BR printers.conf (5),
+.BR subscriptions.conf (5),
+CUPS Online Help (http://localhost:631/help)
.SH COPYRIGHT
Copyright \[co] 2007-2014 by Apple Inc.
.\"
projects / thirdparty / cups.git / blobdiff