2 # "$Id: cupsd.conf.in,v 1.16 2004/08/18 17:53:47 mike Exp $"
4 # Sample configuration file for the Common UNIX Printing System (CUPS)
7 # Copyright 1997-2004 by Easy Software Products, all rights reserved.
9 # These coded instructions, statements, and computer programs are the
10 # property of Easy Software Products and are protected by Federal
11 # copyright law. Distribution and use rights are outlined in the file
12 # "LICENSE.txt" which should have been included with this file. If this
13 # file is missing or damaged please contact Easy Software Products
16 # Attn: CUPS Licensing Information
17 # Easy Software Products
18 # 44141 Airport View Drive, Suite 204
19 # Hollywood, Maryland 20636 USA
21 # Voice: (301) 373-9600
22 # EMail: cups-info@cups.org
23 # WWW: http://www.cups.org
26 ########################################################################
28 # This is the CUPS configuration file. If you are familiar with #
29 # Apache or any of the other popular web servers, we've followed the #
30 # same format. Any configuration variable used here has the same #
31 # semantics as the corresponding variable in Apache. If we need #
32 # different functionality then a different name is used to avoid #
35 ########################################################################
39 ######## Server Identity
43 # ServerName: the hostname of your server, as advertised to the world.
44 # By default CUPS will use the hostname of the system.
46 # To set the default server used by clients, see the client.conf file.
49 #ServerName myhost.domain.com
52 # ServerAdmin: the email address to send all complaints/problems to.
53 # By default CUPS will use "root@hostname".
56 #ServerAdmin root@your.domain.com
60 ######## Server Options
64 # AccessLog: the access log file; if this does not start with a leading /
65 # then it is assumed to be relative to ServerRoot. By default set to
66 # "@CUPS_LOGDIR@/access_log"
68 # You can also use the special name "syslog" to send the output to the
69 # syslog file or daemon.
72 #AccessLog @CUPS_LOGDIR@/access_log
75 # Classification: the classification level of the server. If set, this
76 # classification is displayed on all pages, and raw printing is disabled.
77 # The default is the empty string.
80 #Classification classified
81 #Classification confidential
82 #Classification secret
83 #Classification topsecret
84 #Classification unclassified
87 # ClassifyOverride: whether to allow users to override the classification
88 # on printouts. If enabled, users can limit banner pages to before or
89 # after the job, and can change the classification of a job, but cannot
90 # completely eliminate the classification or banners.
98 # DataDir: the root directory for the CUPS data files.
99 # By default "@CUPS_DATADIR@".
102 #DataDir @CUPS_DATADIR@
105 # DefaultCharset: the default character set to use. If not specified,
106 # defaults to "utf-8". Note that this can also be overridden in
110 #DefaultCharset utf-8
113 # DefaultLanguage: the default language if not specified by the browser.
114 # If not specified, the current locale is used.
120 # DocumentRoot: the root directory for HTTP documents that are served.
121 # By default "@CUPS_DOCROOT@".
124 #DocumentRoot @CUPS_DOCROOT@
127 # ErrorLog: the error log file; if this does not start with a leading /
128 # then it is assumed to be relative to ServerRoot. By default set to
129 # "@CUPS_LOGDIR@/error_log"
131 # You can also use the special name "syslog" to send the output to the
132 # syslog file or daemon.
135 #ErrorLog @CUPS_LOGDIR@/error_log
138 # FileDevice: determines whether the scheduler will allow new printers
139 # to be added using device URIs of the form "file:/foo/bar". The default
140 # is not to allow file devices due to the potential security vulnerability
141 # and due to the fact that file devices do not support raw printing.
148 # FontPath: the path to locate all font files (currently only for pstoraster)
149 # By default "@CUPS_FONTPATH@".
152 #FontPath @CUPS_FONTPATH@
155 # LogLevel: controls the number of messages logged to the ErrorLog
156 # file and can be one of the following:
158 # debug2 Log everything.
159 # debug Log almost everything.
160 # info Log all requests and state changes.
161 # warn Log errors and warnings.
162 # error Log only errors.
169 # MaxLogSize: controls the maximum size of each log file before they are
170 # rotated. Defaults to 1048576 (1MB). Set to 0 to disable log rotating.
176 # PageLog: the page log file; if this does not start with a leading /
177 # then it is assumed to be relative to ServerRoot. By default set to
178 # "@CUPS_LOGDIR@/page_log"
180 # You can also use the special name "syslog" to send the output to the
181 # syslog file or daemon.
184 #PageLog @CUPS_LOGDIR@/page_log
187 # PreserveJobHistory: whether or not to preserve the job history after a
188 # job is completed, cancelled, or stopped. Default is Yes.
191 #PreserveJobHistory Yes
194 # PreserveJobFiles: whether or not to preserve the job files after a
195 # job is completed, cancelled, or stopped. Default is No.
201 # AutoPurgeJobs: automatically purge jobs when not needed for quotas.
208 # MaxCopies: maximum number of copies that a user can request. Default is
215 # MaxJobs: maximum number of jobs to keep in memory (active and completed.)
216 # Default is 500; the value 0 is used for no limit.
222 # MaxJobsPerPrinter: maximum number of active jobs per printer. The default
229 # MaxJobsPerUser: maximum number of active jobs per user. The default
236 # MaxPrinterHistory: controls the maximum number of history collections
237 # in the printer-state-history attribute. Set to 0 to disable history
241 #MaxPrinterHistory 10
244 # Printcap: the name of the printcap file. Default is /etc/printcap.
245 # Leave blank to disable printcap file generation.
248 #Printcap /etc/printcap
251 # PrintcapFormat: the format of the printcap file, currently either
252 # BSD or Solaris. The default is "BSD".
256 #PrintcapFormat Solaris
259 # PrintcapGUI: the name of the GUI options panel program to associate
260 # with print queues under IRIX. The default is "/usr/bin/glpoptions"
261 # from ESP Print Pro.
263 # This option is only used under IRIX; the options panel program
264 # must accept the "-d printer" and "-o options" options and write
265 # the selected printer options back to stdout on completion.
268 #PrintcapGUI /usr/bin/glpoptions
271 # RequestRoot: the directory where request files are stored.
272 # By default "@CUPS_REQUESTS@".
275 #RequestRoot @CUPS_REQUESTS@
278 # RemoteRoot: the name of the user assigned to unauthenticated accesses
279 # from remote systems. By default "remroot".
285 # ServerBin: the root directory for the scheduler executables.
286 # By default "@CUPS_SERVERBIN@".
289 #ServerBin @CUPS_SERVERBIN@
292 # ServerRoot: the root directory for the scheduler.
293 # By default "@CUPS_SERVERROOT@".
296 #ServerRoot @CUPS_SERVERROOT@
300 # ServerTokens: specifies what information in provided in the Server
301 # header of HTTP responses. The default is Minor.
304 # ServerTokens ProductOnly CUPS
305 # ServerTokens Major CUPS/1
306 # ServerTokens Minor CUPS/1.1
307 # ServerTokens Minimal CUPS/@CUPS_VERSION@
308 # ServerTokens OS CUPS/@CUPS_VERSION@ (uname)
309 # ServerTokens Full CUPS/@CUPS_VERSION@ (uname) IPP/1.1
320 # FaxRetryLimit: the number of times a fax job is retried.
321 # The default is 5 times.
327 # FaxRetryInterval: the number of seconds between fax job retries.
328 # The default is 300 seconds/5 minutes.
331 #FaxRetryInterval 300
335 ######## Encryption Support
339 # ServerCertificate: the file to read containing the server's certificate.
340 # Defaults to "@CUPS_SERVERROOT@/ssl/server.crt".
343 #ServerCertificate @CUPS_SERVERROOT@/ssl/server.crt
346 # ServerKey: the file to read containing the server's key.
347 # Defaults to "@CUPS_SERVERROOT@/ssl/server.key".
350 #ServerKey @CUPS_SERVERROOT@/ssl/server.key
354 ######## Filter Options
358 # User/Group: the user and group the server runs under. Normally this
359 # must be @CUPS_USER@ and @CUPS_GROUP@, however you can configure things for another
360 # user or group as needed.
362 # Note: the server must be run initially as root to support the
363 # default IPP port of 631. It changes users whenever an external
364 # program is run, or if the RunAsUser directive is specified...
371 # RIPCache: the amount of memory that each RIP should use to cache
372 # bitmaps. The value can be any real number followed by "k" for
373 # kilobytes, "m" for megabytes, "g" for gigabytes, or "t" for tiles
374 # (1 tile = 256x256 pixels.) Defaults to "8m" (8 megabytes).
380 # TempDir: the directory to put temporary files in. This directory must be
381 # writable by the user defined above! Defaults to "@CUPS_REQUESTS@/tmp" or
382 # the value of the TMPDIR environment variable.
385 #TempDir @CUPS_REQUESTS@/tmp
388 # FilterLimit: sets the maximum cost of all job filters that can be run
389 # at the same time. A limit of 0 means no limit. A typical job may need
390 # a filter limit of at least 200; limits less than the minimum required
391 # by a job force a single job to be printed at any time.
393 # The default limit is 0 (unlimited).
399 ######## Network Options
403 # Ports/addresses that we listen to. The default port 631 is reserved
404 # for the Internet Printing Protocol (IPP) and is what we use here.
406 # You can have multiple Port/Listen lines to listen to more than one
407 # port or address, or to restrict access:
413 # Listen hostname:631
417 # NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades
418 # for encryption. If you want to support web-based encryption you'll
419 # probably need to listen on port 443 (the "https" port...)
421 # NOTE 2: In order for the command-line and web interfaces to work, you
422 # must have at least one Port or Listen line that allows access from the
423 # local loopback address (localhost).
431 # HostNameLookups: whether or not to do lookups on IP addresses to get a
432 # fully-qualified hostname. This defaults to Off for performance reasons...
438 # KeepAlive: whether or not to support the Keep-Alive connection
439 # option. Default is on.
445 # KeepAliveTimeout: the timeout before Keep-Alive connections are
446 # automatically closed. Default is 60 seconds.
452 # MaxClients: controls the maximum number of simultaneous clients that
453 # will be handled. Defaults to 100.
459 # MaxClientsPerHost: controls the maximum number of simultaneous clients that
460 # will be handled from a specific host. Defaults to 10 or 1/10th of the
461 # MaxClients setting, whichever is larger. A value of 0 specifies the
462 # automatic (10 or 1/10th) setting.
468 # MaxRequestSize: controls the maximum size of HTTP requests and print files.
469 # Set to 0 to disable this feature (defaults to 0.)
475 # Timeout: the timeout before requests time out. Default is 300 seconds.
482 ######## Browsing Options
486 # Browsing: whether or not to broadcast and/or listen for CUPS printer
487 # information on the network. Enabled by default.
493 # BrowseProtocols: which protocols to use for browsing. Can be
494 # any of the following separated by whitespace and/or commas:
496 # all - Use all supported protocols.
497 # cups - Use the CUPS browse protocol.
498 # slp - Use the SLPv2 protocol.
500 # The default is "cups".
502 # NOTE: If you choose to use SLPv2, it is *strongly* recommended that
503 # you have at least one SLP Directory Agent (DA) on your
504 # network. Otherwise, browse updates can take several seconds,
505 # during which the scheduler will not respond to client
509 #BrowseProtocols cups
512 # BrowseAddress: specifies a broadcast address to be used. By
513 # default browsing information is not sent!
515 # Note: HP-UX does not properly handle broadcast unless you have a
516 # Class A, B, C, or D netmask (i.e. no CIDR support).
518 # Note: Using the "global" broadcast address (255.255.255.255) will
519 # activate a Linux demand-dial link with the default configuration.
520 # If you have a LAN as well as the dial-up link, use the LAN's
523 # The @LOCAL address broadcasts to all non point-to-point interfaces.
524 # For example, if you have a LAN and a dial-up link, @LOCAL would
525 # send printer updates to the LAN but not to the dial-up link.
526 # Similarly, the @IF(name) address sends to the named network
527 # interface, e.g. @IF(eth0) under Linux. Interfaces are refreshed
528 # automatically (no more than once every 60 seconds), so they can
529 # be used on dynamically-configured interfaces, e.g. PPP, 802.11, etc.
532 #BrowseAddress x.y.z.255
533 #BrowseAddress x.y.255.255
534 #BrowseAddress x.255.255.255
535 #BrowseAddress 255.255.255.255
536 #BrowseAddress @LOCAL
537 #BrowseAddress @IF(name)
540 # BrowseShortNames: whether or not to use "short" names for remote printers
541 # when possible (e.g. "printer" instead of "printer@host".) Enabled by
545 #BrowseShortNames Yes
548 # BrowseAllow: specifies an address mask to allow for incoming browser
549 # packets. The default is to allow packets from all addresses.
551 # BrowseDeny: specifies an address mask to deny for incoming browser
552 # packets. The default is to deny packets from no addresses.
554 # Both "BrowseAllow" and "BrowseDeny" accept the following notations for
567 # nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
571 # The hostname/domainname restrictions only work if you have turned hostname
579 # BrowseInterval: the time between browsing updates in seconds. Default
582 # Note that browsing information is sent whenever a printer's state changes
583 # as well, so this represents the maximum time between updates.
585 # Set this to 0 to disable outgoing broadcasts so your local printers are
586 # not advertised but you can still see printers on other hosts.
592 # BrowseOrder: specifies the order of BrowseAllow/BrowseDeny comparisons.
595 #BrowseOrder allow,deny
596 #BrowseOrder deny,allow
599 # BrowsePoll: poll the named server(s) for printers
602 #BrowsePoll address:port
605 # BrowsePort: the port used for UDP broadcasts. By default this is
606 # the IPP port; if you change this you need to do it on all servers.
607 # Only one BrowsePort is recognized.
613 # BrowseRelay: relay browser packets from one address/network to another.
616 #BrowseRelay source-address destination-address
617 #BrowseRelay @IF(src) @IF(dst)
620 # BrowseTimeout: the timeout for network printers - if we don't
621 # get an update within this time the printer will be removed
622 # from the printer list. This number definitely should not be
623 # less the BrowseInterval value for obvious reasons. Defaults
630 # ImplicitClasses: whether or not to use implicit classes.
632 # Printer classes can be specified explicitly in the classes.conf
633 # file, implicitly based upon the printers available on the LAN, or
636 # When ImplicitClasses is On, printers on the LAN with the same name
637 # (e.g. Acme-LaserPrint-1000) will be put into a class with the same
638 # name. This allows you to setup multiple redundant queues on a LAN
639 # without a lot of administrative difficulties. If a user sends a
640 # job to Acme-LaserPrint-1000, the job will go to the first available
643 # Enabled by default.
649 # ImplicitAnyClasses: whether or not to create "AnyPrinter" implicit
652 # When ImplicitAnyClasses is On and a local queue of the same name
653 # exists, e.g. "printer", "printer@server1", "printer@server1", then
654 # an implicit class called "Anyprinter" is created instead.
656 # When ImplicitAnyClasses is Off, implicit classes are not created
657 # when there is a local queue of the same name.
659 # Disabled by default.
662 #ImplicitAnyCLasses Off
665 # HideImplicitMembers: whether or not to show the members of an
668 # When HideImplicitMembers is On, any remote printers that are
669 # part of an implicit class are hidden from the user, who will
670 # then only see a single queue even though many queues will be
671 # supporting the implicit class.
673 # Enabled by default.
676 #HideImplicitMembers On
680 ######## Security Options
684 # SystemGroup: the group name for "System" (printer administration)
685 # access. The default varies depending on the operating system, but
686 # will be "sys", "system", or "root" (checked for in that order.)
689 #SystemGroup @CUPS_GROUP@
692 # RootCertDuration: How frequently the root certificate is regenerated.
693 # Defaults to 300 seconds.
696 #RootCertDuration 300
699 # Access permissions for each directory served by the scheduler.
700 # Locations are relative to DocumentRoot...
702 # AuthType: the authorization to use:
704 # None - Perform no authentication
705 # Basic - Perform authentication using the HTTP Basic method.
706 # Digest - Perform authentication using the HTTP Digest method.
708 # (Note: local certificate authentication can be substituted by
709 # the client for Basic or Digest when connecting to the
710 # localhost interface)
712 # AuthClass: the authorization class; currently only "Anonymous", "User",
713 # "System" (valid user belonging to group SystemGroup), and "Group"
714 # (valid user belonging to the specified group) are supported.
716 # AuthGroupName: the group name for "Group" authorization.
718 # Order: the order of Allow/Deny processing.
720 # Allow: allows access from the specified hostname, domain, IP address,
721 # network, or interface.
723 # Deny: denies access from the specified hostname, domain, IP address,
724 # network, or interface.
726 # Both "Allow" and "Deny" accept the following notations for addresses:
738 # nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
742 # The host and domain address require that you enable hostname lookups
743 # with "HostNameLookups On" above.
745 # The @LOCAL address allows or denies from all non point-to-point
746 # interfaces. For example, if you have a LAN and a dial-up link,
747 # @LOCAL could allow connections from the LAN but not from the dial-up
748 # link. Similarly, the @IF(name) address allows or denies from the
749 # named network interface, e.g. @IF(eth0) under Linux. Interfaces are
750 # refreshed automatically (no more than once every 60 seconds), so
751 # they can be used on dynamically-configured interfaces, e.g. PPP,
754 # Encryption: whether or not to use encryption; this depends on having
755 # the OpenSSL library linked into the CUPS library and scheduler.
759 # Always - Always use encryption (SSL)
760 # Never - Never use encryption
761 # Required - Use TLS encryption upgrade
762 # IfRequested - Use encryption if the server requests it
764 # The default value is "IfRequested".
775 # You may wish to limit access to printers and classes, either with Allow
776 # and Deny lines, or by requiring a username and password.
780 #<Location /classes/name>
782 # You may wish to limit access to printers and classes, either with Allow
783 # and Deny lines, or by requiring a username and password.
789 # You may wish to limit access to job operations, either with Allow
790 # and Deny lines, or by requiring a username and password.
794 #<Location /printers>
796 # You may wish to limit access to printers and classes, either with Allow
797 # and Deny lines, or by requiring a username and password.
801 #<Location /printers/name>
803 # You may wish to limit access to printers and classes, either with Allow
804 # and Deny lines, or by requiring a username and password.
807 ## Anonymous access (default)
810 ## Require a username and password (Basic authentication)
814 ## Require a username and password (Digest/MD5 authentication)
818 ## Restrict access to local domain
821 #Allow From .mydomain.com
826 # You definitely will want to limit access to the administration functions.
827 # The default configuration requires a local connection from a user who
828 # is a member of the system group to do any admin tasks. You can change
829 # the group name using the SystemGroup directive.
835 ## Restrict access to local domain
844 # End of "$Id: cupsd.conf.in,v 1.16 2004/08/18 17:53:47 mike Exp $".