4 Require user @OWNER @SYSTEM
5 Order deny,allow
6 </Limit>
- 7
+ 7
8 # All administration operations require an administrator
to authenticate...
- 9 <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class
+ 9 <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
10 AuthType Default
11 Require user @SYSTEM
12 Order deny,allow
13 </Limit>
-14
+14
15 # All printer operations require a printer operator
to authenticate...
16 <Limit Pause-Printer Resume-Printer
18 Require user <em>varies by OS</em>
19 Order deny,allow
20 </Limit>
-21
+21
22 # Only the owner or an administrator can cancel or
authenticate a job...
23 <Limit Cancel-Job CUPS-Authenticate-Job>
24 Require user @OWNER @SYSTEM
25 Order deny,allow
26 </Limit>
-27
+27
28 <Limit All>
29 Order deny,allow
30 </Limit>
<P>The access control rules are listed after the <TT>Limit</TT> line and are the same as those used for <A HREF="ref-cupsd-conf.html#Location"><TT>Location</TT></A> sections. In this case, we require the owner of the job ("@OWNER") or a member of the <A HREF="ref-cupsd-conf.html#SystemGroup"><TT>SystemGroup</TT></A> ("@SYSTEM") to do the operation. Because we do not include an <A HREF="ref-cupsd-conf.html#AuthType"><TT>AuthType</TT></A> directive here, the user information can come from the IPP request itself or the authenticated username from the HTTP request. The administrative operations starting on line 9, however, <em>do</em> use the <TT>AuthType</TT> directive, and so administrative operations need to be authenticated:</P>
<PRE CLASS="example">
- 9 <Limit CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class
+ 9 <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class
CUPS-Delete-Class CUPS-Set-Default>
10 AuthType Default
11 Require user @SYSTEM
12 Order deny,allow
13 </Limit>
-14
+14
15 # All printer operations require a printer operator
to authenticate...
16 <Limit Pause-Printer Resume-Printer
<TD>Prints a job after others.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Get-Default</TT></TD>
+ <TD NOWRAP><TT>CUPS-Get-Default</TT> *</TD>
<TD>Yes</TD>
<TD>Gets the server/network default printer or class.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Get-Printers</TT></TD>
+ <TD NOWRAP><TT>CUPS-Get-Printers</TT> *</TD>
<TD>Yes</TD>
<TD>Gets a list of printers and/or classes.</TD>
</TR>
<TD>Adds or modifies a printer.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Delete-Printer</TT></TD>
+ <TD NOWRAP><TT>CUPS-Delete-Printer</TT> *</TD>
<TD>Yes</TD>
<TD>Removes a printer.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Get-Classes</TT></TD>
+ <TD NOWRAP><TT>CUPS-Get-Classes</TT> *</TD>
<TD>Yes</TD>
<TD>Gets a list of classes.</TD>
</TR>
<TD>Adds or modifies a class.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Delete-Class</TT></TD>
+ <TD NOWRAP><TT>CUPS-Delete-Class</TT> *</TD>
<TD>Yes</TD>
<TD>Removes a class.</TD>
</TR>
attribute to false.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Set-Default</TT></TD>
+ <TD NOWRAP><TT>CUPS-Set-Default</TT> *</TD>
<TD>Yes</TD>
<TD>Sets the server/network default printer or class.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Get-Devices</TT></TD>
+ <TD NOWRAP><TT>CUPS-Get-Devices</TT> *</TD>
<TD>Yes</TD>
<TD>Gets a list of printer devices.</TD>
</TR>
<TR>
- <TD NOWRAP><TT>CUPS-Get-PPDs</TT></TD>
+ <TD NOWRAP><TT>CUPS-Get-PPDs</TT> *</TD>
<TD>Yes</TD>
<TD>Gets a list of printer drivers or manufacturers.</TD>
</TR>
</TBODY>
</TABLE></DIV>
+<P>* = These operations only apply to the default policy.</P>
<H2 CLASS="title"><A NAME="CREATING">Creating Your Own Policies</A></H2>
5 Order allow,deny
6 Allow from 10.0.2.0/24
7 </Limit>
- 8
+ 8
9 # All administration operations require a lab technician
or an administrator to authenticate...
10 <Limit Pause-Printer Resume-Printer