1cupsd.conf(5) Apple Inc. cupsd.conf(5)
2
3
4
6 cupsd.conf - server configuration file for cups
7
9 The cupsd.conf file configures the CUPS scheduler, cupsd(8). It is
10 normally located in the /etc/cups directory.
11
12 Each line in the file can be a configuration directive, a blank line,
13 or a comment. Comment lines start with the # character. The configura‐
14 tion directives are intentionally similar to those used by the popular
15 Apache web server software and are described below.
16
18 The following directives are understood by cupsd(8). Consult the on-
19 line help for detailed descriptions:
20
21 AccessLog filename
22
23 AccessLog syslog
24 Defines the access log filename.
25
26 AccessLogLevel config
27
28 AccessLogLevel actions
29
30 AccessLogLevel all
31 Specifies the logging level for the AccessLog file.
32
33 Allow all
34
35 Allow none
36
37 Allow host.domain.com
38
39 Allow *.domain.com
40
41 Allow ip-address
42
43 Allow ip-address/netmask
44
45 Allow ip-address/mm
46
47 Allow @IF(name)
48
49 Allow @LOCAL
50 Allows access from the named hosts or addresses.
51
52 AuthClass User
53
54 AuthClass Group
55
56 AuthClass System
57 Specifies the authentication class (User, Group, System) - this
58 directive is deprecated.
59
60 AuthGroupName group-name
61 Specifies the authentication group - this directive is deprecated.
62
63 AuthType None
64
65 AuthType Basic
66
67 AuthType BasicDigest
68
69 AuthType Digest
70
71 AuthType Negotiate
72 Specifies the authentication type (None, Basic, BasicDigest,
73 Digest, Negotiate)
74
75 AutoPurgeJobs Yes
76
77 AutoPurgeJobs No
78 Specifies whether to purge job history data automatically when it
79 is no longer required for quotas.
80
81 BrowseAddress ip-address
82
83 BrowseAddress @IF(name)
84
85 BrowseAddress @LOCAL
86 Specifies a broadcast address for outgoing printer information
87 packets.
88
89 BrowseAllow all
90
91 BrowseAllow none
92
93 BrowseAllow host.domain.com
94
95 BrowseAllow *.domain.com
96
97 BrowseAllow ip-address
98
99 BrowseAllow ip-address/netmask
100
101 BrowseAllow ip-address/mm
102
103 BrowseAllow @IF(name)
104
105 BrowseAllow @LOCAL
106 Allows incoming printer information packets from the named host or
107 address.
108
109 BrowseDeny all
110
111 BrowseDeny none
112
113 BrowseDeny host.domain.com
114
115 BrowseDeny *.domain.com
116
117 BrowseDeny ip-address
118
119 BrowseDeny ip-address/netmask
120
121 BrowseDeny ip-address/mm
122
123 BrowseDeny @IF(name)
124
125 BrowseDeny @LOCAL
126 Denies incoming printer information packets from the named host or
127 address.
128
129 BrowseInterval seconds
130 Specifies the maximum interval between printer information broad‐
131 casts.
132
133 BrowseLDAPBindDN
134 Specifies the LDAP domain name to use when registering printers.
135
136 BrowseLDAPCACertFile
137 Specifies the SSL certificate authority file to use.
138
139 BrowseLDAPDN
140 Specifies the LDAP domain name to use when discovering printers.
141
142 BrowseLDAPPassword
143 Specifies the password to use when accessing the LDAP server.
144
145 BrowseLDAPServer
146 Specifies the LDAP server to use.
147
148 BrowseOrder allow,deny
149
150 BrowseOrder deny,allow
151 Specifies the order of printer information access control
152 (allow,deny or deny,allow)
153
154 BrowsePoll host-or-ip-address
155 Specifies a server to poll for printer information.
156
157 BrowsePort port
158 Specifies the port to listen to for printer information packets.
159
160 BrowseProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
161 Specifies the protocols to use for printer browsing.
162
163 BrowseLocalProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
164 Specifies the protocols to use for local printer browsing.
165
166 BrowseRemoteProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
167 Specifies the protocols to use for remote printer browsing.
168
169 BrowseRelay from-address to-address
170 Specifies that printer information packets should be relayed from
171 one host or network to another.
172
173 BrowseShortNames Yes
174
175 BrowseShortNames No
176 Specifies whether remote printers will use short names ("printer")
177 or not ("printer@server"). This option is ignored if more than one
178 remote printer exists with the same name.
179
180 BrowseTimeout seconds
181 Specifies the maximum interval between printer information updates
182 before remote printers will be removed from the list of available
183 printers.
184
185 BrowseWebIF Yes
186
187 BrowseWebIF No
188 Specifies whether the CUPS web interface is advertised via DNS-SD.
189
190 Browsing Yes
191
192 Browsing No
193 Specifies whether or not remote printer browsing should be
194 enabled.
195
196 Classification banner
197 Specifies the security classification of the server.
198
199 ClassifyOverride Yes
200
201 ClassifyOverride No
202 Specifies whether to allow users to override the classification of
203 individual print jobs.
204
205 ConfigFilePerm mode
206 Specifies the permissions for all configuration files that the
207 scheduler writes.
208
209 ConfigurationChangeRestriction all
210
211 ConfigurationChangeRestriction root-only
212
213 ConfigurationChangeRestriction none
214 Specifies the degree of restriction for changes to cupsd.conf.
215 Keywords dealing with filenames, paths, and users are security-
216 sensitive. Changes to them via HTTP are forbidden by default
217 ("all"). The value "none" removes any restriction altogether (note
218 that this is unsafe). The value "root-only" allows only users
219 authorised as user "root" to adjust security-sensitive configura‐
220 tion settings, but note that users adjusting settings using polkit
221 (via cups-pk-helper) are authenticated as user "root".
222
223 DataDir path
224 Specified the directory where data files can be found.
225
226 DefaultAuthType Basic
227
228 DefaultAuthType BasicDigest
229
230 DefaultAuthType Digest
231
232 DefaultAuthType Negotiate
233 Specifies the default type of authentication to use.
234
235 DefaultCharset charset
236 Specifies the default character set to use for text.
237
238 DefaultEncryption Never
239
240 DefaultEncryption IfRequested
241
242 DefaultEncryption Required
243 Specifies the type of encryption to use for authenticated
244 requests.
245
246 DefaultLanguage locale
247 Specifies the default language to use for text and web content.
248
249 DefaultPaperSize Auto
250
251 DefaultPaperSize None
252
253 DefaultPaperSize sizename
254 Specifies the default paper size for new print queues. "Auto" uses
255 a locale- specific default, while "None" specifies there is no
256 default paper size.
257
258 DefaultPolicy policy-name
259 Specifies the default access policy to use.
260
261 DefaultShared Yes
262
263 DefaultShared No
264 Specifies whether local printers are shared by default.
265
266 Deny all
267
268 Deny none
269
270 Deny host.domain.com
271
272 Deny *.domain.com
273
274 Deny ip-address
275
276 Deny ip-address/netmask
277
278 Deny ip-address/mm
279
280 Deny @IF(name)
281
282 Deny @LOCAL
283 Denies access to the named host or address.
284
285 DirtyCleanInterval seconds
286 Specifies the delay for updating of configuration and state files.
287 A value of 0 causes the update to happen as soon as possible, typ‐
288 ically within a few milliseconds.
289
290 DocumentRoot directory
291 Specifies the root directory for the internal web server docu‐
292 ments.
293
294 Encryption IfRequested
295
296 Encryption Never
297
298 Encryption Required
299 Specifies the level of encryption that is required for a particu‐
300 lar location.
301
302 ErrorLog filename
303
304 ErrorLog syslog
305 Specifies the error log filename.
306
307 FatalErrors none
308
309 FatalErrors all -kind [... -kind]
310
311 FatalErrors kind [... kind]
312 Specifies which errors are fatal, causing the scheduler to exit.
313 "Kind" is "browse", "config", "listen", "log", or "permissions".
314
315 FileDevice Yes
316
317 FileDevice No
318 Specifies whether the file pseudo-device can be used for new
319 printer queues.
320
321 ErrorPolicy abort-job
322 Specifies that a failed print job should be aborted (discarded)
323 unless otherwise specified for the printer.
324
325 ErrorPolicy retry-job
326 Specifies that a failed print job should be retried at a later
327 time unless otherwise specified for the printer.
328
329 ErrorPolicy retry-this-job
330 Specifies that a failed print job should be retried immediately
331 unless otherwise specified for the printer.
332
333 ErrorPolicy stop-printer
334 Specifies that a failed print job should stop the printer unless
335 otherwise specified for the printer. The 'stop-printer' error pol‐
336 icy is the default.
337
338 FilterLimit limit
339 Specifies the maximum cost of filters that are run concurrently.
340
341 FilterNice nice-value
342 Specifies the scheduling priority ("nice" value) of filters that
343 are run to print a job.
344
345 FontPath directory[:directory:...]
346 Specifies the search path for fonts.
347
348 Group group-name-or-number
349 Specifies the group name or ID that will be used when executing
350 external programs.
351
352 HideImplicitMembers Yes
353
354 HideImplicitMembers No
355 Specifies whether to hide members of implicit classes.
356
357 HostNameLookups On
358
359 HostNameLookups Off
360
361 HostNameLookups Double
362 Specifies whether or not to do reverse lookups on client
363 addresses.
364
365 ImplicitAnyClasses Yes
366
367 ImplicitAnyClasses No
368 Specifies whether or not to create implicit classes for local and
369 remote printers, e.g. "AnyPrinter" from "Printer",
370 "Printer@server1", and "Printer@server2".
371
372 ImplicitClasses Yes
373
374 ImplicitClasses No
375 Specifies whether or not to create implicit classes from identical
376 remote printers.
377
378 Include filename
379 Includes the named file.
380
381 JobKillDelay seconds
382 Specifies the number of seconds to wait before killing the filters
383 and backend associated with a canceled or held job.
384
385 JobRetryInterval seconds
386 Specifies the interval between retries of jobs in seconds.
387
388 JobRetryLimit count
389 Specifies the number of retries that are done for jobs.
390
391 KeepAlive Yes
392
393 KeepAlive No
394 Specifies whether to support HTTP keep-alive connections.
395
396 KeepAliveTimeout seconds
397 Specifies the amount of time that connections are kept alive.
398
399 <Limit operations> ... </Limit>
400 Specifies the IPP operations that are being limited inside a pol‐
401 icy.
402
403 <Limit methods> ... </Limit>
404
405 <LimitExcept methods> ... </LimitExcept>
406 Specifies the HTTP methods that are being limited inside a loca‐
407 tion.
408
409 LimitRequestBody
410 Specifies the maximum size of any print job request.
411
412 Listen ip-address:port
413
414 Listen *:port
415
416 Listen /path/to/domain/socket
417 Listens to the specified address and port or domain socket path.
418
419 <Location /path> ... </Location>
420 Specifies access control for the named location.
421
422 LogDebugHistory #-messages
423 Specifies the number of debugging messages that are logged when an
424 error occurs in a print job.
425
426 LogFilePerm mode
427 Specifies the permissions for all log files that the scheduler
428 writes.
429
430 LogLevel alert
431
432 LogLevel crit
433
434 LogLevel debug2
435
436 LogLevel debug
437
438 LogLevel emerg
439
440 LogLevel error
441
442 LogLevel info
443
444 LogLevel none
445
446 LogLevel notice
447
448 LogLevel warn
449 Specifies the logging level for the ErrorLog file.
450
451 LogTimeFormat standard
452
453 LogTimeFormat usecs
454 Specifies the format of the date and time in the log files.
455
456 MaxClients number
457 Specifies the maximum number of simultaneous clients to support.
458
459 MaxClientsPerHost number
460 Specifies the maximum number of simultaneous clients to support
461 from a single address.
462
463 MaxCopies number
464 Specifies the maximum number of copies that a user can print of
465 each job.
466
467 MaxJobs number
468 Specifies the maximum number of simultaneous jobs to support.
469
470 MaxJobsPerPrinter number
471 Specifies the maximum number of simultaneous jobs per printer to
472 support.
473
474 MaxJobsPerUser number
475 Specifies the maximum number of simultaneous jobs per user to sup‐
476 port.
477
478 MaxLogSize number-bytes
479 Specifies the maximum size of the log files before they are
480 rotated (0 to disable rotation)
481
482 MaxRequestSize number-bytes
483 Specifies the maximum request/file size in bytes (0 for no limit)
484
485 MultipleOperationTimeout seconds
486 Specifies the maximum amount of time to allow between files in a
487 multiple file print job.
488
489 Order allow,deny
490
491 Order deny,allow
492 Specifies the order of HTTP access control (allow,deny or
493 deny,allow)
494
495 PageLog filename
496
497 PageLog syslog
498 Specifies the page log filename.
499
500 PageLogFormat format string
501 Specifies the format of page log lines.
502
503 PassEnv variable [... variable]
504 Passes the specified environment variable(s) to child processes.
505
506 <Policy name> ... </Policy>
507 Specifies access control for the named policy.
508
509 Port number
510 Specifies a port number to listen to for HTTP requests.
511
512 PreserveJobFiles Yes
513
514 PreserveJobFiles No
515 Specifies whether or not to preserve job files after they are
516 printed.
517
518 PreserveJobHistory Yes
519
520 PreserveJobHistory No
521 Specifies whether or not to preserve the job history after they
522 are printed.
523
524 Printcap
525
526 Printcap filename
527 Specifies the filename for a printcap file that is updated auto‐
528 matically with a list of available printers (needed for legacy
529 applications); specifying Printcap with no filename disables
530 printcap generation.
531
532 PrintcapFormat bsd
533
534 PrintcapFormat plist
535
536 PrintcapFormat solaris
537 Specifies the format of the printcap file.
538
539 PrintcapGUI
540
541 PrintcapGUI gui-program-filename
542 Specifies whether to generate option panel definition files on
543 some operating systems. When provided with no program filename,
544 disables option panel definition files.
545
546 ReloadTimeout seconds
547 Specifies the amount of time to wait for job completion before
548 restarting the scheduler.
549
550 RemoteRoot user-name
551 Specifies the username that is associated with unauthenticated
552 root accesses.
553
554 RequestRoot directory
555 Specifies the directory to store print jobs and other HTTP request
556 data.
557
558 Require group group-name-list
559
560 Require user user-name-list
561
562 Require valid-user
563 Specifies that user or group authentication is required.
564
565 RIPCache bytes
566 Specifies the maximum amount of memory to use when converting
567 images and PostScript files to bitmaps for a printer.
568
569 Satisfy all
570
571 Satisfy any
572 Specifies whether all or any limits set for a Location must be
573 satisfied to allow access.
574
575 ServerAdmin user@domain.com
576 Specifies the email address of the server administrator.
577
578 ServerAlias hostname
579 Specifies an alternate name that the server is known by. The spe‐
580 cial name "*" allows any name to be used.
581
582 ServerBin directory
583 Specifies the directory where backends, CGIs, daemons, and filters
584 may be found.
585
586 ServerCertificate filename
587 Specifies the encryption certificate to use.
588
589 ServerKey filename
590 Specifies the encryption key to use.
591
592 ServerName hostname-or-ip-address
593 Specifies the fully-qualified hostname of the server.
594
595 ServerRoot directory
596 Specifies the directory where the server configuration files can
597 be found.
598
599 ServerTokens Full
600
601 ServerTokens Major
602
603 ServerTokens Minimal
604
605 ServerTokens Minor
606
607 ServerTokens None
608
609 ServerTokens OS
610
611 ServerTokens ProductOnly
612 Specifies what information is included in the Server header of
613 HTTP responses.
614
615 SetEnv variable value
616 Set the specified environment variable to be passed to child pro‐
617 cesses.
618
619 SSLListen
620 Listens on the specified address and port for encrypted connec‐
621 tions.
622
623 SSLOptions None
624
625 SSLOptions [NoEmptyFragments] [AllowRC4] [Allow SSL3]
626 Sets SSL/TLS protocol options for encrypted connections. By
627 default, CUPS only supports encryption using TLS v1.0 or higher
628 using known secure cipher suites. The NoEmptyFragments option
629 allows CUPS to work with Microsoft Windows with the FIPS confor‐
630 mance mode enabled. The AllowRC4 option enables the 128-bit RC4
631 cipher suites, which are required for some older clients that do
632 not implement newer ones. The AllowSSL3 option enables SSL v3.0,
633 which is required for some older clients that do not support TLS
634 v1.0.
635
636 SSLPort
637 Listens on the specified port for encrypted connections.
638
639 SyncOnClose Yes
640
641 SyncOnClose No
642 Specifies whether the scheduler calls fsync(2) after writing con‐
643 figuration state files. The default is Yes.
644
645 SystemGroup group-name [group-name ...]
646 Specifies the group(s) to use for System class authentication.
647
648 TempDir directory
649 Specifies the directory where temporary files are stored.
650
651 Timeout seconds
652 Specifies the HTTP request timeout in seconds.
653
654 User user-name
655 Specifies the user name or ID that is used when running external
656 programs.
657
659 classes.conf(5), cupsd(8), mime.convs(5), mime.types(5), print‐
660 ers.conf(5), subscriptions.conf(5),
661 http://localhost:631/help
662
664 Copyright 2007-2009 by Apple Inc.
665
666
667
66814 July 2009 CUPS cupsd.conf(5)