1cupsd.conf(5) Apple Inc. cupsd.conf(5)
2
6 cupsd.conf - server configuration file for cups
7
9 The cupsd.conf file configures the CUPS scheduler, cupsd(8). It is
10 normally located in the /etc/cups directory.
11 Each line in the file can be a configuration directive, a blank line,
13 or a comment. Comment lines start with the # character. The configura‐
14 tion directives are intentionally similar to those used by the popular
15 Apache web server software and are described below.
16
18 The following directives are understood by cupsd(8). Consult the on-
19 line help for detailed descriptions:
20 AccessLog filename
22 AccessLog syslog
24 Defines the access log filename.
25 AccessLogLevel config
27 AccessLogLevel actions
29 AccessLogLevel all
31 Specifies the logging level for the AccessLog file.
32 Allow all
34 Allow none
36 Allow host.domain.com
38 Allow *.domain.com
40 Allow ip-address
42 Allow ip-address/netmask
44 Allow ip-address/mm
46 Allow @IF(name)
48 Allow @LOCAL
50 Allows access from the named hosts or addresses.
51 AuthClass User
53 AuthClass Group
55 AuthClass System
57 Specifies the authentication class (User, Group, System) - this
58 directive is deprecated.
59 AuthGroupName group-name
61 Specifies the authentication group - this directive is deprecated.
62 AuthType None
64 AuthType Basic
66 AuthType BasicDigest
68 AuthType Digest
70 AuthType Negotiate
72 Specifies the authentication type (None, Basic, BasicDigest,
73 Digest, Negotiate)
74 AutoPurgeJobs Yes
76 AutoPurgeJobs No
78 Specifies whether to purge job history data automatically when it
79 is no longer required for quotas.
80 BrowseAddress ip-address
82 BrowseAddress @IF(name)
84 BrowseAddress @LOCAL
86 Specifies a broadcast address for outgoing printer information
87 packets.
88 BrowseAllow all
90 BrowseAllow none
92 BrowseAllow host.domain.com
94 BrowseAllow *.domain.com
96 BrowseAllow ip-address
98 BrowseAllow ip-address/netmask
100 BrowseAllow ip-address/mm
102 BrowseAllow @IF(name)
104 BrowseAllow @LOCAL
106 Allows incoming printer information packets from the named host or
107 address.
108 BrowseDeny all
110 BrowseDeny none
112 BrowseDeny host.domain.com
114 BrowseDeny *.domain.com
116 BrowseDeny ip-address
118 BrowseDeny ip-address/netmask
120 BrowseDeny ip-address/mm
122 BrowseDeny @IF(name)
124 BrowseDeny @LOCAL
126 Denies incoming printer information packets from the named host or
127 address.
128 BrowseInterval seconds
130 Specifies the maximum interval between printer information broad‐
131 casts.
132 BrowseLDAPBindDN
134 Specifies the LDAP domain name to use when registering printers.
135 BrowseLDAPCACertFile
137 Specifies the SSL certificate authority file to use.
138 BrowseLDAPDN
140 Specifies the LDAP domain name to use when discovering printers.
141 BrowseLDAPPassword
143 Specifies the password to use when accessing the LDAP server.
144 BrowseLDAPServer
146 Specifies the LDAP server to use.
147 BrowseOrder allow,deny
149 BrowseOrder deny,allow
151 Specifies the order of printer information access control
152 (allow,deny or deny,allow)
153 BrowsePoll host-or-ip-address
155 Specifies a server to poll for printer information.
156 BrowsePort port
158 Specifies the port to listen to for printer information packets.
159 BrowseProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
161 Specifies the protocols to use for printer browsing.
162 BrowseLocalProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
164 Specifies the protocols to use for local printer browsing.
165 BrowseRemoteProtocols [All] [CUPS] [DNSSD] [LDAP] [SLP]
167 Specifies the protocols to use for remote printer browsing.
168 BrowseRelay from-address to-address
170 Specifies that printer information packets should be relayed from
171 one host or network to another.
172 BrowseShortNames Yes
174 BrowseShortNames No
176 Specifies whether remote printers will use short names ("printer")
177 or not ("printer@server"). This option is ignored if more than one
178 remote printer exists with the same name.
179 BrowseTimeout seconds
181 Specifies the maximum interval between printer information updates
182 before remote printers will be removed from the list of available
183 printers.
184 BrowseWebIF Yes
186 BrowseWebIF No
188 Specifies whether the CUPS web interface is advertised via DNS-SD.
189 Browsing Yes
191 Browsing No
193 Specifies whether or not remote printer browsing should be
194 enabled.
195 Classification banner
197 Specifies the security classification of the server.
198 ClassifyOverride Yes
200 ClassifyOverride No
202 Specifies whether to allow users to override the classification of
203 individual print jobs.
204 ConfigFilePerm mode
206 Specifies the permissions for all configuration files that the
207 scheduler writes.
208 ConfigurationChangeRestriction all
210 ConfigurationChangeRestriction root-only
212 ConfigurationChangeRestriction none
214 Specifies the degree of restriction for changes to cupsd.conf.
215 Keywords dealing with filenames, paths, and users are security-
216 sensitive. Changes to them via HTTP are forbidden by default
217 ("all"). The value "none" removes any restriction altogether (note
218 that this is unsafe). The value "root-only" allows only users
219 authorised as user "root" to adjust security-sensitive configura‐
220 tion settings, but note that users adjusting settings using polkit
221 (via cups-pk-helper) are authenticated as user "root".
222 DataDir path
224 Specified the directory where data files can be found.
225 DefaultAuthType Basic
227 DefaultAuthType BasicDigest
229 DefaultAuthType Digest
231 DefaultAuthType Negotiate
233 Specifies the default type of authentication to use.
234 DefaultCharset charset
236 Specifies the default character set to use for text.
237 DefaultEncryption Never
239 DefaultEncryption IfRequested
241 DefaultEncryption Required
243 Specifies the type of encryption to use for authenticated
244 requests.
245 DefaultLanguage locale
247 Specifies the default language to use for text and web content.
248 DefaultPaperSize Auto
250 DefaultPaperSize None
252 DefaultPaperSize sizename
254 Specifies the default paper size for new print queues. "Auto" uses
255 a locale- specific default, while "None" specifies there is no
256 default paper size.
257 DefaultPolicy policy-name
259 Specifies the default access policy to use.
260 DefaultShared Yes
262 DefaultShared No
264 Specifies whether local printers are shared by default.
265 Deny all
267 Deny none
269 Deny host.domain.com
271 Deny *.domain.com
273 Deny ip-address
275 Deny ip-address/netmask
277 Deny ip-address/mm
279 Deny @IF(name)
281 Deny @LOCAL
283 Denies access to the named host or address.
284 DirtyCleanInterval seconds
286 Specifies the delay for updating of configuration and state files.
287 A value of 0 causes the update to happen as soon as possible, typ‐
288 ically within a few milliseconds.
289 DocumentRoot directory
291 Specifies the root directory for the internal web server docu‐
292 ments.
293 Encryption IfRequested
295 Encryption Never
297 Encryption Required
299 Specifies the level of encryption that is required for a particu‐
300 lar location.
301 ErrorLog filename
303 ErrorLog syslog
305 Specifies the error log filename.
306 FatalErrors none
308 FatalErrors all -kind [... -kind]
310 FatalErrors kind [... kind]
312 Specifies which errors are fatal, causing the scheduler to exit.
313 "Kind" is "browse", "config", "listen", "log", or "permissions".
314 FileDevice Yes
316 FileDevice No
318 Specifies whether the file pseudo-device can be used for new
319 printer queues.
320 ErrorPolicy abort-job
322 Specifies that a failed print job should be aborted (discarded)
323 unless otherwise specified for the printer.
324 ErrorPolicy retry-job
326 Specifies that a failed print job should be retried at a later
327 time unless otherwise specified for the printer.
328 ErrorPolicy retry-this-job
330 Specifies that a failed print job should be retried immediately
331 unless otherwise specified for the printer.
332 ErrorPolicy stop-printer
334 Specifies that a failed print job should stop the printer unless
335 otherwise specified for the printer. The 'stop-printer' error pol‐
336 icy is the default.
337 FilterLimit limit
339 Specifies the maximum cost of filters that are run concurrently.
340 FilterNice nice-value
342 Specifies the scheduling priority ("nice" value) of filters that
343 are run to print a job.
344 FontPath directory[:directory:...]
346 Specifies the search path for fonts.
347 Group group-name-or-number
349 Specifies the group name or ID that will be used when executing
350 external programs.
351 HideImplicitMembers Yes
353 HideImplicitMembers No
355 Specifies whether to hide members of implicit classes.
356 HostNameLookups On
358 HostNameLookups Off
360 HostNameLookups Double
362 Specifies whether or not to do reverse lookups on client
363 addresses.
364 ImplicitAnyClasses Yes
366 ImplicitAnyClasses No
368 Specifies whether or not to create implicit classes for local and
369 remote printers, e.g. "AnyPrinter" from "Printer",
370 "Printer@server1", and "Printer@server2".
371 ImplicitClasses Yes
373 ImplicitClasses No
375 Specifies whether or not to create implicit classes from identical
376 remote printers.
377 Include filename
379 Includes the named file.
380 JobKillDelay seconds
382 Specifies the number of seconds to wait before killing the filters
383 and backend associated with a canceled or held job.
384 JobRetryInterval seconds
386 Specifies the interval between retries of jobs in seconds.
387 JobRetryLimit count
389 Specifies the number of retries that are done for jobs.
390 KeepAlive Yes
392 KeepAlive No
394 Specifies whether to support HTTP keep-alive connections.
395 KeepAliveTimeout seconds
397 Specifies the amount of time that connections are kept alive.
398 <Limit operations> ... </Limit>
400 Specifies the IPP operations that are being limited inside a pol‐
401 icy.
402 <Limit methods> ... </Limit>
404 <LimitExcept methods> ... </LimitExcept>
406 Specifies the HTTP methods that are being limited inside a loca‐
407 tion.
408 LimitRequestBody
410 Specifies the maximum size of any print job request.
411 Listen ip-address:port
413 Listen *:port
415 Listen /path/to/domain/socket
417 Listens to the specified address and port or domain socket path.
418 <Location /path> ... </Location>
420 Specifies access control for the named location.
421 LogDebugHistory #-messages
423 Specifies the number of debugging messages that are logged when an
424 error occurs in a print job.
425 LogFilePerm mode
427 Specifies the permissions for all log files that the scheduler
428 writes.
429 LogLevel alert
431 LogLevel crit
433 LogLevel debug2
435 LogLevel debug
437 LogLevel emerg
439 LogLevel error
441 LogLevel info
443 LogLevel none
445 LogLevel notice
447 LogLevel warn
449 Specifies the logging level for the ErrorLog file.
450 LogTimeFormat standard
452 LogTimeFormat usecs
454 Specifies the format of the date and time in the log files.
455 MaxClients number
457 Specifies the maximum number of simultaneous clients to support.
458 MaxClientsPerHost number
460 Specifies the maximum number of simultaneous clients to support
461 from a single address.
462 MaxCopies number
464 Specifies the maximum number of copies that a user can print of
465 each job.
466 MaxJobs number
468 Specifies the maximum number of simultaneous jobs to support.
469 MaxJobsPerPrinter number
471 Specifies the maximum number of simultaneous jobs per printer to
472 support.
473 MaxJobsPerUser number
475 Specifies the maximum number of simultaneous jobs per user to sup‐
476 port.
477 MaxLogSize number-bytes
479 Specifies the maximum size of the log files before they are
480 rotated (0 to disable rotation)
481 MaxRequestSize number-bytes
483 Specifies the maximum request/file size in bytes (0 for no limit)
484 MultipleOperationTimeout seconds
486 Specifies the maximum amount of time to allow between files in a
487 multiple file print job.
488 Order allow,deny
490 Order deny,allow
492 Specifies the order of HTTP access control (allow,deny or
493 deny,allow)
494 PageLog filename
496 PageLog syslog
498 Specifies the page log filename.
499 PageLogFormat format string
501 Specifies the format of page log lines.
502 PassEnv variable [... variable]
504 Passes the specified environment variable(s) to child processes.
505 <Policy name> ... </Policy>
507 Specifies access control for the named policy.
508 Port number
510 Specifies a port number to listen to for HTTP requests.
511 PreserveJobFiles Yes
513 PreserveJobFiles No
515 Specifies whether or not to preserve job files after they are
516 printed.
517 PreserveJobHistory Yes
519 PreserveJobHistory No
521 Specifies whether or not to preserve the job history after they
522 are printed.
523 Printcap
525 Printcap filename
527 Specifies the filename for a printcap file that is updated auto‐
528 matically with a list of available printers (needed for legacy
529 applications); specifying Printcap with no filename disables
530 printcap generation.
531 PrintcapFormat bsd
533 PrintcapFormat plist
535 PrintcapFormat solaris
537 Specifies the format of the printcap file.
538 PrintcapGUI
540 PrintcapGUI gui-program-filename
542 Specifies whether to generate option panel definition files on
543 some operating systems. When provided with no program filename,
544 disables option panel definition files.
545 ReloadTimeout seconds
547 Specifies the amount of time to wait for job completion before
548 restarting the scheduler.
549 RemoteRoot user-name
551 Specifies the username that is associated with unauthenticated
552 root accesses.
553 RequestRoot directory
555 Specifies the directory to store print jobs and other HTTP request
556 data.
557 Require group group-name-list
559 Require user user-name-list
561 Require valid-user
563 Specifies that user or group authentication is required.
564 RIPCache bytes
566 Specifies the maximum amount of memory to use when converting
567 images and PostScript files to bitmaps for a printer.
568 Satisfy all
570 Satisfy any
572 Specifies whether all or any limits set for a Location must be
573 satisfied to allow access.
574 ServerAdmin user@domain.com
576 Specifies the email address of the server administrator.
577 ServerAlias hostname
579 Specifies an alternate name that the server is known by. The spe‐
580 cial name "*" allows any name to be used.
581 ServerBin directory
583 Specifies the directory where backends, CGIs, daemons, and filters
584 may be found.
585 ServerCertificate filename
587 Specifies the encryption certificate to use.
588 ServerKey filename
590 Specifies the encryption key to use.
591 ServerName hostname-or-ip-address
593 Specifies the fully-qualified hostname of the server.
594 ServerRoot directory
596 Specifies the directory where the server configuration files can
597 be found.
598 ServerTokens Full
600 ServerTokens Major
602 ServerTokens Minimal
604 ServerTokens Minor
606 ServerTokens None
608 ServerTokens OS
610 ServerTokens ProductOnly
612 Specifies what information is included in the Server header of
613 HTTP responses.
614 SetEnv variable value
616 Set the specified environment variable to be passed to child pro‐
617 cesses.
618 SSLListen
620 Listens on the specified address and port for encrypted connec‐
621 tions.
622 SSLOptions None
624 SSLOptions [NoEmptyFragments] [AllowRC4] [Allow SSL3]
626 Sets SSL/TLS protocol options for encrypted connections. By
627 default, CUPS only supports encryption using TLS v1.0 or higher
628 using known secure cipher suites. The NoEmptyFragments option
629 allows CUPS to work with Microsoft Windows with the FIPS confor‐
630 mance mode enabled. The AllowRC4 option enables the 128-bit RC4
631 cipher suites, which are required for some older clients that do
632 not implement newer ones. The AllowSSL3 option enables SSL v3.0,
633 which is required for some older clients that do not support TLS
634 v1.0.
635 SSLPort
637 Listens on the specified port for encrypted connections.
638 SyncOnClose Yes
640 SyncOnClose No
642 Specifies whether the scheduler calls fsync(2) after writing con‐
643 figuration state files. The default is Yes.
644 SystemGroup group-name [group-name ...]
646 Specifies the group(s) to use for System class authentication.
647 TempDir directory
649 Specifies the directory where temporary files are stored.
650 Timeout seconds
652 Specifies the HTTP request timeout in seconds.
653 User user-name
655 Specifies the user name or ID that is used when running external
656 programs.
657
659 classes.conf(5), cupsd(8), mime.convs(5), mime.types(5), print‐
660 ers.conf(5), subscriptions.conf(5),
661 http://localhost:631/help
662
664 Copyright 2007-2009 by Apple Inc.
66514 July 2009 CUPS cupsd.conf(5)