1cupsd.conf(5)                    OpenPrinting                    cupsd.conf(5)
2
3
4

NAME

6       cupsd.conf - server configuration file for cups
7

DESCRIPTION

9       The  cupsd.conf  file  configures  the CUPS scheduler, cupsd(8).  It is
10       normally located in the /etc/cups directory.  Each line in the file can
11       be  a  configuration directive, a blank line, or a comment.  Configura‐
12       tion directives typically consist of a name and  zero  or  more  values
13       separated  by  whitespace.  The configuration directive name and values
14       are case-insensitive.  Comment lines start with the # character.
15
16   TOP-LEVEL DIRECTIVES
17       The following top-level directives are understood by cupsd(8):
18
19       AccessLogLevel config
20
21       AccessLogLevel actions
22
23       AccessLogLevel all
24            Specifies the logging level for the AccessLog file.  The  "config"
25            level  logs when printers and classes are added, deleted, or modi‐
26            fied and when configuration files are accessed  or  updated.   The
27            "actions"  level  logs  when  print  jobs are submitted, held, re‐
28            leased, modified, or canceled, and any of the conditions for "con‐
29            fig".   The "all" level logs all requests.  The default access log
30            level is "actions".
31
32       AutoPurgeJobs Yes
33
34       AutoPurgeJobs No
35            Specifies whether to purge job history data automatically when  it
36            is no longer required for quotas.  The default is "No".
37
38       BrowseDNSSDSubTypes_subtype[,...]
39            Specifies a list of Bonjour sub-types to advertise for each shared
40            printer.  For  example,  "BrowseDNSSDSubTypes  _cups,_print"  will
41            tell network clients that both CUPS sharing and IPP Everywhere are
42            supported.  The default is "_cups" which is necessary for  printer
43            sharing to work between systems using CUPS.
44
45       BrowseLocalProtocols all
46
47       BrowseLocalProtocols dnssd
48
49       BrowseLocalProtocols none
50            Specifies  which  protocols to use for local printer sharing.  The
51            default is "dnssd" on systems that support Bonjour and "none" oth‐
52            erwise.
53
54       BrowseWebIF Yes
55
56       BrowseWebIF No
57            Specifies  whether  the CUPS web interface is advertised.  The de‐
58            fault is "No".
59
60       Browsing Yes
61
62       Browsing No
63            Specifies whether shared printers are advertised.  The default  is
64            "No".
65
66       DefaultAuthType Basic
67            Specifies  the default type of authentication to use.  The default
68            is "Basic".
69
70       DefaultEncryption Never
71
72       DefaultEncryption IfRequested
73
74       DefaultEncryption Required
75            Specifies whether encryption will be used  for  authenticated  re‐
76            quests.  The default is "Required".
77
78       DefaultLanguage locale
79            Specifies  the  default  language to use for text and web content.
80            The default is "en".
81
82       DefaultPaperSize Auto
83
84       DefaultPaperSize None
85
86       DefaultPaperSize sizename
87            Specifies the default paper size for new print queues. "Auto" uses
88            a  locale-specific default, while "None" specifies there is no de‐
89            fault paper size.  Specific size names are typically  "Letter"  or
90            "A4".   The  default is "Auto".  Note: The default paper size must
91            use a size name from the PPD file and not  a  PWG  self-describing
92            media size name.
93
94       DefaultPolicy policy-name
95            Specifies  the  default  access policy to use.  The default access
96            policy is "default".
97
98       DefaultShared Yes
99
100       DefaultShared No
101            Specifies whether local printers are shared by default.   The  de‐
102            fault is "Yes".
103
104       DirtyCleanInterval seconds
105            Specifies the delay for updating of configuration and state files.
106            A value of 0 causes the update to happen as soon as possible, typ‐
107            ically within a few milliseconds.  The default value is "30".
108
109       DNSSDHostNamehostname.example.com
110            Specifies  the  fully-qualified domain name for the server that is
111            used for Bonjour sharing.  The default is typically  the  server's
112            ".local" hostname.
113
114       ErrorPolicy abort-job
115            Specifies  that  a  failed print job should be aborted (discarded)
116            unless otherwise specified for the printer.
117
118       ErrorPolicy retry-current-job
119            Specifies that a failed print job should  be  retried  immediately
120            unless otherwise specified for the printer.
121
122       ErrorPolicy retry-job
123            Specifies  that  a  failed  print job should be retried at a later
124            time unless otherwise specified for the printer.
125
126       ErrorPolicy stop-printer
127            Specifies that a failed print job should stop the  printer  unless
128            otherwise specified for the printer. The 'stop-printer' error pol‐
129            icy is the default.
130
131       FilterLimit limit
132            Specifies the maximum cost of filters that are  run  concurrently,
133            which can be used to minimize disk, memory, and CPU resource prob‐
134            lems.  A limit of 0 disables filter limiting.  An average print to
135            a  non-PostScript  printer  needs  a filter limit of about 200.  A
136            PostScript printer needs about half that (100).  Setting the limit
137            below  these  thresholds  will  effectively limit the scheduler to
138            printing a single job at any time.  The default limit is "0".
139
140       FilterNice nice-value
141            Specifies the scheduling priority ( nice(8) value) of filters that
142            are run to print a job.  The nice value ranges from 0, the highest
143            priority, to 19, the lowest priority.  The default is 0.
144
145       HostNameLookups On
146
147       HostNameLookups Off
148
149       HostNameLookups Double
150            Specifies whether to do reverse  lookups  on  connecting  clients.
151            The  "Double"  setting causes cupsd(8) to verify that the hostname
152            resolved from the address matches one of  the  addresses  returned
153            for  that  hostname.  Double lookups also prevent clients with un‐
154            registered addresses from connecting to your server.  The  default
155            is  "Off"  to avoid the potential server performance problems with
156            hostname lookups.  Only set this option to "On" or "Double" if ab‐
157            solutely required.
158
159       IdleExitTimeout seconds
160            Specifies  the  length of time to wait before shutting down due to
161            inactivity.  The default is "60" seconds.  Note:  Only  applicable
162            when cupsd(8) is run on-demand (e.g., with -l).
163
164       JobKillDelay seconds
165            Specifies the number of seconds to wait before killing the filters
166            and backend associated with a canceled or held job.   The  default
167            is "30".
168
169       JobRetryInterval seconds
170            Specifies  the  interval between retries of jobs in seconds.  This
171            is typically used for fax queues but can also be used with  normal
172            print  queues whose error policy is "retry-job" or "retry-current-
173            job".  The default is "30".
174
175       JobRetryLimit count
176            Specifies the number of retries that are done for jobs.   This  is
177            typically  used  for  fax  queues but can also be used with normal
178            print queues whose error policy is "retry-job" or  "retry-current-
179            job".  The default is "5".
180
181       KeepAlive Yes
182
183       KeepAlive No
184            Specifies whether to support HTTP keep-alive connections.  The de‐
185            fault is "Yes".
186
187       <Limit operation ...> ... </Limit>
188            Specifies the IPP operations that are being limited inside a  Pol‐
189            icy  section.  IPP operation names are listed below in the section
190            "IPP OPERATION NAMES".
191
192       <Limit method ...> ... </Limit>
193
194       <LimitExcept method ...> ... </LimitExcept>
195            Specifies the HTTP methods that are being limited inside  a  Loca‐
196            tion  section.  HTTP  method names are listed below in the section
197            "HTTP METHOD NAMES".
198
199       LimitRequestBody size
200            Specifies the maximum size of print files, IPP requests, and  HTML
201            form data.  The default is "0" which disables the limit check.
202
203       Listen ipv4-address:port
204
205       Listen [ipv6-address]:port
206
207       Listen *:port
208
209       Listen /path/to/domain/socket
210            Listens  to  the  specified address and port or domain socket path
211            for connections.  Multiple Listen directives can  be  provided  to
212            listen  on multiple addresses.  The Listen directive is similar to
213            the Port directive but allows you to restrict access  to  specific
214            interfaces or networks.  Note: "Listen *:port" and "Port port" ef‐
215            fectively listen on all IP addresses, so you cannot  combine  them
216            with  Listen directives for explicit IPv4 or IPv6 addresses on the
217            same port.
218
219       <Location /path> ... </Location>
220            Specifies access control for the named location.  Paths are  docu‐
221            mented below in the section "LOCATION PATHS".
222
223       LogDebugHistory number
224            Specifies  the  number of debugging messages that are retained for
225            logging if an error occurs in a  print  job.  Debug  messages  are
226            logged regardless of the LogLevel setting.
227
228       LogLevel none
229
230       LogLevel emerg
231
232       LogLevel alert
233
234       LogLevel crit
235
236       LogLevel error
237
238       LogLevel warn
239
240       LogLevel notice
241
242       LogLevel info
243
244       LogLevel debug
245
246       LogLevel debug2
247            Specifies  the  level of logging for the ErrorLog file.  The value
248            "none" stops all logging while "debug2" logs everything.  The  de‐
249            fault is "warn".
250
251       LogTimeFormat standard
252
253       LogTimeFormat usecs
254            Specifies  the  format of the date and time in the log files.  The
255            value "standard" is the  default  and  logs  whole  seconds  while
256            "usecs" logs microseconds.
257
258       MaxClients number
259            Specifies  the maximum number of simultaneous clients that are al‐
260            lowed by the scheduler.  The default is "100".
261
262       MaxClientsPerHost number
263            Specifies the maximum number of simultaneous clients that are  al‐
264            lowed from a single address.  The default is the MaxClients value.
265
266       MaxCopies number
267            Specifies  the  maximum  number of copies that a user can print of
268            each job.  The default is "9999".
269
270       MaxHoldTime seconds
271            Specifies the maximum time a job may remain  in  the  "indefinite"
272            hold  state  before it is canceled.  The default is "0" which dis‐
273            ables cancellation of held jobs.
274
275       MaxJobs number
276            Specifies the maximum number of simultaneous  jobs  that  are  al‐
277            lowed.   Set to "0" to allow an unlimited number of jobs.  The de‐
278            fault is "500".
279
280       MaxJobsPerPrinter number
281            Specifies the maximum number of simultaneous jobs that are allowed
282            per  printer.   The default is "0" which allows up to MaxJobs jobs
283            per printer.
284
285       MaxJobsPerUser number
286            Specifies the maximum number of simultaneous jobs that are allowed
287            per  user.  The default is "0" which allows up to MaxJobs jobs per
288            user.
289
290       MaxJobTime seconds
291            Specifies the maximum time a job may take to print  before  it  is
292            canceled.   Set  to  "0"  to disable cancellation of "stuck" jobs.
293            The default is "10800" (3 hours).
294
295       MaxLogSize size
296            Specifies the maximum size of the log files before  they  are  ro‐
297            tated.   The  value  "0"  disables  log  rotation.  The default is
298            "1048576" (1MB).
299
300       MaxSubscriptions number
301            Specifies the maximum number of simultaneous  event  subscriptions
302            that are allowed.  Set to "0" to allow an unlimited number of sub‐
303            scriptions.  The default is "100".
304
305       MaxSubscriptionsPerJob number
306            Specifies the maximum number of simultaneous  event  subscriptions
307            that  are  allowed per job.  The default is "0" which allows up to
308            MaxSubscriptions subscriptions per job.
309
310       MaxSubscriptionsPerPrinter number
311            Specifies the maximum number of simultaneous  event  subscriptions
312            that  are allowed per printer.  The default is "0" which allows up
313            to MaxSubscriptions subscriptions per printer.
314
315       MaxSubscriptionsPerUser number
316            Specifies the maximum number of simultaneous  event  subscriptions
317            that  are allowed per user.  The default is "0" which allows up to
318            MaxSubscriptions subscriptions per user.
319
320       MultipleOperationTimeout seconds
321            Specifies the maximum amount of time to allow between files  in  a
322            multiple file print job.  The default is "900" (15 minutes).
323
324       <Policy name> ... </Policy>
325            Specifies access control for the named policy.
326
327       Port number
328            Listens to the specified port number for connections.
329
330       PreserveJobFiles Yes
331
332       PreserveJobFiles No
333
334       PreserveJobFiles seconds
335            Specifies  whether job files (documents) are preserved after a job
336            is printed.  If a numeric value is specified, job files  are  pre‐
337            served  for  the  indicated number of seconds after printing.  The
338            default is "86400" (preserve 1 day).
339
340       PreserveJobHistory Yes
341
342       PreserveJobHistory No
343
344       PreserveJobHistory seconds
345            Specifies whether the job history is  preserved  after  a  job  is
346            printed.  If a numeric value is specified, the job history is pre‐
347            served for the indicated number of  seconds  after  printing.   If
348            "Yes",  the  job  history  is preserved until the MaxJobs limit is
349            reached.  The default is "Yes".
350
351       ReadyPaperSizes sizename[,...]
352            Specifies a list of potential paper sizes  that  are  reported  as
353            "ready"  (loaded).   The  actual list will only contain sizes that
354            each   printer   supports.     The    default    is    "Letter,Le‐
355            gal,Tabloid,4x6,Env10" when the default paper size is "Letter" and
356            "A3,A4,A5,A6,EnvDL" otherwise.  Note: Paper  sizes  must  use  the
357            size  names  from  the  PPD file and not PWG self-describing media
358            size names.
359
360       ReloadTimeout seconds
361            Specifies the amount of time to wait  for  job  completion  before
362            restarting the scheduler.  The default is "30".
363
364       ServerAdmin email-address
365            Specifies  the email address of the server administrator.  The de‐
366            fault value is "root@ServerName".
367
368       ServerAlias hostname [ ... hostname ]
369
370       ServerAlias *
371            The ServerAlias directive is used for HTTP Host header  validation
372            when  clients  connect  to the scheduler from external interfaces.
373            Using the special  name  "*"  can  expose  your  system  to  known
374            browser-based  DNS  rebinding  attacks,  even when accessing sites
375            through a firewall.  If the auto-discovery of alternate names does
376            not  work, we recommend listing each alternate name with a Server‐
377            Alias directive instead of using "*".
378
379       ServerName hostname
380            Specifies the fully-qualified hostname of the server.  The default
381            is the value reported by the hostname(1) command.
382
383       ServerTokens None
384
385       ServerTokens ProductOnly
386
387       ServerTokens Major
388
389       ServerTokens Minor
390
391       ServerTokens Minimal
392
393       ServerTokens OS
394
395       ServerTokens Full
396            Specifies  what  information  is  included in the Server header of
397            HTTP responses.  "None" disables the Server header.  "ProductOnly"
398            reports  "CUPS".  "Major" reports "CUPS/major IPP/2".  "Minor" re‐
399            ports "CUPS/major.minor  IPP/2.1".   "Minimal"  reports  "CUPS/ma‐
400            jor.minor.patch  IPP/2.1".   "OS"  reports  "CUPS/major.minor.path
401            (osname  osversion)  IPP/2.1".   "Full"  reports   "CUPS/major.mi‐
402            nor.path  (osname  osversion; architecture) IPP/2.1".  The default
403            is "Minimal".
404
405       SSLListen ipv4-address:port
406
407       SSLListen [ipv6-address]:port
408
409       SSLListen *:port
410            Listens on the specified address and port  for  encrypted  connec‐
411            tions.
412
413
414       SSLOptions  [AllowDH]  [AllowRC4]  [AllowSSL3]  [DenyCBC]  [DenyTLS1.0]
415       [MaxTLS1.0] [MaxTLS1.1] [MaxTLS1.2] [MaxTLS1.3] [MinTLS1.0] [MinTLS1.1]
416       [MinTLS1.2] [MinTLS1.3]
417
418       SSLOptions None
419            Sets  encryption  options (only in /etc/cups/client.conf).  By de‐
420            fault, CUPS only supports encryption using TLS v1.0 or higher  us‐
421            ing  known  secure  cipher suites.  Security is reduced when Allow
422            options are used.  Security is  enhanced  when  Deny  options  are
423            used.   The  AllowDH  option  enables  cipher  suites  using plain
424            Diffie-Hellman key negotiation (not supported on systems using GNU
425            TLS).   The AllowRC4 option enables the 128-bit RC4 cipher suites,
426            which are required for some older clients.  The  AllowSSL3  option
427            enables SSL v3.0, which is required for some older clients that do
428            not support TLS v1.0.  The DenyCBC option disables all CBC  cipher
429            suites.   The  DenyTLS1.0  option disables TLS v1.0 support - this
430            sets the minimum protocol version to TLS v1.1.  The MinTLS options
431            set  the  minimum  TLS version to support.  The MaxTLS options set
432            the maximum TLS version to support.   Not  all  operating  systems
433            support TLS 1.3 at this time.
434
435       SSLPort port
436            Listens on the specified port for encrypted connections.
437
438       StrictConformance Yes
439
440       StrictConformance No
441            Specifies  whether  the scheduler requires clients to strictly ad‐
442            here to the IPP specifications.  The default is "No".
443
444       Timeout seconds
445            Specifies the HTTP request timeout.  The default is "900" (15 min‐
446            utes).
447
448       WebInterface yes
449
450       WebInterface no
451            Specifies  whether  the  web interface is enabled.  The default is
452            "No".
453
454   HTTP METHOD NAMES
455       The following HTTP methods are supported by cupsd(8):
456
457       GET  Used by a client to download icons and other printer resources and
458            to access the CUPS web interface.
459
460       HEAD Used  by  a client to get the type, size, and modification date of
461            resources.
462
463       OPTIONS
464            Used by a client to establish a secure (SSL/TLS) connection.
465
466       POST Used by a client to submit IPP requests and HTML  forms  from  the
467            CUPS web interface.
468
469       PUT  Used by a client to upload configuration files.
470
471   IPP OPERATION NAMES
472       The following IPP operations are supported by cupsd(8):
473
474       CUPS-Accept-Jobs
475            Allows a printer to accept new jobs.
476
477       CUPS-Add-Modify-Class
478            Adds or modifies a printer class.
479
480       CUPS-Add-Modify-Printer
481            Adds or modifies a printer.
482
483       CUPS-Authenticate-Job
484            Releases a job that is held for authentication.
485
486       CUPS-Delete-Class
487            Deletes a printer class.
488
489       CUPS-Delete-Printer
490            Deletes a printer.
491
492       CUPS-Get-Classes
493            Gets a list of printer classes.
494
495       CUPS-Get-Default
496            Gets the server default printer or printer class.
497
498       CUPS-Get-Devices
499            Gets a list of devices that are currently available.
500
501       CUPS-Get-Document
502            Gets a document file for a job.
503
504       CUPS-Get-PPD
505            Gets a PPD file.
506
507       CUPS-Get-PPDs
508            Gets a list of installed PPD files.
509
510       CUPS-Get-Printers
511            Gets a list of printers.
512
513       CUPS-Move-Job
514            Moves a job.
515
516       CUPS-Reject-Jobs
517            Prevents a printer from accepting new jobs.
518
519       CUPS-Set-Default
520            Sets the server default printer or printer class.
521
522       Cancel-Job
523            Cancels a job.
524
525       Cancel-Jobs
526            Cancels one or more jobs.
527
528       Cancel-My-Jobs
529            Cancels one or more jobs creates by a user.
530
531       Cancel-Subscription
532            Cancels a subscription.
533
534       Close-Job
535            Closes a job that is waiting for more documents.
536
537       Create-Job
538            Creates a new job with no documents.
539
540       Create-Job-Subscriptions
541            Creates a subscription for job events.
542
543       Create-Printer-Subscriptions
544            Creates a subscription for printer events.
545
546       Get-Job-Attributes
547            Gets information about a job.
548
549       Get-Jobs
550            Gets a list of jobs.
551
552       Get-Notifications
553            Gets a list of event notifications for a subscription.
554
555       Get-Printer-Attributes
556            Gets information about a printer or printer class.
557
558       Get-Subscription-Attributes
559            Gets information about a subscription.
560
561       Get-Subscriptions
562            Gets a list of subscriptions.
563
564       Hold-Job
565            Holds a job from printing.
566
567       Hold-New-Jobs
568            Holds all new jobs from printing.
569
570       Pause-Printer
571            Stops processing of jobs by a printer or printer class.
572
573       Pause-Printer-After-Current-Job
574            Stops  processing  of jobs by a printer or printer class after the
575            current job is finished.
576
577       Print-Job
578            Creates a new job with a single document.
579
580       Purge-Jobs
581            Cancels one or more jobs and deletes the job history.
582
583       Release-Held-New-Jobs
584            Allows previously held jobs to print.
585
586       Release-Job
587            Allows a job to print.
588
589       Renew-Subscription
590            Renews a subscription.
591
592       Restart-Job
593            Reprints a job, if possible.
594
595       Send-Document
596            Adds a document to a job.
597
598       Set-Job-Attributes
599            Changes job information.
600
601       Set-Printer-Attributes
602            Changes printer or printer class information.
603
604       Validate-Job
605            Validates options for a new job.
606
607   LOCATION PATHS
608       The following paths are commonly used when configuring cupsd(8):
609
610       /    The path for all get operations (get-printers, get-jobs, etc.)
611
612       /admin
613            The path for all administration operations  (add-printer,  delete-
614            printer, start-printer, etc.)
615
616       /admin/conf
617            The  path  for access to the CUPS configuration files (cupsd.conf,
618            client.conf, etc.)
619
620       /admin/log
621            The path for access to the CUPS log files (access_log,  error_log,
622            page_log)
623
624       /classes
625            The path for all printer classes
626
627       /classes/name
628            The resource for the named printer class
629
630       /jobs
631            The path for all jobs (hold-job, release-job, etc.)
632
633       /jobs/id
634            The path for the specified job
635
636       /printers
637            The path for all printers
638
639       /printers/name
640            The path for the named printer
641
642       /printers/name.png
643            The icon file path for the named printer
644
645       /printers/name.ppd
646            The PPD file path for the named printer
647
648   DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS
649       The  following  directives may be placed inside Location and Limit sec‐
650       tions in the cupsd.conf file:
651
652       Allow all
653
654       Allow none
655
656       Allow host.domain.com
657
658       Allow *.domain.com
659
660       Allow ipv4-address
661
662       Allow ipv4-address/netmask
663
664       Allow ipv4-address/mm
665
666       Allow [ipv6-address]
667
668       Allow [ipv6-address]/mm
669
670       Allow @IF(name)
671
672       Allow @LOCAL
673            Allows access from the named hosts, domains, addresses, or  inter‐
674            faces.  The @IF(name) form uses the current subnets configured for
675            the named interface.  The @LOCAL form  uses  the  current  subnets
676            configured for all interfaces that are not point-to-point, for ex‐
677            ample Ethernet and Wi-Fi interfaces are used but DSL and  VPN  in‐
678            terfaces  are  not.   The  Order  directive controls whether Allow
679            lines are evaluated before or after Deny lines.
680
681       AuthType None
682
683       AuthType Basic
684
685       AuthType Default
686            Specifies the type of authentication  required.   The  value  "De‐
687            fault" corresponds to the DefaultAuthType value.
688
689       Deny all
690
691       Deny none
692
693       Deny host.domain.com
694
695       Deny *.domain.com
696
697       Deny ipv4-address
698
699       Deny ipv4-address/netmask
700
701       Deny ipv4-address/mm
702
703       Deny [ipv6-address]
704
705       Deny [ipv6-address]/mm
706
707       Deny @IF(name)
708
709       Deny @LOCAL
710            Denies  access from the named hosts, domains, addresses, or inter‐
711            faces.  The @IF(name) form uses the current subnets configured for
712            the  named  interface.   The  @LOCAL form uses the current subnets
713            configured for all interfaces that are not point-to-point, for ex‐
714            ample  Ethernet  and Wi-Fi interfaces are used but DSL and VPN in‐
715            terfaces are not.  The Order directive controls whether Deny lines
716            are evaluated before or after Allow lines.
717
718       Encryption IfRequested
719
720       Encryption Never
721
722       Encryption Required
723            Specifies  the level of encryption that is required for a particu‐
724            lar location.  The default value is "IfRequested".
725
726       Order allow,deny
727            Specifies that access is denied by default. Allow lines  are  then
728            processed followed by Deny lines to determine whether a client may
729            access a particular resource.
730
731       Order deny,allow
732            Specifies that access is allowed by default. Deny lines  are  then
733            processed  followed  by  Allow lines to determine whether a client
734            may access a particular resource.
735
736       Require group group-name [ group-name ... ]
737            Specifies that an authenticated user must be a member  of  one  of
738            the named groups.
739
740       Require user {user-name|@group-name} ...
741            Specifies  that  an authenticated user must match one of the named
742            users or be a member of one of the named groups.  The  group  name
743            "@SYSTEM" corresponds to the list of groups defined by the System‐
744            Group directive in the cups-files.conf(5) file.   The  group  name
745            "@OWNER" corresponds to the owner of the resource, for example the
746            person that submitted a print job.  Note: The 'root' user  is  not
747            special  and  must  be  granted privileges like any other user ac‐
748            count.
749
750       Require valid-user
751            Specifies that any authenticated user is acceptable.
752
753       Satisfy all
754            Specifies that all Allow, AuthType, Deny, Order, and Require  con‐
755            ditions must be satisfied to allow access.
756
757       Satisfy any
758            Specifies  that  any  a client may access a resource if either the
759            authentication (AuthType/Require)  or  address  (Allow/Deny/Order)
760            conditions  are  satisfied.   For example, this can be used to re‐
761            quire authentication only for remote accesses.
762
763   DIRECTIVES VALID WITHIN POLICY SECTIONS
764       The following directives may be placed inside Policy  sections  in  the
765       cupsd.conf file:
766
767       JobPrivateAccess all
768
769       JobPrivateAccess default
770
771       JobPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM} ...
772            Specifies  an  access  list  for a job's private values.  The "de‐
773            fault" access list  is  "@OWNER  @SYSTEM".   "@ACL"  maps  to  the
774            printer's requesting-user-name-allowed or requesting-user-name-de‐
775            nied values.  "@OWNER" maps to the job's owner.  "@SYSTEM" maps to
776            the  groups  listed  for  the  SystemGroup  directive in the cups-
777            files.conf(5) file.
778
779       JobPrivateValues all
780
781       JobPrivateValues default
782
783       JobPrivateValues none
784
785       JobPrivateValues attribute-name [ ... attribute-name ]
786            Specifies the list of job values to make private.   The  "default"
787            values are "job-name", "job-originating-host-name", "job-originat‐
788            ing-user-name", and "phone".
789
790       SubscriptionPrivateAccess all
791
792       SubscriptionPrivateAccess default
793
794       SubscriptionPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM} ...
795            Specifies an access list for a subscription's private values.  The
796            "default"  access  list  is  "@OWNER @SYSTEM".  "@ACL" maps to the
797            printer's requesting-user-name-allowed or requesting-user-name-de‐
798            nied values.  "@OWNER" maps to the job's owner.  "@SYSTEM" maps to
799            the groups listed for  the  SystemGroup  directive  in  the  cups-
800            files.conf(5) file.
801
802       SubscriptionPrivateValues all
803
804       SubscriptionPrivateValues default
805
806       SubscriptionPrivateValues none
807
808       SubscriptionPrivateValues attribute-name [ ... attribute-name ]
809            Specifies  the  list  of subscription values to make private.  The
810            "default" values are "notify-events",  "notify-pull-method",  "no‐
811            tify-recipient-uri",  "notify-subscriber-user-name",  and "notify-
812            user-data".
813
814   DEPRECATED DIRECTIVES
815       The following directives are deprecated and will be removed in a future
816       release of CUPS:
817
818       AuthType Negotiate
819            Specifies Kerberos authentication is required.
820
821       Classification banner
822            Specifies  the  security  classification of the server.  Any valid
823            banner name can be used, including  "classified",  "confidential",
824            "secret",  "topsecret",  and  "unclassified", or the banner can be
825            omitted to disable secure printing functions.  The default  is  no
826            classification banner.
827
828       ClassifyOverride Yes
829
830       ClassifyOverride No
831            Specifies  whether  users  may  override the classification (cover
832            page) of individual print jobs using the "job-sheets" option.  The
833            default is "No".
834
835       DefaultAuthType Negotiate
836            Specifies that Kerberos authentication is required by default.
837
838       GSSServiceName name
839            Specifies  the  service  name  when using Kerberos authentication.
840            The default service name is "http."
841
842       PageLogFormat format-string
843            Specifies the format of PageLog lines.  Sequences  beginning  with
844            percent  (%) characters are replaced with the corresponding infor‐
845            mation, while all other characters are copied literally.  The fol‐
846            lowing percent sequences are recognized:
847
848                "%%" inserts a single percent character.
849                "%{name}" inserts the value of the specified IPP attribute.
850                "%C" inserts the number of copies for the current page.
851                "%P" inserts the current page number.
852                "%T" inserts the current date and time in common log format.
853                "%j" inserts the job ID.
854                "%p" inserts the printer name.
855                "%u" inserts the username.
856
857            The default is the empty string, which disables page logging.  The
858            string "%p %u %j %T %P %C  %{job-billing}  %{job-originating-host-
859            name}  %{job-name}  %{media} %{sides}" creates a page log with the
860            standard items.  Use "%{job-impressions-completed}" to insert  the
861            number of pages (sides) that were printed, or "%{job-media-sheets-
862            completed}" to insert the number of sheets that were printed.
863

NOTES

865       File, directory, and user configuration directives that used to be  al‐
866       lowed  in  the cupsd.conf file are now stored in the cups-files.conf(5)
867       file instead in order to prevent certain types of privilege  escalation
868       attacks.
869
870       The  scheduler  MUST  be restarted manually after making changes to the
871       cupsd.conf file.  On Linux this is typically  done  using  the  system‐
872       ctl(8)  command,  while  on  macOS the launchctl(8) command is used in‐
873       stead.
874
875       The @LOCAL macro name can be confusing since the system  running  cupsd
876       often belongs to a different set of subnets from its clients.
877

CONFORMING TO

879       The  cupsd.conf file format is based on the Apache HTTP Server configu‐
880       ration file format.
881

EXAMPLES

883       Log everything with a maximum log file size of 32 megabytes:
884
885           AccessLogLevel all
886           LogLevel debug2
887           MaxLogSize 32m
888
889       Require authentication for accesses from outside the 10. network:
890
891           <Location />
892           Order allow,deny
893           Allow from 10./8
894           AuthType Basic
895           Require valid-user
896           Satisfy any
897           </Location>
898

SEE ALSO

900       classes.conf(5),    cups-files.conf(5),    cupsd(8),     mime.convs(5),
901       mime.types(5),  printers.conf(5),  subscriptions.conf(5),  CUPS  Online
902       Help (http://localhost:631/help)
903
905       Copyright © 2020-2023 by OpenPrinting.
906
907
908
9092021-10-01                           CUPS                        cupsd.conf(5)
Impressum