<HTML> <!-- SECTION: References --> <HEAD> <TITLE>cupsd.conf</TITLE> </HEAD> <BODY> <P>The <VAR>/etc/cups/cupsd.conf</VAR> file contains configuration <I>directives</I> that control how the server functions. Each directive is listed on a line by itself followed by its value. Comments are introduced using the number sign ("#") character at the beginning of a line.</P> <P>Since the server configuration file consists of plain text, you can use your favorite text editor to make changes to it. After making any changes, restart the <CODE>cupsd(8)</CODE> process using the startup script for your operating system:</P> <UL> <LI>AIX, IRIX, Linux, Solaris: <PRE CLASS="command"> /etc/init.d/cups restart </PRE></LI> <LI>HP-UX: <PRE CLASS="command"> /sbin/init.d/cups restart </PRE></LI> <LI>MacOS X: <PRE CLASS="command"> sudo launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist sudo launchctl load /System/Library/LaunchDaemons/org.cups.cupsd.plist </PRE></LI> </UL> <P>You can also edit this file from the CUPS web interface, which automatically handles restarting the scheduler.</P> <H2 CLASS="title"><A NAME="AccessLog">AccessLog</A></H2> <H3>Examples</H3> <PRE CLASS="command"> AccessLog /var/log/cups/access_log AccessLog /var/log/cups/access_log-%s AccessLog syslog </PRE> <H3>Description</H3> <P>The <CODE>AccessLog</CODE> directive sets the name of the access log file. If the filename is not absolute then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The access log file is stored in "common log format" and can be used by any web access reporting tool to generate a report on CUPS server activity.</P> <P>The server name can be included in the filename by using <CODE>%s</CODE> in the name.</P> <P>The special name "syslog" can be used to send the access information to the system log instead of a plain file.</P> <P>The default access log file is <VAR>/var/log/cups/access_log</VAR>.</P> <H2 CLASS="title"><A NAME="Allow">Allow</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... Allow from All Allow from None Allow from *.domain.com Allow from .domain.com Allow from host.domain.com Allow from nnn.* Allow from nnn.nnn.* Allow from nnn.nnn.nnn.* Allow from nnn.nnn.nnn.nnn Allow from nnn.nnn.nnn.nnn/mm Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Allow from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx Allow from @LOCAL Allow from @IF(name) </Location> </PRE> <H3>Description</H3> <P>The <CODE>Allow</CODE> directive specifies a hostname, IP address, or network that is allowed access to the server. <CODE>Allow</CODE> directives are cummulative, so multiple <CODE>Allow</CODE> directives can be used to allow access for multiple hosts or networks. The <CODE>/mm</CODE> notation specifies a CIDR netmask, as shown in Table 1.</P> <DIV CLASS="table"><TABLE SUMMARY="CIDR Netmasks"> <CAPTION>Table 1: <A NAME="TABLE1">CIDR Netmasks</A></CAPTION> <TR> <TH WIDTH="10%">mm</TH> <TH WIDTH="20%">netmask</TH> <TH WIDTH="10%">mm</TH> <TH WIDTH="20%">netmask</TH> </TR> <TR> <TD ALIGN="CENTER">0</TD> <TD ALIGN="CENTER">0.0.0.0</TD> <TD ALIGN="CENTER">8</TD> <TD ALIGN="CENTER">255.0.0.0</TD> </TR> <TR> <TD ALIGN="CENTER">1</TD> <TD ALIGN="CENTER">128.0.0.0</TD> <TD ALIGN="CENTER">16</TD> <TD ALIGN="CENTER">255.255.0.0</TD> </TR> <TR> <TD ALIGN="CENTER">2</TD> <TD ALIGN="CENTER">192.0.0.0</TD> <TD ALIGN="CENTER">24</TD> <TD ALIGN="CENTER">255.255.255.0</TD> </TR> <TR> <TD ALIGN="CENTER">...</TD> <TD ALIGN="CENTER">...</TD> <TD ALIGN="CENTER">32</TD> <TD ALIGN="CENTER">255.255.255.255</TD> </TR> </TABLE></DIV> <P>The <CODE>@LOCAL</CODE> name will allow access from all local interfaces. The <CODE>@IF(name)</CODE> name will allow access from the named interface. In both cases, CUPS only allows access from the network that the interface(s) are configured for - requests arriving on the interface from a foreign network will <em>not</em> be accepted.</P> <P>The <CODE>Allow</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthClass">AuthClass</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... AuthClass Anonymous AuthClass User AuthClass System AuthClass Group </Location> </PRE> <H3>Description</H3> <P>The <CODE>AuthClass</CODE> directive defines what level of authentication is required:</P> <UL> <LI><CODE>Anonymous</CODE> - No authentication should be performed (default)</LI> <LI><CODE>User</CODE> - A valid username and password is required</LI> <LI><CODE>System</CODE> - A valid username and password is required, and the username must belong to the "sys" group; this can be changed using the <A HREF="#SystemGroup"><CODE>SystemGroup</CODE></A> directive</LI> <LI><CODE>Group</CODE> - A valid username and password is required, and the username must belong to the group named by the <A HREF="#AuthGroupName"><CODE>AuthGroupName</CODE></A> directive</LI> </UL> <P>The <CODE>AuthClass</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <P><B>This directive is deprecated and will be removed from a future release of CUPS.</B> Consider using the more flexible <A HREF="#Require"><CODE>Require</CODE></A> directive instead.</P> <H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthGroupName">AuthGroupName</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... AuthGroupName mygroup AuthGroupName lp </Location> </PRE> <H3>Description</H3> <P>The <CODE>AuthGroupName</CODE> directive sets the group to use for <CODE>Group</CODE> authentication.</P> <P>The <CODE>AuthGroupName</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <P><B>This directive is deprecated and will be removed from a future release of CUPS.</B> Consider using the more flexible <A HREF="#Require"><CODE>Require</CODE></A> directive instead.</P> <H2 CLASS="title"><A NAME="AuthType">AuthType</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... AuthType None AuthType Basic AuthType Digest AuthType BasicDigest AuthType Negotiate </Location> </PRE> <H3>Description</H3> <P>The <CODE>AuthType</CODE> directive defines the type of authentication to perform:</P> <UL> <LI><CODE>None</CODE> - No authentication should be performed (default)</LI> <LI><CODE>Basic</CODE> - Basic authentication should be performed using the UNIX password and group files</LI> <LI><CODE>Digest</CODE> - Digest authentication should be performed using the <VAR>/etc/cups/passwd.md5</VAR> file</LI> <LI><CODE>BasicDigest</CODE> - Basic authentication should be performed using the <VAR>/etc/cups/passwd.md5</VAR> file</LI> <LI><CODE>Negotiate</CODE> - Kerberos authentication should be performed</LI> </UL> <P>When using <CODE>Basic</CODE>, <CODE>Digest</CODE>, <CODE>BasicDigest</CODE>, or <CODE>Negotiate</CODE> authentication, clients connecting through the <CODE>localhost</CODE> interface can also authenticate using certificates.</P> <P>The <CODE>AuthType</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><A NAME="AutoPurgeJobs">AutoPurgeJobs</A></H2> <H3>Examples</H3> <PRE CLASS="command"> AutoPurgeJobs Yes AutoPurgeJobs No </PRE> <H3>Description</H3> <P>The <CODE>AutoPurgeJobs</CODE> directive specifies whether or not to purge completed jobs once they are no longer required for quotas. This option has no effect if quotas are not enabled. The default setting is <CODE>No</CODE>.</P> <H2 CLASS="title"><A NAME="BrowseAddress">BrowseAddress</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseAddress 255.255.255.255:631 BrowseAddress 192.0.2.255:631 BrowseAddress host.domain.com:631 BrowseAddress @LOCAL BrowseAddress @IF(name) </PRE> <H3>Description</H3> <P>The <CODE>BrowseAddress</CODE> directive specifies an address to send browsing information to. Multiple <CODE>BrowseAddress</CODE> directives can be specified to send browsing information to different networks or systems.</P> <P>The <CODE>@LOCAL</CODE> name will broadcast printer information to all local interfaces. The <CODE>@IF(name)</CODE> name will broadcast to the named interface.</P> <P>There is no default browse address.</P> <BLOCKQUOTE><B>Note:</B> <P>If you are using HP-UX 10.20 and a subnet that is not 24, 16, or 8 bits, printer browsing (and in fact all broadcast reception) will not work. This problem appears to be fixed in HP-UX 11.0.</P> </BLOCKQUOTE> <H2 CLASS="title"><A NAME="BrowseAllow">BrowseAllow</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseAllow from all BrowseAllow from none BrowseAllow from 192.0.2 BrowseAllow from 192.0.2.0/24 BrowseAllow from 192.0.2.0/255.255.255.0 BrowseAllow from *.domain.com BrowseAllow from @LOCAL BrowseAllow from @IF(name) </PRE> <H3>Description</H3> <P>The <CODE>BrowseAllow</CODE> directive specifies a system or network to accept browse packets from. The default is to accept browse packets from all hosts.</P> <P>Host and domain name matching require that you enable the <A HREF="#HostNameLookups"><CODE>HostNameLookups</CODE></A> directive.</P> <P>IP address matching supports exact matches, partial addresses that match networks using netmasks of 255.0.0.0, 255.255.0.0, and 255.255.255.0, or network addresses using the specified netmask or bit count.</P> <P>The <CODE>@LOCAL</CODE> name will allow browse data from all local interfaces. The <CODE>@IF(name)</CODE> name will allow browse data from the named interface. In both cases, CUPS only allows data from the network that the interface(s) are configured for - data arriving on the interface from a foreign network will <em>not</em> be allowed.</P> <H2 CLASS="title"><A NAME="BrowseDeny">BrowseDeny</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseDeny from all BrowseDeny from none BrowseDeny from 192.0.2 BrowseDeny from 192.0.2.0/24 BrowseDeny from 192.0.2.0/255.255.255.0 BrowseDeny from *.domain.com BrowseDeny from @LOCAL BrowseDeny from @IF(name) </PRE> <H3>Description</H3> <P>The <CODE>BrowseDeny</CODE> directive specifies a system or network to reject browse packets from. The default is to not deny browse packets from any hosts.</P> <P>Host and domain name matching require that you enable the <A HREF="#HostNameLookups"><CODE>HostNameLookups</CODE></A> directive.</P> <P>IP address matching supports exact matches, partial addresses that match networks using netmasks of 255.0.0.0, 255.255.0.0, and 255.255.255.0, or network addresses using the specified netmask or bit count.</P> <P>The <CODE>@LOCAL</CODE> name will block browse data from all local interfaces. The <CODE>@IF(name)</CODE> name will block browse data from the named interface. In both cases, CUPS only blocks data from the network that the interface(s) are configured for - data arriving on the interface from a foreign network will <em>not</em> be blocked.</P> <H2 CLASS="title"><A NAME="BrowseInterval">BrowseInterval</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseInterval 0 BrowseInterval 30 </PRE> <H3>Description</H3> <P>The <CODE>BrowseInterval</CODE> directive specifies the maximum amount of time between browsing updates. Specifying a value of 0 seconds disables outgoing browse updates but allows a server to receive printer information from other hosts.</P> <P>The <CODE>BrowseInterval</CODE> value should always be less than the <A HREF="#BrowseTimeout"><CODE>BrowseTimeout</CODE></A> value. Otherwise printers and classes will disappear from client systems between updates.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPBindDN">BrowseLDAPBindDN</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLDAPBindDN foo </PRE> <H3>Description</H3> <P>The <CODE>BrowseLDAPBindDN</CODE> directive specifies the LDAP domain name to use when listening for printer registrations. The default is undefined.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPDN">BrowseLDAPDN</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLDAPDN bar </PRE> <H3>Description</H3> <P>The <CODE>BrowseLDAPDN</CODE> directive specifies the LDAP domain name to use when registering local shared printers. The default is undefined.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPPassword">BrowseLDAPPassword</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLDAPPassword foo123 </PRE> <H3>Description</H3> <P>The <CODE>BrowseLDAPPassword</CODE> directive specifies the access password to use when connecting to the LDAP server. The default is undefined.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPServer">BrowseLDAPServer</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLDAPServer localhost </PRE> <H3>Description</H3> <P>The <CODE>BrowseLDAPServer</CODE> directive specifies the name of the LDAP server to connect to. The default is undefined.</P> <H2 CLASS="title"><A NAME="BrowseLocalOptions">BrowseLocalOptions</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLocalOptions compression=yes BrowseLocalOptions encryption=required BrowseLocalOptions compression=yes&encryption=required </PRE> <H3>Description</H3> <P>The <CODE>BrowseLocalOptions</CODE> directive specifies additional IPP backend options to advertise with local shared printers. The default is to not include any options.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLocalProtocols">BrowseLocalProtocols</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseLocalProtocols all BrowseLocalProtocols none BrowseLocalProtocols cups BrowseLocalProtocols dnssd BrowseLocalProtocols ldap BrowseLocalProtocols slp BrowseLocalProtocols cups dnssd </PRE> <H3>Description</H3> <P>The <CODE>BrowseLocalProtocols</CODE> directive specifies the protocols to use when advertising local shared printers on the network. Multiple protocols can be specified by separating them with spaces. The default is <CODE>CUPS</CODE>.</P> <H2 CLASS="title"><A NAME="BrowseOrder">BrowseOrder</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseOrder allow,deny BrowseOrder deny,allow </PRE> <H3>Description</H3> <P>The <CODE>BrowseOrder</CODE> directive specifies the order of allow/deny processing. The default order is <CODE>deny,allow</CODE>:</P> <UL> <LI><CODE>allow,deny</CODE> - Deny browse packets by default, then check <CODE>BrowseAllow</CODE> lines followed by <CODE>BrowseDeny</CODE> lines.</LI> <LI><CODE>deny,allow</CODE> - Allow browse packets by default, then check <CODE>BrowseDeny</CODE> lines followed by <CODE>BrowseAllow</CODE> lines.</LI> </UL> <H2 CLASS="title"><A NAME="BrowsePoll">BrowsePoll</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowsePoll 192.0.2.2:631 BrowsePoll host.domain.com:631 </PRE> <H3>Description</H3> <P>The <CODE>BrowsePoll</CODE> directive polls a server for available printers once every <A HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> seconds. Multiple <CODE>BrowsePoll</CODE> directives can be specified to poll multiple servers.</P> <P>If <CODE>BrowseInterval</CODE> is set to 0 then the server is polled once every 30 seconds.</P> <H2 CLASS="title"><A NAME="BrowsePort">BrowsePort</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowsePort 631 BrowsePort 9999 </PRE> <H3>Description</H3> <P>The <CODE>BrowsePort</CODE> directive specifies the UDP port number used for browse packets. The default port number is 631.</P> <BLOCKQUOTE><B>Note:</B> <P>You must set the <CODE>BrowsePort</CODE> to the same value on all of the systems that you want to see. </BLOCKQUOTE> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="BrowseProtocols">BrowseProtocols</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseProtocols all BrowseProtocols none BrowseProtocols cups BrowseProtocols dnssd BrowseProtocols ldap BrowseProtocols slp BrowseProtocols cups dnssd </PRE> <H3>Description</H3> <P>The <CODE>BrowseProtocols</CODE> directive specifies the protocols to use when showing and advertising shared printers on the local network. Multiple protocols can be specified by separating them with spaces. The default protocol is <CODE>CUPS dnssd</CODE> for <A HREF="#BrowseLocalProtocols"><CODE>BrowseLocalProtocols</CODE></A> and <CODE>CUPS</CODE> for <A HREF="#BrowseRemoteProtocols"><CODE>BrowseRemoteProtocols</CODE></A>.</P> <BLOCKQUOTE><B>Note:</B> <P>When using the <CODE>SLP</CODE> protocol, you must have at least one Directory Agent (DA) server on your network. Otherwise the CUPS scheduler (<CODE>cupsd</CODE>) will not respond to client requests for several seconds while polling the network.</P> </BLOCKQUOTE> <H2 CLASS="title"><A NAME="BrowseRelay">BrowseRelay</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseRelay 193.0.2.1 192.0.2.255 BrowseRelay 193.0.2.0/255.255.255.0 192.0.2.255 BrowseRelay 193.0.2.0/24 192.0.2.255 BrowseRelay *.domain.com 192.0.2.255 BrowseRelay host.domain.com 192.0.2.255 </PRE> <H3>Description</H3> <P>The <CODE>BrowseRelay</CODE> directive specifies source and destination addresses for relaying browsing information from one host or network to another. Multiple <CODE>BrowseRelay</CODE> directives can be specified as needed.</P> <P><CODE>BrowseRelay</CODE> is typically used on systems that bridge multiple subnets using one or more network interfaces. It can also be used to relay printer information from polled servers with the line:</P> <PRE CLASS="command"> BrowseRelay 127.0.0.1 @LOCAL </PRE> <P>This effectively provides access to printers on a WAN for all clients on the LAN(s).</P> <H2 CLASS="title"><A NAME="BrowseRemoteOptions">BrowseRemoteOptions</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseRemoteOptions compression=yes BrowseRemoteOptions encryption=required BrowseRemoteOptions ?compression=yes&encryption=required </PRE> <H3>Description</H3> <P>The <CODE>BrowseRemoteOptions</CODE> directive specifies additional IPP backend options to include with remote shared printers. If the options string begins with a question mark (?), the options replace any options specified by the remote server. The default is to not include any options.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseRemoteProtocols">BrowseRemoteProtocols</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseRemoteProtocols all BrowseRemoteProtocols none BrowseRemoteProtocols cups BrowseRemoteProtocols dnssd BrowseRemoteProtocols ldap BrowseRemoteProtocols slp BrowseRemoteProtocols cups dnssd </PRE> <H3>Description</H3> <P>The <CODE>BrowseRemoteProtocols</CODE> directive specifies the protocols to use when finding remote shared printers on the network. Multiple protocols can be specified by separating them with spaces. The default is <CODE>CUPS</CODE>.</P> <H2 CLASS="title"><A NAME="BrowseShortNames">BrowseShortNames</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseShortNames Yes BrowseShortNames No </PRE> <H3>Description</H3> <P>The <CODE>BrowseShortNames</CODE> directive specifies whether or not short names are used for remote printers when possible. Short names are just the remote printer name, without the server ("printer"). If more than one remote printer is detected with the same name, the printers will have long names ("printer@server1", "printer@server2".)</P> <P>The default value for this option is <CODE>Yes</CODE>.</P> <H2 CLASS="title"><A NAME="BrowseTimeout">BrowseTimeout</A></H2> <H3>Examples</H3> <PRE CLASS="command"> BrowseTimeout 300 BrowseTimeout 60 </PRE> <H3>Description</H3> <P>The <CODE>BrowseTimeout</CODE> directive sets the timeout for printer or class information that is received in browse packets. Once a printer or class times out it is removed from the list of available destinations.</P> <P>The <CODE>BrowseTimeout</CODE> value should always be greater than the <A HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> value. Otherwise printers and classes will disappear from client systems between updates.</P> <H2 CLASS="title"><A NAME="Browsing">Browsing</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Browsing On Browsing Off </PRE> <H3>Description</H3> <P>The <CODE>Browsing</CODE> directive controls whether or not network printer browsing is enabled. The default setting is <CODE>Yes</CODE>.</P> <P>This directive does not enable sharing of local printers by itself; you must also use the <A HREF="#BrowseAddress"><CODE>BrowseAddress</CODE></A> or <A HREF="#BrowseProtocols"><CODE>BrowseProtocols</CODE></A> directives to advertise local printers to other systems.</P> <BLOCKQUOTE><B>Note:</B> <P>If you are using HP-UX 10.20 and a subnet that is not 24, 16, or 8 bits, printer browsing (and in fact all broadcast reception) will not work. This problem appears to be fixed in HP-UX 11.0.</P> </BLOCKQUOTE> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Classification">Classification</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Classification Classification classified Classification confidential Classification secret Classification topsecret Classification unclassified </PRE> <H3>Description</H3> <P>The <CODE>Classification</CODE> directive sets the classification level on the server. When this option is set, at least one of the banner pages is forced to the classification level, and the classification is placed on each page of output. The default is no classification level.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="ClassifyOverride">ClassifyOverride</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ClassifyOverride Yes ClassifyOverride No </PRE> <H3>Description</H3> <P>The <CODE>ClassifyOverride</CODE> directive specifies whether users can override the default classification level on the server. When the server classification is set, users can change the classification using the <CODE>job-sheets</CODE> option and can choose to only print one security banner before or after the job. If the <CODE>job-sheets</CODE> option is set to <CODE>none</CODE> then the server default classification is used.</P> <P>The default is to not allow classification overrides.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="ConfigFilePerm">ConfigFilePerm</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ConfigFilePerm 0644 ConfigFilePerm 0640 </PRE> <H3>Description</H3> <P>The <CODE>ConfigFilePerm</CODE> directive specifies the permissions to use when writing configuration files. The default is 640.</P> <H2 CLASS="title"><A NAME="ConfigurationChangeRestriction">ConfigurationChangeRestriction</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ConfigurationChangeRestriction all ConfigurationChangeRestriction root-only ConfigurationChangeRestriction none </PRE> <H3>Description</H3> <P>The <CODE>ConfigurationChangeRestriction</CODE> directive specifies the degree of restriction for changes to cupsd.conf. Keywords dealing with filenames, paths, and users are security-sensitive. Changes to them via HTTP are forbidden by default (<CODE>all</CODE>). The value <CODE>none</CODE> removes any restriction altogether (note that this is unsafe). The value <CODE>root-only</CODE> allows only users authorised as user "root" to adjust security-sensitive configuration settings, but note that users adjusting settings using polkit (via cups-pk-helper) are authenticated as user "root".</P> <H2 CLASS="title"><A NAME="DataDir">DataDir</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DataDir /usr/share/cups </PRE> <H3>Description</H3> <P>The <CODE>DataDir</CODE> directive sets the directory to use for data files.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultAuthType">DefaultAuthType</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultAuthType Basic DefaultAuthType BasicDigest DefaultAuthType Digest DefaultAuthType Negotiate </PRE> <H3>Description</H3> <P>The <CODE>DefaultAuthType</CODE> directive specifies the type of authentication to use for IPP operations that require a username. The default is <CODE>Basic</CODE>.</P> <H2 CLASS="title"><A NAME="DefaultCharset">DefaultCharset</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultCharset utf-8 DefaultCharset iso-8859-1 DefaultCharset windows-1251 </PRE> <H3>Description</H3> <P>The <CODE>DefaultCharset</CODE> directive sets the default character set to use for client connections. The default character set is <CODE>utf-8</CODE> but is overridden by the character set for the language specified by the client or the <CODE>DefaultLanguage</CODE> directive.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultEncryption">DefaultEncryption</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultEncryption Never DefaultEncryption IfRequested DefaultEncryption Required </PRE> <H3>Description</H3> <P>The <CODE>DefaultEncryption</CODE> directive specifies the type of encryption to use when performing authentication. The default is <CODE>Required</CODE>.</P> <H2 CLASS="title"><A NAME="DefaultLanguage">DefaultLanguage</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultLanguage de DefaultLanguage en DefaultLanguage es DefaultLanguage fr DefaultLanguage it </PRE> <H3>Description</H3> <P>The <CODE>DefaultLanguage</CODE> directive specifies the default language to use for client connections. Setting the default language also sets the default character set if a language localization file exists for it. The default language is "en" for English.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultPolicy">DefaultPolicy</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultPolicy default DefaultPolicy foo </PRE> <H3>Description</H3> <P>The <CODE>DefaultPolicy</CODE> directive specifies the default policy to use for IPP operation. The default is <CODE>default</CODE>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultShared">DefaultShared</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DefaultShared yes DefaultShared no </PRE> <H3>Description</H3> <P>The <CODE>DefaultShared</CODE> directive specifies whether printers are shared (published) by default. The default is <CODE>Yes</CODE>.</P> <H2 CLASS="title"><A NAME="Deny">Deny</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> .. Deny from All Deny from None Deny from *.domain.com Deny from .domain.com Deny from host.domain.com Deny from nnn.* Deny from nnn.nnn.* Deny from nnn.nnn.nnn.* Deny from nnn.nnn.nnn.nnn Deny from nnn.nnn.nnn.nnn/mm Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm Deny from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx Deny from @LOCAL Deny from @IF(name) </Location> </PRE> <H3>Description</H3> <P>The <CODE>Deny</CODE> directive specifies a hostname, IP address, or network that is allowed access to the server. <CODE>Deny</CODE> directives are cummulative, so multiple <CODE>Deny</CODE> directives can be used to allow access for multiple hosts or networks. The <CODE>/mm</CODE> notation specifies a CIDR netmask, a shown in <A HREF="TABLE1">Table 1</A>.</P> <P>The <CODE>@LOCAL</CODE> name will deny access from all local interfaces. The <CODE>@IF(name)</CODE> name will deny access from the named interface. In both cases, CUPS only denies access from the network that the interface(s) are configured for - requests arriving on the interface from a foreign network will <em>not</em> be denied.</P> <P>The <CODE>Deny</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><A NAME="DocumentRoot">DocumentRoot</A></H2> <H3>Examples</H3> <PRE CLASS="command"> DocumentRoot /usr/share/doc/cups DocumentRoot /foo/bar/doc/cups </PRE> <H3>Description</H3> <P>The <CODE>DocumentRoot</CODE> directive specifies the location of web content for the HTTP server in CUPS. If an absolute path is not specified then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The default directory is <VAR>/usr/share/doc/cups-1.3.7</VAR>.</P> <P>Documents are first looked up in a sub-directory for the primary language requested by the client (e.g. <VAR>/usr/share/doc/cups-1.3.7/fr/...</VAR>) and then directly under the <CODE>DocumentRoot</CODE> directory (e.g. <VAR>/usr/share/doc/cups-1.3.7/...</VAR>), so it is possible to localize the web content by providing subdirectories for each language needed.</P> <H2 CLASS="title"><A NAME="Encryption">Encryption</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... Encryption Never Encryption IfRequested Encryption Required </Location> </PRE> <H3>Description</H3> <P>The <CODE>Encryption</CODE> directive must appear instead a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section and specifies the encryption settings for that location. The default setting is <CODE>IfRequested</CODE> for all locations.</P> <H2 CLASS="title"><A NAME="ErrorLog">ErrorLog</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ErrorLog /var/log/cups/error_log ErrorLog /var/log/cups/error_log-%s ErrorLog syslog </PRE> <H3>Description</H3> <P>The <CODE>ErrorLog</CODE> directive sets the name of the error log file. If the filename is not absolute then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The default error log file is <VAR>/var/log/cups/error_log</VAR>.</P> <P>The server name can be included in the filename by using <CODE>%s</CODE> in the name.</P> <P>The special name "syslog" can be used to send the error information to the system log instead of a plain file.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3</SPAN><A NAME="ErrorPolicy">ErrorPolicy</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ErrorPolicy abort-job ErrorPolicy retry-job ErrorPolicy stop-printer </PRE> <H3>Description</H3> <P>The <CODE>ErrorPolicy</CODE> directive defines the default policy that is used when a backend is unable to send a print job to the printer.</P> <P>The following values are supported:</P> <UL> <LI><CODE>abort-job</CODE> - Abort the job and proceed with the next job in the queue</LI> <LI><CODE>retry-job</CODE> - Retry the job after waiting for N seconds; the <VAR>cupsd.conf</VAR> <A HREF="#JobRetryInterval"><CODE>JobRetryInterval</CODE></A> directive controls the value of N</LI> <LI><CODE>stop-printer</CODE> - Stop the printer and keep the job for future printing; this is the default value</LI> </UL> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.4</SPAN><A NAME="FatalErrors">FatalErrors</A></H2> <H3>Examples</H3> <PRE CLASS="command"> FatalErrors none FatalErrors all FatalErrors browse FatalErrors config FatalErrors listen FatalErrors log FatalErrors permissions FatalErrors all -permissions FatalErrors config permissions log </PRE> <H3>Description</H3> <P>The <CODE>FatalErrors</CODE> directive determines whether certain kinds of errors are fatal. The following kinds of errors are currently recognized:</P> <UL> <LI><CODE>none</CODE> - No errors are fatal</LI> <LI><CODE>all</CODE> - All of the errors below are fatal</LI> <LI><CODE>browse</CODE> - Browsing initialization errors are fatal, for example failed binding to the CUPS browse port or failed connections to LDAP servers</LI> <LI><CODE>config</CODE> - Configuration file syntax errors are fatal</LI> <LI><CODE>listen</CODE> - Listen or Port errors are fatal, except for IPv6 failures on the loopback or "any" addresses</LI> <LI><CODE>log</CODE> - Log file creation or write errors are fatal</LI> <LI><CODE>permissions</CODE> - Bad startup file permissions are fatal, for example shared SSL certificate and key files with world- read permissions</LI> </UL> <P>Multiple errors can be listed, and the form "-kind" can be used with <CODE>all</CODE> to remove specific kinds of errors. The default setting is <CODE>config</CODE>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.18</SPAN><A NAME="FileDevice">FileDevice</A></H2> <H3>Examples</H3> <PRE CLASS="command"> FileDevice Yes FileDevice No </PRE> <H3>Description</H3> <P>The <CODE>FileDevice</CODE> directive determines whether the scheduler allows new printers to be added using device URIs of the form <CODE>file:/filename</CODE>. File devices are most often used to test new printer drivers and do not support raw file printing.</P> <P>The default setting is <CODE>No</CODE>.</P> <BLOCKQUOTE><B>Note:</B> <P>File devices are managed by the scheduler. Since the scheduler normally runs as the root user, file devices can be used to overwrite system files and potentially gain unauthorized access to the system. If you must create printers using file devices, we recommend that you set the <CODE>FileDevice</CODE> directive to <CODE>Yes</CODE> for only as long as you need to add the printers to the system, and then reset the directive to <CODE>No</CODE>.</P> </BLOCKQUOTE> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="FilterLimit">FilterLimit</A></H2> <H3>Examples</H3> <PRE CLASS="command"> FilterLimit 0 FilterLimit 200 FilterLimit 1000 </PRE> <H3>Description</H3> <P>The <CODE>FilterLimit</CODE> directive sets the maximum cost of all running job filters. It can be used to limit the number of filter programs that are run on a server to minimize disk, memory, and CPU resource problems. A limit of 0 disables filter limiting.</P> <P>An average print to a non-PostScript printer needs a filter limit of about 200. A PostScript printer needs about half that (100). Setting the limit below these thresholds will effectively limit the scheduler to printing a single job at any time.</P> <P>The default limit is 0.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="FilterNice">FilterNice</A></H2> <H3>Examples</H3> <PRE CLASS="command"> FilterNice 0 FilterNice 10 FilterNice 19 </PRE> <H3>Description</H3> <P>The <CODE>FilterNice</CODE> directive sets the <B>nice(1)</B> value to assign to filter processes. The nice value ranges from 0, the highest priority, to 19, the lowest priority. The default is 0.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="FontPath">FontPath</A></H2> <H3>Examples</H3> <PRE CLASS="command"> FontPath /foo/bar/fonts FontPath /usr/share/cups/fonts:/foo/bar/fonts </PRE> <H3>Description</H3> <P>The <CODE>FontPath</CODE> directive specifies the font path to use when searching for fonts. The default font path is <CODE>/usr/share/cups/fonts</CODE>.</P> <H2 CLASS="title"><A NAME="Group">Group</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Group lp Group nobody </PRE> <H3>Description</H3> <P>The <CODE>Group</CODE> directive specifies the UNIX group that filter and CGI programs run as. The default group is system-specific but is usually <CODE>lp</CODE> or <CODE>nobody</CODE>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3</SPAN><A NAME="GSSServiceName">GSSServiceName</A></H2> <H3>Examples</H3> <PRE CLASS="command"> GSSServiceName IPP GSSServiceName HTTP </PRE> <H3>Description</H3> <P>The <CODE>GSSServiceName</CODE> directive specifies the Kerberos service name that is used when passing authorization tickets. The default name is <CODE>IPP</CODE>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="HideImplicitMembers">HideImplicitMembers</A></H2> <H3>Examples</H3> <PRE CLASS="command"> HideImplicitMembers Yes HideImplicitMembers No </PRE> <H3>Description</H3> <P>The <CODE>HideImplicitMembers</CODE> directive controls whether the individual printers in an implicit class are hidden from the user. The default is <CODE>Yes</CODE>.</P> <P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A> must be enabled for this directive to have any effect.</P> <H2 CLASS="title"><A NAME="HostNameLookups">HostNameLookups</A></H2> <H3>Examples</H3> <PRE CLASS="command"> HostNameLookups On HostNameLookups Off HostNameLookups Double </PRE> <H3>Description</H3> <P>The <CODE>HostNameLookups</CODE> directive controls whether or not CUPS looks up the hostname for connecting clients. The <CODE>Double</CODE> setting causes CUPS to verify that the hostname resolved from the address matches one of the addresses returned for that hostname. <CODE>Double</CODE> lookups also prevent clients with unregistered addresses from connecting to your server.</P> <P>The default is <CODE>Off</CODE> to avoid the potential server performance problems with hostname lookups. Set this option to <CODE>On</CODE> or <CODE>Double</CODE> only if absolutely required.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="ImplicitAnyClasses">ImplicitAnyClasses</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ImplicitAnyClasses On ImplicitAnyClasses Off </PRE> <H3>Description</H3> <P>The <CODE>ImplicitAnyClasses</CODE> directive controls whether implicit classes for local and remote printers are created with the name <CODE>AnyPrinter</CODE>. The default setting is <CODE>Off</CODE>.</P> <P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A> must be enabled for this directive to have any effect.</P> <H2 CLASS="title"><A NAME="ImplicitClasses">ImplicitClasses</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ImplicitClasses On ImplicitClasses Off </PRE> <H3>Description</H3> <P>The <CODE>ImplicitClasses</CODE> directive controls whether implicit classes are created based upon the available network printers and classes. The default setting is <CODE>Yes</CODE> but is automatically turned <CODE>Off</CODE> if <A HREF="#Browsing"><CODE>Browsing</CODE></A> is turned <CODE>Off</CODE>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.9</SPAN><A NAME="Include">Include</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Include filename Include /foo/bar/filename </PRE> <H3>Description</H3> <P>The <CODE>Include</CODE> directive includes the named file in the <CODE>cupsd.conf</CODE> file. If no leading path is provided, the file is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="JobRetryInterval">JobRetryInterval</A></H2> <H3>Examples</H3> <PRE CLASS="command"> JobRetryInterval 30 JobRetryInterval 120 </PRE> <H3>Description</H3> <P>The <CODE>JobRetryInterval</CODE> directive specifies the number of seconds to wait before retrying a job. This is typically used for fax queues but can also be used with normal print queues whose error policy is <CODE>retry-job</CODE>. The default is 30 seconds.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="JobRetryLimit">JobRetryLimit</A></H2> <H3>Examples</H3> <PRE CLASS="command"> JobRetryLimit 5 JobRetryLimit 50 </PRE> <H3>Description</H3> <P>The <CODE>JobRetryLimit</CODE> directive specifies the maximum number of times the scheduler will try to print a job. This is typically used for fax queues but can also be used with normal print queues whose error policy is <CODE>retry-job</CODE>. The default is 5 times.</P> <H2 CLASS="title"><A NAME="KeepAlive">KeepAlive</A></H2> <H3>Examples</H3> <PRE CLASS="command"> KeepAlive On KeepAlive Off </PRE> <H3>Description</H3> <P>The <CODE>KeepAlive</CODE> directive controls whether or not to support persistent HTTP connections. The default is <CODE>On</CODE>.</P> <P>HTTP/1.1 clients automatically support persistent connections, while HTTP/1.0 clients must specifically request them using the <CODE>Keep-Alive</CODE> attribute in the <CODE>Connection:</CODE> field of each request.</P> <H2 CLASS="title"><A NAME="KeepAliveTimeout">KeepAliveTimeout</A></H2> <H3>Examples</H3> <PRE CLASS="command"> KeepAliveTimeout 60 KeepAliveTimeout 30 </PRE> <H3>Description</H3> <P>The <CODE>KeepAliveTimeout</CODE> directive controls how long a persistent HTTP connection will remain open after the last request. The default is 60 seconds.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Limit">Limit (Location)</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> <Limit GET POST> ... </Limit> <Limit ALL> ... </Limit> </Location> </PRE> <H3>Description</H3> <P>The <CODE>Limit</CODE> directive groups access control directives for specific types of HTTP requests and must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> section. Access can be limited for individual request types (<CODE>DELETE</CODE>, <CODE>GET</CODE>, <CODE>HEAD</CODE>, <CODE>OPTIONS</CODE>, <CODE>POST</CODE>, <CODE>PUT</CODE>, and <CODE>TRACE</CODE>) or for all request types (<CODE>ALL</CODE>). The request type names are case-sensitive for compatibility with Apache.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="LimitIPP">Limit (Policy)</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Policy name> <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer> ... </Limit> <Limit All> ... </Limit> </Policy> </PRE> <H3>Description</H3> <P>When included in <A HREF="#Policy"><CODE>Policy</CODE></A> sections, the <CODE>Limit</CODE> directive groups access control directives for specific IPP operations. Multiple operations can be listed, separated by spaces. Table 2 lists the supported operations.</P> <DIV CLASS="table"><TABLE SUMMARY="Supported IPP Operations"> <CAPTION>Table 2: <A NAME="TABLE2">Supported IPP Operations</A></CAPTION> <THEAD> <TR> <TH>Operation Name</TH> <TH>Description</TH> </TR> </THEAD> <TBODY> <TR> <TD>All</TD> <TD>All operations - used as the default limit for operations that are not listed</TD> </TR> <TR> <TD>Cancel-Job</TD> <TD>Cancel a job</TD> </TR> <TR> <TD>Cancel-Subscription</TD> <TD>Cancel a subscription</TD> </TR> <TR> <TD>Create-Job</TD> <TD>Create a new, empty job</TD> </TR> <TR> <TD>Create-Job-Subscription</TD> <TD>Creates a notification subscription on a job</TD> </TR> <TR> <TD>Create-Printer-Subscription</TD> <TD>Creates a notification subscription on a printer</TD> </TR> <TR> <TD>CUPS-Accept-Jobs</TD> <TD>Sets the printer-is-accepting-jobs value for a printer to true</TD> </TR> <TR> <TD>CUPS-Add-Modify-Class</TD> <TD>Adds or modifies a class</TD> </TR> <TR> <TD>CUPS-Add-Modify-Printer</TD> <TD>Adds or modifies a printer</TD> </TR> <TR> <TD>CUPS-Authenticate-Job</TD> <TD>Authenticates a job for printing</TD> </TR> <TR> <TD>CUPS-Delete-Class</TD> <TD>Deletes a class</TD> </TR> <TR> <TD>CUPS-Delete-Printer</TD> <TD>Deletes a printer</TD> </TR> <TR> <TD>CUPS-Get-Classes</TD> <TD>Gets a list of classes</TD> </TR> <TR> <TD>CUPS-Get-Default</TD> <TD>Gets the (network/server) default printer or class</TD> </TR> <TR> <TD>CUPS-Get-Devices</TD> <TD>Gets a list of available devices</TD> </TR> <TR> <TD>CUPS-Get-PPDs</TD> <TD>Gets a list of available manufacturers or drivers</TD> </TR> <TR> <TD>CUPS-Get-Printers</TD> <TD>Gets a list of printers and/or classes</TD> </TR> <TR> <TD>CUPS-Move-Job</TD> <TD>Moves a job to a new destination</TD> </TR> <TR> <TD>CUPS-Reject-Jobs</TD> <TD>Sets the printer-is-accepting-jobs value for a printer to false</TD> </TR> <TR> <TD>CUPS-Set-Default</TD> <TD>Sets the network/server default printer or class</TD> </TR> <TR> <TD>Disable-Printer</TD> <TD>Sets the printer-state value for a printer to stopped</TD> </TR> <TR> <TD>Enable-Printer</TD> <TD>Sets the printer-state value for a printer to idle/processing</TD> </TR> <TR> <TD>Get-Job-Attributes</TD> <TD>Gets information about a job</TD> </TR> <TR> <TD>Get-Jobs</TD> <TD>Gets a list of jobs</TD> </TR> <TR> <TD>Get-Notifications</TD> <TD>Gets a list of events</TD> </TR> <TR> <TD>Get-Printer-Attributes</TD> <TD>Gets informaion about a printer or class</TD> </TR> <TR> <TD>Get-Subscription-Attributes</TD> <TD>Gets informaion about a notification subscription</TD> </TR> <TR> <TD>Get-Subscriptions</TD> <TD>Gets a list of notification subscriptions</TD> </TR> <TR> <TD>Hold-Job</TD> <TD>Holds a job for printing</TD> </TR> <TR> <TD>Pause-Printer</TD> <TD>Sets the printer-state value for a printer to stopped</TD> </TR> <TR> <TD>Print-Job</TD> <TD>Creates a job with a single file for printing</TD> </TR> <TR> <TD>Purge-Jobs</TD> <TD>Removes all jobs from a printer</TD> </TR> <TR> <TD>Release-Job</TD> <TD>Releases a previously held job for printing</TD> </TR> <TR> <TD>Renew-Subscription</TD> <TD>Renews a notification subscription</TD> </TR> <TR> <TD>Restart-Job</TD> <TD>Reprints a job</TD> </TR> <TR> <TD>Resume-Printer</TD> <TD>Sets the printer-stae value for a printer to idle/processing</TD> </TR> <TR> <TD>Send-Document</TD> <TD>Adds a file to an job created with Create-Job</TD> </TR> <TR> <TD>Set-Job-Attributes</TD> <TD>Changes job options</TD> </TR> <TR> <TD>Validate-Job</TD> <TD>Validates job options prior to printing</TD> </TR> </TBODY> </TABLE></DIV> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="LimitExcept">LimitExcept</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> <LimitExcept GET POST> ... </LimitExcept> </Location> </PRE> <H3>Description</H3> <P>The <CODE>LimitExcept</CODE> directive groups access control directives for specific types of HTTP requests and must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> section. Unlike the <A HREF="#Limit"><CODE>Limit</CODE></A> directive, <CODE>LimitExcept</CODE> restricts access for all requests <I>except</I> those listed on the <CODE>LimitExcept</CODE> line.</P> <H2 CLASS="title"><A NAME="LimitRequestBody">LimitRequestBody</A></H2> <H3>Examples</H3> <PRE CLASS="command"> LimitRequestBody 10485760 LimitRequestBody 10m LimitRequestBody 0 </PRE> <H3>Description</H3> <P>The <CODE>LimitRequestBody</CODE> directive controls the maximum size of print files, IPP requests, and HTML form data in HTTP POST requests. The default limit is 0 which disables the limit check.</P> <H2 CLASS="title"><A NAME="Listen">Listen</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Listen 127.0.0.1:631 Listen 192.0.2.1:631 Listen [::1]:631 Listen *:631 </PRE> <H3>Description</H3> <P>The <CODE>Listen</CODE> directive specifies a network address and port to listen for connections. Multiple <CODE>Listen</CODE> directives can be provided to listen on multiple addresses.</P> <P>The <CODE>Listen</CODE> directive is similar to the <A HREF="#Port"><CODE>Port</CODE></A> directive but allows you to restrict access to specific interfaces or networks.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="ListenBackLog">ListenBackLog</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ListenBackLog 5 ListenBackLog 10 </PRE> <H3>Description</H3> <P>The <CODE>ListenBackLog</CODE> directive sets the maximum number of pending connections the scheduler will allow. This normally only affects very busy servers that have reached the <A HREF="#MaxClients"><CODE>MaxClients</CODE></A> limit, but can also be triggered by large numbers of simultaneous connections. When the limit is reached, the operating system will refuse additional connections until the scheduler can accept the pending ones. The default is the OS-defined default limit, typically either 5 for older operating systems or 128 for newer operating systems.</P> <H2 CLASS="title"><A NAME="Location">Location</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /> ... </Location> <Location /admin> ... </Location> <Location /admin/conf> ... </Location> <Location /admin/log> ... </Location> <Location /classes> ... </Location> <Location /classes/name> ... </Location> <Location /jobs> ... </Location> <Location /printers> ... </Location> <Location /printers/name> ... </Location> </PRE> <H3>Description</H3> <P>The <CODE>Location</CODE> directive specifies access control and authentication options for the specified HTTP resource or path. The <A HREF="#Allow"><CODE>Allow</CODE></A>, <A HREF="#AuthType"><CODE>AuthType</CODE></A>, <A HREF="#Deny"><CODE>Deny</CODE></A>, <A HREF="#Encryption"><CODE>Encryption</CODE></A>, <A HREF="#Limit"><CODE>Limit</CODE></A>, <A HREF="#LimitExcept"><CODE>LimitExcept</CODE></A>, <A HREF="#Order"><CODE>Order</CODE></A>, <A HREF="#Require"><CODE>Require</CODE></A>, and <A HREF="#Satisfy"><CODE>Satisfy</CODE></A> directives may all appear inside a location.</P> <P>Note that more specific resources override the less specific ones. So the directives inside the <CODE>/printers/name</CODE> location will override ones from <CODE>/printers</CODE>. Directives inside <CODE>/printers</CODE> will override ones from <CODE>/</CODE>. None of the directives are inherited.</P> <DIV CLASS="table"><TABLE SUMMARY="Common Locaions on the Server"> <CAPTION>Table 3: <A NAME="TABLE3">Common Locations on the Server</A></CAPTION> <THEAD> <TR><TH>Location</TH><TH>Description</TH></TR> </THEAD> <TBODY> <TR><TD><CODE>/</CODE></TD><TD>The path for all get operations (get-printers, get-jobs, etc.)</TD></TR> <TR><TD><CODE>/admin</CODE></TD><TD>The path for all administration operations (add-printer, delete-printer, start-printer, etc.)</TD></TR> <TR><TD><CODE>/admin/conf</CODE></TD><TD>The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.)</TD></TR> <TR><TD><CODE>/admin/log</CODE></TD><TD>The path for access to the CUPS log files (access_log, error_log, page_log)</TD></TR> <TR><TD><CODE>/classes</CODE></TD><TD>The path for all classes</TD></TR> <TR><TD><CODE>/classes/name</CODE></TD><TD>The resource for class <CODE>name</CODE></TD></TR> <TR><TD><CODE>/jobs</CODE></TD><TD>The path for all jobs (hold-job, release-job, etc.)</TD></TR> <TR><TD><CODE>/jobs/id</CODE></TD><TD>The resource for job <CODE>id</CODE></TD></TR> <TR><TD><CODE>/printers</CODE></TD><TD>The path for all printers</TD></TR> <TR><TD><CODE>/printers/name</CODE></TD><TD>The path for printer <CODE>name</CODE></TD></TR> <TR><TD><CODE>/printers/name.ppd</CODE></TD><TD>The PPD file path for printer <CODE>name</CODE></TD></TR> </TBODY> </TABLE></DIV> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="LogFilePerm">LogFilePerm</A></H2> <H3>Examples</H3> <PRE CLASS="command"> LogFilePerm 0644 LogFilePerm 0600 </PRE> <H3>Description</H3> <P>The <CODE>LogFilePerm</CODE> directive specifies the permissions to use when writing configuration files. The default is 0600.</P> <H2 CLASS="title"><A NAME="LogLevel">LogLevel</A></H2> <H3>Examples</H3> <PRE CLASS="command"> LogLevel none LogLevel emerg LogLevel alert LogLevel crit LogLevel error LogLevel warn LogLevel notice LogLevel info LogLevel debug LogLevel debug2 </PRE> <H3>Description</H3> <P>The <CODE>LogLevel</CODE> directive specifies the level of logging for the <A HREF="#ErrorLog"><CODE>ErrorLog</CODE></A> file. The following values are recognized (each level logs everything under the preceding levels):</P> <UL> <LI><CODE>none</CODE> - Log nothing</LI> <LI><CODE>emerg</CODE> - Log emergency conditions that prevent the server from running</LI> <LI><CODE>alert</CODE> - Log alerts that must be handled immediately</LI> <LI><CODE>crit</CODE> - Log critical errors that don't prevent the server from running</LI> <LI><CODE>error</CODE> - Log general errors</LI> <LI><CODE>warn</CODE> - Log errors and warnings</LI> <LI><CODE>notice</CODE> - Log temporary error conditions</LI> <LI><CODE>info</CODE> - Log all requests and state changes (default)</LI> <LI><CODE>debug</CODE> - Log basic debugging information</LI> <LI><CODE>debug2</CODE> - Log all debugging information</LI> </UL> <H2 CLASS="title"><A NAME="MaxClients">MaxClients</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxClients 100 MaxClients 1024 </PRE> <H3>Description</H3> <P>The <CODE>MaxClients</CODE> directive controls the maximum number of simultaneous clients that will be allowed by the server. The default is 100 clients.</P> <BLOCKQUOTE><B>Note:</B> <P>Since each print job requires a file descriptor for the status pipe, the scheduler internally limits the <CODE>MaxClients</CODE> value to 1/3 of the available file descriptors to avoid possible problems when printing large numbers of jobs.</P> </BLOCKQUOTE> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.18</SPAN><A NAME="MaxClientsPerHost">MaxClientsPerHost</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxClientsPerHost 10 </PRE> <H3>Description</H3> <P>The <CODE>MaxClientsPerHost</CODE> directive controls the maximum number of simultaneous clients that will be allowed from a single host by the server. The default is the <CODE>MaxClients</CODE> value.</P> <P>This directive provides a small measure of protection against Denial of Service attacks from a single host.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="MaxCopies">MaxCopies</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxCopies 100 MaxCopies 65535 </PRE> <H3>Description</H3> <P>The <CODE>MaxCopies</CODE> directive controls the maximum number of copies that a user can print of a job. The default is 100 copies.</P> <BLOCKQUOTE><B>Note:</B> <P>Most HP PCL laser printers internally limit the number of copies to 100.</P> </BLOCKQUOTE> <H2 CLASS="title"><A NAME="MaxJobs">MaxJobs</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxJobs 100 MaxJobs 9999 MaxJobs 0 </PRE> <H3>Description</H3> <P>The <CODE>MaxJobs</CODE> directive controls the maximum number of jobs that are kept in memory. Once the number of jobs reaches the limit, the oldest completed job is automatically purged from the system to make room for the new one. If all of the known jobs are still pending or active then the new job will be rejected.</P> <P>Setting the maximum size to 0 disables this functionality. The default setting is 500.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="MaxJobsPerPrinter">MaxJobsPerPrinter</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxJobsPerPrinter 100 MaxJobsPerPrinter 9999 MaxJobsPerPrinter 0 </PRE> <H3>Description</H3> <P>The <CODE>MaxJobsPerPrinter</CODE> directive controls the maximum number of active jobs that are allowed for each printer or class. Once a printer or class reaches the limit, new jobs will be rejected until one of the active jobs is completed, stopped, aborted, or canceled.</P> <P>Setting the maximum to 0 disables this functionality. The default setting is 0.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="MaxJobsPerUser">MaxJobsPerUser</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxJobsPerUser 100 MaxJobsPerUser 9999 MaxJobsPerUser 0 </PRE> <H3>Description</H3> <P>The <CODE>MaxJobsPerUser</CODE> directive controls the maximum number of active jobs that are allowed for each user. Once a user reaches the limit, new jobs will be rejected until one of the active jobs is completed, stopped, aborted, or canceled.</P> <P>Setting the maximum to 0 disables this functionality. The default setting is 0.</P> <H2 CLASS="title"><A NAME="MaxLogSize">MaxLogSize</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxLogSize 1048576 MaxLogSize 1m MaxLogSize 0 </PRE> <H3>Description</H3> <P>The <CODE>MaxLogSize</CODE> directive controls the maximum size of each log file. Once a log file reaches or exceeds the maximum size it is closed and renamed to <VAR>filename.O</VAR>. This allows you to rotate the logs automatically. The default size is 1048576 bytes (1MB).</P> <P>Setting the maximum size to 0 disables log rotation.</P> <H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="MaxRequestSize">MaxRequestSize</A></H2> <H3>Examples</H3> <PRE CLASS="command"> MaxRequestSize 10485760 MaxRequestSize 10m MaxRequestSize 0 </PRE> <H3>Description</H3> <P>The <CODE>MaxRequestSize</CODE> directive controls the maximum size of print files, IPP requests, and HTML form data in HTTP POST requests. The default limit is 0 which disables the limit check.</P> <P><B>This directive is deprecated and will be removed in a future CUPS release.</B> Use the <A HREF="#LimitRequestBody"><CODE>LimitRequestBody</CODE></A> directive instead.</P> <H2 CLASS="title"><A NAME="Order">Order</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... Order Allow,Deny Order Deny,Allow </Location> </PRE> <H3>Description</H3> <P>The <CODE>Order</CODE> directive defines the default access control. The following values are supported:</P> <UL> <LI><CODE>allow,deny</CODE> - Deny requests by default, then check the <A HREF="#Allow"><CODE>Allow</CODE></A> lines followed by the <A HREF="#Deny"><CODE>Deny</CODE></A> lines</LI> <LI><CODE>deny,allow</CODE> - Allow requests by default, then check the <A HREF="#Deny"><CODE>Deny</CODE></A> lines followed by the <A HREF="#Allow"><CODE>Allow</CODE></A> lines</LI> </UL> <P>The <CODE>Order</CODE> directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><A NAME="PageLog">PageLog</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PageLog /var/log/cups/page_log PageLog /var/log/cups/page_log-%s PageLog syslog </PRE> <H3>Description</H3> <P>The <CODE>PageLog</CODE> directive sets the name of the page log file. If the filename is not absolute then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The default page log file is <VAR>/var/log/cups/page_log</VAR>.</P> <P>The server name can be included in the filename by using <CODE>%s</CODE> in the name.</P> <P>The special name "syslog" can be used to send the page information to the system log instead of a plain file.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="PassEnv">PassEnv</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PassEnv MY_ENV_VARIABLE </PRE> <H3>Description</H3> <P>The <CODE>PassEnv</CODE> directive specifies an environment variable that should be passed to child processes. Normally, the scheduler only passes the <CODE>DYLD_LIBRARY_PATH</CODE>, <CODE>LD_ASSUME_KERNEL</CODE>, <CODE>LD_LIBRARY_PATH</CODE>, <CODE>LD_PRELOAD</CODE>, <CODE>NLSPATH</CODE>, <CODE>SHLIB_PATH</CODE>, <CODE>TZ</CODE>, and <CODE>VGARGS</CODE> environment variables to child processes.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="Policy">Policy</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Policy name> <Limit operation ... operation> ... </Limit> <Limit operation ... operation> ... </Limit> <Limit All> ... </Limit> </Policy> </PRE> <H3>Description</H3> <P>The <CODE>Policy</CODE> directive specifies IPP operation access control limits. Each policy contains 1 or more <A HREF="#LimitIPP"><CODE>Limit</CODE></A> sections to set the access control limits for specific operations - user limits, authentication, encryption, and allowed/denied addresses, domains, or hosts. The <CODE><Limit All></CODE> section specifies the default access control limits for operations that are not listed.</P> <P>Policies are named and associated with printers via the printer's operation policy setting (<CODE>printer-op-policy</CODE>). The default policy for the scheduler is specified using the <A HREF="#DefaultPolicy"><CODE>DefaultPolicy</CODE></A> directive.</P> <H2 CLASS="title"><A NAME="Port">Port</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Port 631 Port 80 </PRE> <H3>Description</H3> <P>The <CODE>Port</CODE> directive specifies a port to listen on. Multiple <CODE>Port</CODE> lines can be specified to listen on multiple ports. The <CODE>Port</CODE> directive is equivalent to "<CODE>Listen *:nnn</CODE>". The default port is 631.</P> <BLOCKQUOTE><B>Note:</B> <P>On systems that support IPv6, this directive will bind to both the IPv4 and IPv6 wildcard address.</P> </BLOCKQUOTE> <H2 CLASS="title"><A NAME="PreserveJobHistory">PreserveJobHistory</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PreserveJobHistory On PreserveJobHistory Off </PRE> <H3>Description</H3> <P>The <CODE>PreserveJobHistory</CODE> directive controls whether the history of completed, canceled, or aborted print jobs is stored on disk.</P> <P>A value of <CODE>On</CODE> (the default) preserves job information until the administrator purges it with the <CODE>cancel</CODE> command.</P> <P>A value of <CODE>Off</CODE> removes the job information as soon as each job is completed, canceled, or aborted.</P> <H2 CLASS="title"><A NAME="PreserveJobFiles">PreserveJobFiles</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PreserveJobFiles On PreserveJobFiles Off </PRE> <H3>Description</H3> <P>The <CODE>PreserveJobFiles</CODE> directive controls whether the document files of completed, canceled, or aborted print jobs are stored on disk.</P> <P>A value of <CODE>On</CODE> preserves job files until the administrator purges them with the <CODE>cancel</CODE> command. Jobs can be restarted (and reprinted) as desired until they are purged.</P> <P>A value of <CODE>Off</CODE> (the default) removes the job files as soon as each job is completed, canceled, or aborted.</P> <H2 CLASS="title"><A NAME="Printcap">Printcap</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Printcap Printcap /etc/printcap Printcap /etc/printers.conf </PRE> <H3>Description</H3> <P>The <CODE>Printcap</CODE> directive controls whether or not a printcap file is automatically generated and updated with a list of available printers. If specified with no value, then no printcap file will be generated. The default is to generate a file named <VAR>/etc/printcap</VAR>.</P> <P>When a filename is specified (e.g. <VAR>/etc/printcap</VAR>), the printcap file is written whenever a printer is added or removed. The printcap file can then be used by applications that are hardcoded to look at the printcap file for the available printers.</P> <H2 CLASS="title"><A NAME="PrintcapFormat">PrintcapFormat</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PrintcapFormat BSD PrintcapFormat Solaris </PRE> <H3>Description</H3> <P>The <CODE>PrintcapFormat</CODE> directive controls the output format of the printcap file. The default is to generate a BSD printcap file.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.13</SPAN><A NAME="PrintcapGUI">PrintcapGUI</A></H2> <H3>Examples</H3> <PRE CLASS="command"> PrintGUI /usr/bin/glpoptions </PRE> <H3>Description</H3> <P>The <CODE>PrintcapGUI</CODE> directive sets the program to associate with the IRIX printer GUI interface script which is used by IRIX applications to display printer-specific options. There is no default program.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ReloadTimeout">ReloadTimeout</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ReloadTimeout 0 ReloadTimeout 60 </PRE> <H3>Description</H3> <P>The <CODE>ReloadTimeout</CODE> directive specifies the number of seconds the scheduler will wait for active jobs to complete before doing a restart. The default is 60 seconds.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="RemoteRoot">RemoteRoot</A></H2> <H3>Examples</H3> <PRE CLASS="command"> RemoteRoot remroot RemoteRoot root </PRE> <H3>Description</H3> <P>The <CODE>RemoteRoot</CODE> directive sets the username for unauthenticated root requests from remote hosts. The default username is <VAR>remroot</VAR>. Setting <CODE>RemoteRoot</CODE> to <VAR>root</VAR> effectively disables this security mechanism.</P> <H2 CLASS="title"><A NAME="RequestRoot">RequestRoot</A></H2> <H3>Examples</H3> <PRE CLASS="command"> RequestRoot /var/spool/cups RequestRoot /foo/bar/spool/cups </PRE> <H3>Description</H3> <P>The <CODE>RequestRoot</CODE> directive sets the directory for incoming IPP requests and HTML forms. If an absolute path is not provided then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The default request directory is <VAR>/var/spool/cups</VAR>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Require">Require</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... Require group foo bar Require user john mary Require valid-user Require user @groupname Require user @SYSTEM Require user @OWNER </Location> </PRE> <H3>Description</H3> <P>The <CODE>Require</CODE> directive specifies that authentication is required for the resource. The <CODE>group</CODE> keyword specifies that the authenticated user must be a member of one or more of the named groups that follow.</P> <P>The <CODE>user</CODE> keyboard specifies that the authenticated user must be one of the named users or groups that follow. Group names are specified using the "@" prefix.</P> <P>The <CODE>valid-user</CODE> keyword specifies that any authenticated user may access the resource.</P> <P>The default is to do no authentication. This directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><A NAME="RIPCache">RIPCache</A></H2> <H3>Examples</H3> <PRE CLASS="command"> RIPCache 8m RIPCache 1g RIPCache 2048k </PRE> <H3>Description</H3> <P>The <CODE>RIPCache</CODE> directive sets the size of the memory cache used by Raster Image Processor ("RIP") filters such as <CODE>imagetoraster</CODE> and <CODE>pstoraster</CODE>. The size can be suffixed with a "k" for kilobytes, "m" for megabytes, or "g" for gigabytes. The default cache size is "8m", or 8 megabytes.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="RootCertDuration">RootCertDuration</A></H2> <H3>Examples</H3> <PRE CLASS="command"> RootCertDuration 0 RootCertDuration 300 </PRE> <H3>Description</H3> <P>The <CODE>RootCertDuration</CODE> directive specifies the number of seconds the <EM>root certificate</EM> remains valid. The scheduler will generate a new certificate as needed when the number of seconds has expired. If set to 0, the root certificate is generated only once on startup or on a restart. The default is 300 seconds.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Satisfy">Satisfy</A></H2> <H3>Examples</H3> <PRE CLASS="command"> <Location /path> ... Satisfy all Satisfy any </Location> </PRE> <H3>Description</H3> <P>The <CODE>Satisfy</CODE> directive specifies whether all conditions must be satisfied to allow access to the resource. If set to <CODE>all</CODE>, then all authentication and access control conditions must be satified to allow access.</P> <P>Setting <CODE>Satisfy</CODE> to <CODE>any</CODE> allows a user to gain access if the authentication or access control requirements are satisfied. For example, you might require authentication for remote access, but allow local access without authentication.</P> <P>The default is <CODE>all</CODE>. This directive must appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A HREF="#Limit"><CODE>Limit</CODE></A> section.</P> <H2 CLASS="title"><A NAME="ServerAdmin">ServerAdmin</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerAdmin user@host ServerAdmin root@foo.bar.com </PRE> <H3>Description</H3> <P>The <CODE>ServerAdmin</CODE> directive identifies the email address for the administrator on the system. By default the administrator email address is <CODE>root@server</CODE>, where <CODE>server</CODE> is the <A HREF="#ServerName"><CODE>ServerName</CODE></A>.</P> <H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerBin /usr/lib/cups ServerBin /foo/bar/lib/cups </PRE> <H3>Description</H3> <P>The <CODE>ServerBin</CODE> directive sets the directory for server-run executables. If an absolute path is not provided then it is assumed to be relative to the <A HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The default executable directory is <VAR>/usr/lib/cups</VAR>, <VAR>/usr/lib32/cups</VAR>, or <VAR>/usr/libexec/cups</VAR> depending on the operating system.</P> <H2 CLASS="title"><A NAME="ServerCertificate">ServerCertificate</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerCertificate /etc/cups/ssl/server.crt </PRE> <H3>Description</H3> <P>The <CODE>ServerCertificate</CODE> directive specifies the location of the SSL certificate file used by the server when negotiating encrypted connections. The certificate must not be encrypted (password protected) since the scheduler normally runs in the background and will be unable to ask for a password.</P> <P>The default certificate file is <VAR>/etc/cups/ssl/server.crt</VAR>.</P> <H2 CLASS="title"><A NAME="ServerKey">ServerKey</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerKey /etc/cups/ssl/server.key </PRE> <H3>Description</H3> <P>The <CODE>ServerKey</CODE> directive specifies the location of the SSL private key file used by the server when negotiating encrypted connections.</P> <P>The default key file is <VAR>/etc/cups/ssl/server.crt</VAR>.</P> <H2 CLASS="title"><A NAME="ServerName">ServerName</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerName foo.domain.com ServerName myserver.domain.com </PRE> <H3>Description</H3> <P>The <CODE>ServerName</CODE> directive specifies the hostname that is reported to clients. By default the server name is the hostname.</P> <H2 CLASS="title"><A NAME="ServerRoot">ServerRoot</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerRoot /etc/cups ServerRoot /foo/bar/cups </PRE> <H3>Description</H3> <P>The <CODE>ServerRoot</CODE> directive specifies the absolute path to the server configuration and state files. It is also used to resolve relative paths in the <VAR>cupsd.conf</VAR> file. The default server directory is <VAR>/etc/cups</VAR>.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ServerTokens">ServerTokens</A></H2> <H3>Examples</H3> <PRE CLASS="command"> ServerTokens None ServerTokens ProductOnly ServerTokens Major ServerTokens Minor ServerTokens Minimal ServerTokens OS ServerTokens Full </PRE> <H3>Description</H3> <P>The <CODE>ServerTokens</CODE> directive specifies the information that is included in the <CODE>Server:</CODE> header of all HTTP responses. Table 4 lists the token name along with the text that is returned. The default is <CODE>Minimal</CODE>.</P> <DIV CLASS="table"><TABLE SUMMARY="ServerToken Names and Values"> <CAPTION>Table 4: <A NAME="TABLE4">ServerToken Names and Values</A></CAPTION> <THEAD> <TR> <TH>Name</TH> <TH>Value</TH> </TR> </THEAD> <TBODY> <TR> <TD>None</TD> <TD>No <CODE>Server:</CODE> header is returned</TD> </TR> <TR> <TD>ProductOnly</TD> <TD>"CUPS"</TD> </TR> <TR> <TD>Major</TD> <TD>"CUPS 1"</TD> </TR> <TR> <TD>Minor</TD> <TD>"CUPS 1.2"</TD> </TR> <TR> <TD>Minimal</TD> <TD>"CUPS 1.2.N" where N is the patch release</TD> </TR> <TR> <TD>OS</TD> <TD>"CUPS 1.2.N (UNAME)" where N is the patch release and UNAME is the output of the <B>uname(1)</B> command</TD> </TR> <TR> <TD>Full</TD> <TD>"CUPS 1.2.N (UNAME) IPP/1.1" where N is the patch release and UNAME is the output of the <B>uname(1)</B> command</TD> </TR> </TBODY> </TABLE></DIV> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="SetEnv">SetEnv</A></H2> <H3>Examples</H3> <PRE CLASS="command"> SetEnv PATH /usr/lib/cups/filter:/bin:/usr/bin:/usr/local/bin SetEnv MY_ENV_VAR foo </PRE> <H3>Description</H3> <P>The <CODE>SetEnv</CODE> directive specifies an environment variable that should be passed to child processes.</P> <H2 CLASS="title"><A NAME="SSLListen">SSLListen</A></H2> <H3>Examples</H3> <PRE CLASS="command"> SSLListen 127.0.0.1:443 SSLListen 192.0.2.1:443 </PRE> <H3>Description</H3> <P>The <CODE>SSLListen</CODE> directive specifies a network address and port to listen for secure connections. Multiple <CODE>SSLListen</CODE> directives can be provided to listen on multiple addresses.</P> <P>The <CODE>SSLListen</CODE> directive is similar to the <A HREF="#SSLPort"><CODE>SSLPort</CODE></A> directive but allows you to restrict access to specific interfaces or networks.</P> <H2 CLASS="title"><A NAME="SSLOptions">SSLOptions</A></H2> <H3>Examples</H3> <PRE CLASS="command"> SSLOptions None SSLOptions AllowSSL3 </PRE> <H3>Description</H3> <P>The <CODE>SSLOptions</CODE> directive specifies additional SSL/TLS protocol options to use for encrypted connected. By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. The <code>AllowRC4</code> option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. The <code>AllowSSL3</code> option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0.</p> <H2 CLASS="title"><A NAME="SSLPort">SSLPort</A></H2> <H3>Examples</H3> <PRE CLASS="command"> SSLPort 443 </PRE> <H3>Description</H3> <P>The <CODE>SSLPort</CODE> directive specifies a port to listen on for secure connections. Multiple <CODE>SSLPort</CODE> lines can be specified to listen on multiple ports.</P> <H2 CLASS="title"><A NAME="SystemGroup">SystemGroup</A></H2> <H3>Examples</H3> <PRE CLASS="command"> SystemGroup lpadmin SystemGroup sys SystemGroup system SystemGroup root SystemGroup root lpadmin </PRE> <H3>Description</H3> <P>The <CODE>SystemGroup</CODE> directive specifies the system administration group for <CODE>System</CODE> authentication. Multiple groups can be listed, separated with spaces. The default group list is <CODE>sys root</CODE>.</P> <H2 CLASS="title"><A NAME="TempDir">TempDir</A></H2> <H3>Examples</H3> <PRE CLASS="command"> TempDir /var/tmp TempDir /foo/bar/tmp </PRE> <H3>Description</H3> <P>The <CODE>TempDir</CODE> directive specifies an absolute path for the directory to use for temporary files. The default directory is <VAR>/var/spool/cups/tmp</VAR>.</P> <P>Temporary directories must be world-writable and should have the "sticky" permission bit enabled so that other users cannot delete filter temporary files. The following commands will create an appropriate temporary directory called <VAR>/foo/bar/tmp</VAR>:</P> <PRE CLASS="command"> <KBD>mkdir /foo/bar/tmp</KBD> <KBD>chmod a+rwxt /foo/bar/tmp</KBD> </PRE> <H2 CLASS="title"><A NAME="Timeout">Timeout</A></H2> <H3>Examples</H3> <PRE CLASS="command"> Timeout 300 Timeout 90 </PRE> <H3>Description</H3> <P>The <CODE>Timeout</CODE> directive controls the amount of time to wait before an active HTTP or IPP request times out. The default timeout is 300 seconds.</P> <H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="UseNetworkDefault">UseNetworkDefault</A></H2> <H3>Examples</H3> <PRE CLASS="command"> UseNetworkDefault yes UseNetworkDefault no </PRE> <H3>Description</H3> <P>The <CODE>UseNetworkDefault</CODE> directive controls whether the client will use a network/remote printer as a default printer. If enabled, the default printer of a server is used as the default printer on a client. When multiple servers are advertising a default printer, the client's default printer is set to the first discovered printer, or to the implicit class for the same printer available from multiple servers.</P> <P>The default is <CODE>Yes</CODE>.</P> <H2 CLASS="title"><A NAME="User">User</A></H2> <H3>Examples</H3> <PRE CLASS="command"> User lp User guest </PRE> <H3>Description</H3> <P>The <CODE>User</CODE> directive specifies the UNIX user that filter and CGI programs run as. The default user is <CODE>lp</CODE>.</P> <BLOCKQUOTE><B>Note:</B> <P>You may not use user <CODE>root</CODE>, as that would expose the system to unacceptable security risks. The scheduler will automatically choose user <CODE>nobody</CODE> if you specify a user whose ID is 0.</P> </BLOCKQUOTE> </BODY> </HTML>