

distrib > CentOS > 5 > x86_64 > by-pkgid > 80755b5e0b86efe953568622a6dc11ca > files > 1242


<!-- SECTION: References -->

<P>The <VAR>/etc/cups/cupsd.conf</VAR> file contains
configuration <I>directives</I> that control how the server
functions. Each directive is listed on a line by itself followed
by its value. Comments are introduced using the number sign ("#")
character at the beginning of a line.</P>

<P>Since the server configuration file consists of plain text,
you can use your favorite text editor to make changes to it.
After making any changes, restart the <CODE>cupsd(8)</CODE>
process using the startup script for your operating system:</P>


	<LI>AIX, IRIX, Linux, Solaris:
	<PRE CLASS="command">
/etc/init.d/cups restart

	<PRE CLASS="command">
/sbin/init.d/cups restart

	<LI>MacOS X:
	<PRE CLASS="command">
sudo launchctl unload /System/Library/LaunchDaemons/org.cups.cupsd.plist
sudo launchctl load /System/Library/LaunchDaemons/org.cups.cupsd.plist


<P>You can also edit this file from the CUPS web interface, which
automatically handles restarting the scheduler.</P>

<H2 CLASS="title"><A NAME="AccessLog">AccessLog</A></H2>


<PRE CLASS="command">
AccessLog /var/log/cups/access_log
AccessLog /var/log/cups/access_log-%s
AccessLog syslog


<P>The <CODE>AccessLog</CODE> directive sets the name of the
access log file. If the filename is not absolute then it is
assumed to be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
access log file is stored in "common log format" and can be used
by any web access reporting tool to generate a report on CUPS
server activity.</P>

<P>The server name can be included in the filename by using
<CODE>%s</CODE> in the name.</P>

<P>The special name "syslog" can be used to send the access
information to the system log instead of a plain file.</P>

<P>The default access log file is

<H2 CLASS="title"><A NAME="Allow">Allow</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Allow from All
  Allow from None
  Allow from *
  Allow from
  Allow from
  Allow from nnn.*
  Allow from nnn.nnn.*
  Allow from nnn.nnn.nnn.*
  Allow from nnn.nnn.nnn.nnn
  Allow from nnn.nnn.nnn.nnn/mm
  Allow from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
  Allow from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
  Allow from @LOCAL
  Allow from @IF(name)


<P>The <CODE>Allow</CODE> directive specifies a hostname, IP
address, or network that is allowed access to the server. 
<CODE>Allow</CODE> directives are cummulative, so multiple
<CODE>Allow</CODE> directives can be used to allow access for
multiple hosts or networks.  The <CODE>/mm</CODE> notation
specifies a CIDR netmask, as shown in Table 1.</P>

<DIV CLASS="table"><TABLE SUMMARY="CIDR Netmasks">
<CAPTION>Table 1: <A NAME="TABLE1">CIDR Netmasks</A></CAPTION>
	<TH WIDTH="10%">mm</TH>
	<TH WIDTH="20%">netmask</TH>
	<TH WIDTH="10%">mm</TH>
	<TH WIDTH="20%">netmask</TH>

<P>The <CODE>@LOCAL</CODE> name will allow access from all local
interfaces. The <CODE>@IF(name)</CODE> name will allow access
from the named interface. In both cases, CUPS only allows access
from the network that the interface(s) are configured for -
requests  arriving on the interface from a foreign network will
<em>not</em> be accepted.</P>

<P>The <CODE>Allow</CODE> directive must appear inside a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthClass">AuthClass</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  AuthClass Anonymous
  AuthClass User
  AuthClass System
  AuthClass Group


<P>The <CODE>AuthClass</CODE> directive defines what level of
authentication is required:</P>


	<LI><CODE>Anonymous</CODE> - No authentication should be
	performed (default)</LI>

	<LI><CODE>User</CODE> - A valid username and password is

	<LI><CODE>System</CODE> - A valid username and password
	is required, and the username must belong to the "sys"
	group; this can be changed using the <A

	<LI><CODE>Group</CODE> - A valid username and password is
	required, and the username must belong to the group named
	by the <A


<P>The <CODE>AuthClass</CODE> directive must appear inside a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<P><B>This directive is deprecated and will be removed from a
future release of CUPS.</B> Consider using the more flexible <A
HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>

<H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="AuthGroupName">AuthGroupName</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  AuthGroupName mygroup
  AuthGroupName lp


<P>The <CODE>AuthGroupName</CODE> directive sets the group to use
for <CODE>Group</CODE> authentication.</P>

<P>The <CODE>AuthGroupName</CODE> directive must appear inside a
<A HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<P><B>This directive is deprecated and will be removed from a
future release of CUPS.</B> Consider using the more flexible <A
HREF="#Require"><CODE>Require</CODE></A> directive instead.</P>

<H2 CLASS="title"><A NAME="AuthType">AuthType</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  AuthType None
  AuthType Basic
  AuthType Digest
  AuthType BasicDigest
  AuthType Negotiate


<P>The <CODE>AuthType</CODE> directive defines the type of
authentication to perform:</P>


	<LI><CODE>None</CODE> - No authentication should be
	performed (default)</LI>

	<LI><CODE>Basic</CODE> - Basic authentication should be
	performed using the UNIX password and group files</LI>

	<LI><CODE>Digest</CODE> - Digest authentication should be
	performed using the <VAR>/etc/cups/passwd.md5</VAR>

	<LI><CODE>BasicDigest</CODE> - Basic authentication
	should be performed using the
	<VAR>/etc/cups/passwd.md5</VAR> file</LI>

	<LI><CODE>Negotiate</CODE> - Kerberos authentication
	should be performed</LI>


<P>When using <CODE>Basic</CODE>, <CODE>Digest</CODE>,
<CODE>BasicDigest</CODE>, or <CODE>Negotiate</CODE> authentication,
clients connecting through the <CODE>localhost</CODE> interface can
also authenticate using certificates.</P>

<P>The <CODE>AuthType</CODE> directive must appear inside a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><A NAME="AutoPurgeJobs">AutoPurgeJobs</A></H2>


<PRE CLASS="command">
AutoPurgeJobs Yes
AutoPurgeJobs No


<P>The <CODE>AutoPurgeJobs</CODE> directive specifies whether or
not to purge completed jobs once they are no longer required for
quotas. This option has no effect if quotas are not enabled. The
default setting is <CODE>No</CODE>.</P>

<H2 CLASS="title"><A NAME="BrowseAddress">BrowseAddress</A></H2>


<PRE CLASS="command">
BrowseAddress @LOCAL
BrowseAddress @IF(name)


<P>The <CODE>BrowseAddress</CODE> directive specifies an address
to send browsing information to. Multiple
<CODE>BrowseAddress</CODE> directives can be specified to send
browsing information to different networks or systems.</P>

<P>The <CODE>@LOCAL</CODE> name will broadcast printer
information to all local interfaces. The <CODE>@IF(name)</CODE>
name will broadcast to the named interface.</P>

<P>There is no default browse address.</P>


<P>If you are using HP-UX 10.20 and a subnet that is not 24,
16, or 8 bits, printer browsing (and in fact all broadcast
reception) will not work. This problem appears to be fixed in
HP-UX 11.0.</P>


<H2 CLASS="title"><A NAME="BrowseAllow">BrowseAllow</A></H2>


<PRE CLASS="command">
BrowseAllow from all
BrowseAllow from none
BrowseAllow from 192.0.2
BrowseAllow from
BrowseAllow from
BrowseAllow from *
BrowseAllow from @LOCAL
BrowseAllow from @IF(name)


<P>The <CODE>BrowseAllow</CODE> directive specifies a system or
network to accept browse packets from. The default is to accept
browse packets from all hosts.</P>

<P>Host and domain name matching require that you enable the <A

<P>IP address matching supports exact matches, partial addresses
that match networks using netmasks of,, and, or network addresses using the specified netmask
or bit count.</P>

<P>The <CODE>@LOCAL</CODE> name will allow browse data from all
local interfaces. The <CODE>@IF(name)</CODE> name will allow
browse data from the named interface. In both cases, CUPS only
allows data from the network that the interface(s) are configured
for - data arriving on the interface from a foreign network will
<em>not</em> be allowed.</P>

<H2 CLASS="title"><A NAME="BrowseDeny">BrowseDeny</A></H2>


<PRE CLASS="command">
BrowseDeny from all
BrowseDeny from none
BrowseDeny from 192.0.2
BrowseDeny from
BrowseDeny from
BrowseDeny from *
BrowseDeny from @LOCAL
BrowseDeny from @IF(name)


<P>The <CODE>BrowseDeny</CODE> directive specifies a system or
network to reject browse packets from. The default is to not deny
browse packets from any hosts.</P>

<P>Host and domain name matching require that you enable the <A

<P>IP address matching supports exact matches, partial addresses
that match networks using netmasks of,, and, or network addresses using the specified netmask
or bit count.</P>

<P>The <CODE>@LOCAL</CODE> name will block browse data from all
local interfaces. The <CODE>@IF(name)</CODE> name will block
browse data from the named interface. In both cases, CUPS only
blocks data from the network that the interface(s) are configured
for - data arriving on the interface from a foreign network will
<em>not</em> be blocked.</P>

<H2 CLASS="title"><A NAME="BrowseInterval">BrowseInterval</A></H2>


<PRE CLASS="command">
BrowseInterval 0
BrowseInterval 30


<P>The <CODE>BrowseInterval</CODE> directive specifies the
maximum amount of time between browsing updates. Specifying a
value of 0 seconds disables outgoing browse updates but allows a
server to receive printer information from other hosts.</P>

<P>The <CODE>BrowseInterval</CODE> value should always be less
than the <A HREF="#BrowseTimeout"><CODE>BrowseTimeout</CODE></A>
value. Otherwise printers and classes will disappear from client
systems between updates.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPBindDN">BrowseLDAPBindDN</A></H2>


<PRE CLASS="command">
BrowseLDAPBindDN foo


<P>The <CODE>BrowseLDAPBindDN</CODE> directive specifies the LDAP
domain name to use when listening for printer registrations. The
default is undefined.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPDN">BrowseLDAPDN</A></H2>


<PRE CLASS="command">
BrowseLDAPDN bar


<P>The <CODE>BrowseLDAPDN</CODE> directive specifies the LDAP
domain name to use when registering local shared printers. The
default is undefined.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPPassword">BrowseLDAPPassword</A></H2>


<PRE CLASS="command">
BrowseLDAPPassword foo123


<P>The <CODE>BrowseLDAPPassword</CODE> directive specifies the
access password to use when connecting to the LDAP server. The
default is undefined.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLDAPServer">BrowseLDAPServer</A></H2>


<PRE CLASS="command">
BrowseLDAPServer localhost


<P>The <CODE>BrowseLDAPServer</CODE> directive specifies the name
of the LDAP server to connect to. The default is undefined.</P>

<H2 CLASS="title"><A NAME="BrowseLocalOptions">BrowseLocalOptions</A></H2>


<PRE CLASS="command">
BrowseLocalOptions compression=yes
BrowseLocalOptions encryption=required
BrowseLocalOptions compression=yes&amp;encryption=required


<P>The <CODE>BrowseLocalOptions</CODE> directive specifies
additional IPP backend options to advertise with local shared
printers. The default is to not include any options.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseLocalProtocols">BrowseLocalProtocols</A></H2>


<PRE CLASS="command">
BrowseLocalProtocols all
BrowseLocalProtocols none
BrowseLocalProtocols cups
BrowseLocalProtocols dnssd
BrowseLocalProtocols ldap
BrowseLocalProtocols slp
BrowseLocalProtocols cups dnssd


<P>The <CODE>BrowseLocalProtocols</CODE> directive specifies the
protocols to use when advertising local shared printers on the
network. Multiple protocols can be specified by separating them
with spaces. The default is <CODE>CUPS</CODE>.</P>

<H2 CLASS="title"><A NAME="BrowseOrder">BrowseOrder</A></H2>


<PRE CLASS="command">
BrowseOrder allow,deny
BrowseOrder deny,allow


<P>The <CODE>BrowseOrder</CODE> directive specifies the order of
allow/deny processing. The default order is


	<LI><CODE>allow,deny</CODE> - Deny browse packets by
	default, then check <CODE>BrowseAllow</CODE> lines
	followed by <CODE>BrowseDeny</CODE> lines.</LI>

	<LI><CODE>deny,allow</CODE> - Allow browse packets by
	default, then check <CODE>BrowseDeny</CODE> lines
	followed by <CODE>BrowseAllow</CODE> lines.</LI>


<H2 CLASS="title"><A NAME="BrowsePoll">BrowsePoll</A></H2>


<PRE CLASS="command">


<P>The <CODE>BrowsePoll</CODE> directive polls a server for
available printers once every <A
HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> seconds.
Multiple <CODE>BrowsePoll</CODE> directives can be specified to
poll multiple servers.</P>

<P>If <CODE>BrowseInterval</CODE> is set to 0 then the server is
polled once every 30 seconds.</P>

<H2 CLASS="title"><A NAME="BrowsePort">BrowsePort</A></H2>


<PRE CLASS="command">
BrowsePort 631
BrowsePort 9999


<P>The <CODE>BrowsePort</CODE> directive specifies the UDP port number
used for browse packets. The default port number is 631.</P>


<P>You must set the <CODE>BrowsePort</CODE> to the same value
on all of the systems that you want to see.


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="BrowseProtocols">BrowseProtocols</A></H2>


<PRE CLASS="command">
BrowseProtocols all
BrowseProtocols none
BrowseProtocols cups
BrowseProtocols dnssd
BrowseProtocols ldap
BrowseProtocols slp
BrowseProtocols cups dnssd


<P>The <CODE>BrowseProtocols</CODE> directive specifies the
protocols to use when showing and advertising shared printers on
the local network. Multiple protocols can be specified by
separating them with spaces. The default protocol is
<CODE>CUPS dnssd</CODE> for
<A HREF="#BrowseLocalProtocols"><CODE>BrowseLocalProtocols</CODE></A> and
<A HREF="#BrowseRemoteProtocols"><CODE>BrowseRemoteProtocols</CODE></A>.</P>


<P>When using the <CODE>SLP</CODE> protocol, you must have at least
one Directory Agent (DA) server on your network. Otherwise the
CUPS scheduler (<CODE>cupsd</CODE>) will not respond to client
requests for several seconds while polling the network.</P>


<H2 CLASS="title"><A NAME="BrowseRelay">BrowseRelay</A></H2>


<PRE CLASS="command">
BrowseRelay *


<P>The <CODE>BrowseRelay</CODE> directive specifies source and
destination addresses for relaying browsing information from one
host or network to another. Multiple <CODE>BrowseRelay</CODE>
directives can be specified as needed.</P>

<P><CODE>BrowseRelay</CODE> is typically used on systems that
bridge multiple subnets using one or more network interfaces. It
can also be used to relay printer information from polled servers
with the line:</P>

<PRE CLASS="command">
BrowseRelay @LOCAL

<P>This effectively provides access to printers on a WAN for all
clients on the LAN(s).</P>

<H2 CLASS="title"><A NAME="BrowseRemoteOptions">BrowseRemoteOptions</A></H2>


<PRE CLASS="command">
BrowseRemoteOptions compression=yes
BrowseRemoteOptions encryption=required
BrowseRemoteOptions ?compression=yes&amp;encryption=required


<P>The <CODE>BrowseRemoteOptions</CODE> directive specifies
additional IPP backend options to include with remote shared
printers. If the options string begins with a question mark (?),
the options replace any options specified by the remote server.
The default is to not include any options.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="BrowseRemoteProtocols">BrowseRemoteProtocols</A></H2>


<PRE CLASS="command">
BrowseRemoteProtocols all
BrowseRemoteProtocols none
BrowseRemoteProtocols cups
BrowseRemoteProtocols dnssd
BrowseRemoteProtocols ldap
BrowseRemoteProtocols slp
BrowseRemoteProtocols cups dnssd


<P>The <CODE>BrowseRemoteProtocols</CODE> directive specifies the
protocols to use when finding remote shared printers on the
network. Multiple protocols can be specified by separating them
with spaces. The default is <CODE>CUPS</CODE>.</P>

<H2 CLASS="title"><A NAME="BrowseShortNames">BrowseShortNames</A></H2>


<PRE CLASS="command">
BrowseShortNames Yes
BrowseShortNames No


<P>The <CODE>BrowseShortNames</CODE> directive specifies whether
or not short names are used for remote printers when possible.
Short names are just the remote printer name, without the server
("printer"). If more than one remote printer is detected with the
same name, the printers will have long names ("printer@server1",

<P>The default value for this option is <CODE>Yes</CODE>.</P>

<H2 CLASS="title"><A NAME="BrowseTimeout">BrowseTimeout</A></H2>


<PRE CLASS="command">
BrowseTimeout 300
BrowseTimeout 60


<P>The <CODE>BrowseTimeout</CODE> directive sets the timeout for
printer or class information that is received in browse packets.
Once a printer or class times out it is removed from the list of
available destinations.</P>

<P>The <CODE>BrowseTimeout</CODE> value should always be greater
than the <A
HREF="#BrowseInterval"><CODE>BrowseInterval</CODE></A> value.
Otherwise printers and classes will disappear from client systems
between updates.</P>

<H2 CLASS="title"><A NAME="Browsing">Browsing</A></H2>


<PRE CLASS="command">
Browsing On
Browsing Off


<P>The <CODE>Browsing</CODE> directive controls whether or not
network printer browsing is enabled. The default setting is

<P>This directive does not enable sharing of local printers by
itself; you must also use the <A
HREF="#BrowseAddress"><CODE>BrowseAddress</CODE></A> or <A
directives to advertise local printers to other systems.</P>


<P>If you are using HP-UX 10.20 and a subnet that is not 24,
16, or 8 bits, printer browsing (and in fact all broadcast
reception) will not work. This problem appears to be fixed in
HP-UX 11.0.</P>


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Classification">Classification</A></H2>


<PRE CLASS="command">
Classification classified
Classification confidential
Classification secret
Classification topsecret
Classification unclassified


<P>The <CODE>Classification</CODE> directive sets the
classification level on the server. When this option is set, at
least one of the banner pages is forced to the classification
level, and the classification is placed on each page of output.
The default is no classification level.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="ClassifyOverride">ClassifyOverride</A></H2>


<PRE CLASS="command">
ClassifyOverride Yes
ClassifyOverride No


<P>The <CODE>ClassifyOverride</CODE> directive specifies whether
users can override the default classification level on the
server. When the server classification is set, users can change
the classification using the <CODE>job-sheets</CODE> option and
can choose to only print one security banner before or after the
job. If the <CODE>job-sheets</CODE> option is set to
<CODE>none</CODE> then the server default classification is

<P>The default is to not allow classification overrides.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="ConfigFilePerm">ConfigFilePerm</A></H2>


<PRE CLASS="command">
ConfigFilePerm 0644
ConfigFilePerm 0640


<P>The <CODE>ConfigFilePerm</CODE> directive specifies the
permissions to use when writing configuration files. The default
is 640.</P>

<H2 CLASS="title"><A NAME="ConfigurationChangeRestriction">ConfigurationChangeRestriction</A></H2>


<PRE CLASS="command">
ConfigurationChangeRestriction all
ConfigurationChangeRestriction root-only
ConfigurationChangeRestriction none


<P>The <CODE>ConfigurationChangeRestriction</CODE> directive specifies
the degree of restriction for changes to cupsd.conf.  Keywords dealing
with filenames, paths, and users are security-sensitive. Changes to
them via HTTP are forbidden by default (<CODE>all</CODE>). The value
<CODE>none</CODE> removes any restriction altogether (note that this
is unsafe). The value <CODE>root-only</CODE> allows only users
authorised as user "root" to adjust security-sensitive configuration
settings, but note that users adjusting settings using polkit (via
cups-pk-helper) are authenticated as user "root".</P>

<H2 CLASS="title"><A NAME="DataDir">DataDir</A></H2>


<PRE CLASS="command">
DataDir /usr/share/cups


<P>The <CODE>DataDir</CODE> directive sets the directory to use
for data files.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultAuthType">DefaultAuthType</A></H2>


<PRE CLASS="command">
DefaultAuthType Basic
DefaultAuthType BasicDigest
DefaultAuthType Digest
DefaultAuthType Negotiate


<P>The <CODE>DefaultAuthType</CODE> directive specifies the type
of authentication to use for IPP operations that require a
username. The default is <CODE>Basic</CODE>.</P>

<H2 CLASS="title"><A NAME="DefaultCharset">DefaultCharset</A></H2>


<PRE CLASS="command">
DefaultCharset utf-8
DefaultCharset iso-8859-1
DefaultCharset windows-1251


<P>The <CODE>DefaultCharset</CODE> directive sets the default
character set to use for client connections. The default
character set is <CODE>utf-8</CODE> but is overridden by the
character set for the language specified by the client or the
<CODE>DefaultLanguage</CODE> directive.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultEncryption">DefaultEncryption</A></H2>


<PRE CLASS="command">
DefaultEncryption Never
DefaultEncryption IfRequested
DefaultEncryption Required


<P>The <CODE>DefaultEncryption</CODE> directive specifies the
type of encryption to use when performing authentication. The
default is <CODE>Required</CODE>.</P>

<H2 CLASS="title"><A NAME="DefaultLanguage">DefaultLanguage</A></H2>


<PRE CLASS="command">
DefaultLanguage de
DefaultLanguage en
DefaultLanguage es
DefaultLanguage fr
DefaultLanguage it


<P>The <CODE>DefaultLanguage</CODE> directive specifies the
default language to use for client connections. Setting the
default language also sets the default character set if a
language localization file exists for it. The default language
is "en" for English.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultPolicy">DefaultPolicy</A></H2>


<PRE CLASS="command">
DefaultPolicy default
DefaultPolicy foo


<P>The <CODE>DefaultPolicy</CODE> directive specifies the default
policy to use for IPP operation. The default is

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="DefaultShared">DefaultShared</A></H2>


<PRE CLASS="command">
DefaultShared yes
DefaultShared no


<P>The <CODE>DefaultShared</CODE> directive specifies whether
printers are shared (published) by default. The default is

<H2 CLASS="title"><A NAME="Deny">Deny</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Deny from All
  Deny from None
  Deny from *
  Deny from
  Deny from
  Deny from nnn.*
  Deny from nnn.nnn.*
  Deny from nnn.nnn.nnn.*
  Deny from nnn.nnn.nnn.nnn
  Deny from nnn.nnn.nnn.nnn/mm
  Deny from nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
  Deny from xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
  Deny from @LOCAL
  Deny from @IF(name)


<P>The <CODE>Deny</CODE> directive specifies a hostname, IP
address, or network that is allowed access to the server.
<CODE>Deny</CODE> directives are cummulative, so multiple
<CODE>Deny</CODE> directives can be used to allow access for
multiple hosts or networks. The <CODE>/mm</CODE> notation
specifies a CIDR netmask, a shown in <A HREF="TABLE1">Table

<P>The <CODE>@LOCAL</CODE> name will deny access from all local
interfaces. The <CODE>@IF(name)</CODE> name will deny access from
the named interface. In both cases, CUPS only denies access from
the network that the interface(s) are configured for - requests
arriving on the interface from a foreign network will
<em>not</em> be denied.</P>

<P>The <CODE>Deny</CODE> directive must appear inside a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><A NAME="DocumentRoot">DocumentRoot</A></H2>


<PRE CLASS="command">
DocumentRoot /usr/share/doc/cups
DocumentRoot /foo/bar/doc/cups


<P>The <CODE>DocumentRoot</CODE> directive specifies the location
of web content for the HTTP server in CUPS. If an absolute path
is not specified then it is assumed to be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
default directory is <VAR>/usr/share/doc/cups-1.3.7</VAR>.</P>

<P>Documents are first looked up in a sub-directory for the
primary language requested by the client (e.g.
<VAR>/usr/share/doc/cups-1.3.7/fr/...</VAR>) and then directly under
the <CODE>DocumentRoot</CODE> directory (e.g.
<VAR>/usr/share/doc/cups-1.3.7/...</VAR>), so it is possible to
localize the web content by providing subdirectories for each
language needed.</P>

<H2 CLASS="title"><A NAME="Encryption">Encryption</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Encryption Never
  Encryption IfRequested
  Encryption Required


<P>The <CODE>Encryption</CODE> directive must appear instead a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section and specifies the
encryption settings for that location. The default setting is
<CODE>IfRequested</CODE> for all locations.</P>

<H2 CLASS="title"><A NAME="ErrorLog">ErrorLog</A></H2>


<PRE CLASS="command">
ErrorLog /var/log/cups/error_log
ErrorLog /var/log/cups/error_log-%s
ErrorLog syslog


<P>The <CODE>ErrorLog</CODE> directive sets the name of the error
log file. If the filename is not absolute then it is assumed to
be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
default error log file is <VAR>/var/log/cups/error_log</VAR>.</P>

<P>The server name can be included in the filename by using
<CODE>%s</CODE> in the name.</P>

<P>The special name "syslog" can be used to send the error
information to the system log instead of a plain file.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3</SPAN><A NAME="ErrorPolicy">ErrorPolicy</A></H2>


<PRE CLASS="command">
ErrorPolicy abort-job
ErrorPolicy retry-job
ErrorPolicy stop-printer


<P>The <CODE>ErrorPolicy</CODE> directive defines the default policy that
is used when a backend is unable to send a print job to the

<P>The following values are supported:</P>


	<LI><CODE>abort-job</CODE> - Abort the job and proceed
	with the next job in the queue</LI>

	<LI><CODE>retry-job</CODE> - Retry the job after waiting
	for N seconds; the <VAR>cupsd.conf</VAR> <A
	directive controls the value of N</LI>

	<LI><CODE>stop-printer</CODE> - Stop the printer and keep
	the job for future printing; this is the default


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.4</SPAN><A NAME="FatalErrors">FatalErrors</A></H2>


<PRE CLASS="command">
FatalErrors none
FatalErrors all
FatalErrors browse
FatalErrors config
FatalErrors listen
FatalErrors log
FatalErrors permissions
FatalErrors all -permissions
FatalErrors config permissions log


<P>The <CODE>FatalErrors</CODE> directive determines whether certain kinds of
errors are fatal. The following kinds of errors are currently recognized:</P>


	<LI><CODE>none</CODE> - No errors are fatal</LI>

	<LI><CODE>all</CODE> - All of the errors below are fatal</LI>

	<LI><CODE>browse</CODE> - Browsing initialization errors are fatal,
	for example failed binding to the CUPS browse port or failed connections
	to LDAP servers</LI>

	<LI><CODE>config</CODE> - Configuration file syntax errors are

	<LI><CODE>listen</CODE> - Listen or Port errors are fatal, except for
	IPv6 failures on the loopback or "any" addresses</LI>

	<LI><CODE>log</CODE> - Log file creation or write errors are fatal</LI>

	<LI><CODE>permissions</CODE> - Bad startup file permissions are
	fatal, for example shared SSL certificate and key files with world-
	read permissions</LI>


<P>Multiple errors can be listed, and the form "-kind" can be used with
<CODE>all</CODE> to remove specific kinds of errors. The default setting is

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.18</SPAN><A NAME="FileDevice">FileDevice</A></H2>


<PRE CLASS="command">
FileDevice Yes
FileDevice No


<P>The <CODE>FileDevice</CODE> directive determines whether the
scheduler allows new printers to be added using device URIs of
the form <CODE>file:/filename</CODE>. File devices are most often
used to test new printer drivers and do not support raw file

<P>The default setting is <CODE>No</CODE>.</P>


<P>File devices are managed by the scheduler. Since the
scheduler normally runs as the root user, file devices
can be used to overwrite system files and potentially
gain unauthorized access to the system. If you must
create printers using file devices, we recommend that
you set the <CODE>FileDevice</CODE> directive to
<CODE>Yes</CODE> for only as long as you need to add the
printers to the system, and then reset the directive to


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="FilterLimit">FilterLimit</A></H2>


<PRE CLASS="command">
FilterLimit 0
FilterLimit 200
FilterLimit 1000


<P>The <CODE>FilterLimit</CODE> directive sets the maximum cost
of all running job filters. It can be used to limit the number of
filter programs that are run on a server to minimize disk,
memory, and CPU resource problems. A limit of 0 disables filter

<P>An average print to a non-PostScript printer needs a filter
limit of about 200. A PostScript printer needs about half that
(100). Setting the limit below these thresholds will effectively
limit the scheduler to printing a single job at any time.</P>

<P>The default limit is 0.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="FilterNice">FilterNice</A></H2>


<PRE CLASS="command">
FilterNice 0
FilterNice 10
FilterNice 19


<P>The <CODE>FilterNice</CODE> directive sets the <B>nice(1)</B>
value to assign to filter processes. The nice value ranges from
0, the highest priority, to 19, the lowest priority. The default
is 0.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="FontPath">FontPath</A></H2>


<PRE CLASS="command">
FontPath /foo/bar/fonts
FontPath /usr/share/cups/fonts:/foo/bar/fonts


<P>The <CODE>FontPath</CODE> directive specifies the font path to
use when searching for fonts. The default font path is

<H2 CLASS="title"><A NAME="Group">Group</A></H2>


<PRE CLASS="command">
Group lp
Group nobody


<P>The <CODE>Group</CODE> directive specifies the UNIX group that
filter and CGI programs run as. The default group is
system-specific but is usually <CODE>lp</CODE> or

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.3</SPAN><A NAME="GSSServiceName">GSSServiceName</A></H2>


<PRE CLASS="command">
GSSServiceName IPP
GSSServiceName HTTP


<P>The <CODE>GSSServiceName</CODE> directive specifies the Kerberos service name that is used when passing authorization tickets. The default name is <CODE>IPP</CODE>.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="HideImplicitMembers">HideImplicitMembers</A></H2>


<PRE CLASS="command">
HideImplicitMembers Yes
HideImplicitMembers No


<P>The <CODE>HideImplicitMembers</CODE> directive controls
whether the individual printers in an implicit class are hidden
from the user. The default is <CODE>Yes</CODE>.</P>

<P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A>
must be enabled for this directive to have any effect.</P>

<H2 CLASS="title"><A NAME="HostNameLookups">HostNameLookups</A></H2>


<PRE CLASS="command">
HostNameLookups On
HostNameLookups Off
HostNameLookups Double


<P>The <CODE>HostNameLookups</CODE> directive controls whether or
not CUPS looks up the hostname for connecting clients. The
<CODE>Double</CODE> setting causes CUPS to verify that the
hostname resolved from the address matches one of the addresses
returned for that hostname. <CODE>Double</CODE> lookups also
prevent clients with unregistered addresses from connecting to
your server.</P>

<P>The default is <CODE>Off</CODE> to avoid the potential server
performance problems with hostname lookups. Set this option to
<CODE>On</CODE> or <CODE>Double</CODE> only if absolutely

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.10</SPAN><A NAME="ImplicitAnyClasses">ImplicitAnyClasses</A></H2>


<PRE CLASS="command">
ImplicitAnyClasses On
ImplicitAnyClasses Off


<P>The <CODE>ImplicitAnyClasses</CODE> directive controls
whether implicit classes for local and remote printers are
created with the name <CODE>AnyPrinter</CODE>. The default
setting is <CODE>Off</CODE>.</P>

<P><A HREF="#ImplicitClasses"><CODE>ImplicitClasses</CODE></A>
must be enabled for this directive to have any effect.</P>

<H2 CLASS="title"><A NAME="ImplicitClasses">ImplicitClasses</A></H2>


<PRE CLASS="command">
ImplicitClasses On
ImplicitClasses Off


<P>The <CODE>ImplicitClasses</CODE> directive controls whether
implicit classes are created based upon the available network
printers and classes. The default setting is
<CODE>Yes</CODE> but is automatically turned
<CODE>Off</CODE> if <A HREF="#Browsing"><CODE>Browsing</CODE></A> is turned

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.9</SPAN><A NAME="Include">Include</A></H2>


<PRE CLASS="command">
Include filename
Include /foo/bar/filename


<P>The <CODE>Include</CODE> directive includes the named file in
the <CODE>cupsd.conf</CODE> file. If no leading path is provided,
the file is assumed to be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="JobRetryInterval">JobRetryInterval</A></H2>


<PRE CLASS="command">
JobRetryInterval 30
JobRetryInterval 120


<P>The <CODE>JobRetryInterval</CODE> directive specifies the
number of seconds to wait before retrying a job. This is
typically used for fax queues but can also be used with normal
print queues whose error policy is <CODE>retry-job</CODE>. The
default is 30 seconds.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="JobRetryLimit">JobRetryLimit</A></H2>


<PRE CLASS="command">
JobRetryLimit 5
JobRetryLimit 50


<P>The <CODE>JobRetryLimit</CODE> directive specifies the maximum
number of times the scheduler will try to print a job. This is
typically used for fax queues but can also be used with normal
print queues whose error policy is <CODE>retry-job</CODE>. The
default is 5 times.</P>

<H2 CLASS="title"><A NAME="KeepAlive">KeepAlive</A></H2>


<PRE CLASS="command">
KeepAlive On
KeepAlive Off


<P>The <CODE>KeepAlive</CODE> directive controls whether or not
to support persistent HTTP connections. The default is

<P>HTTP/1.1 clients automatically support persistent connections,
while HTTP/1.0 clients must specifically request them using the
<CODE>Keep-Alive</CODE> attribute in the <CODE>Connection:</CODE>
field of each request.</P>

<H2 CLASS="title"><A NAME="KeepAliveTimeout">KeepAliveTimeout</A></H2>


<PRE CLASS="command">
KeepAliveTimeout 60
KeepAliveTimeout 30


<P>The <CODE>KeepAliveTimeout</CODE> directive controls how long
a persistent HTTP connection will remain open after the last
request. The default is 60 seconds.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Limit">Limit (Location)</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  &lt;Limit GET POST&gt;

  &lt;Limit ALL&gt;


<P>The <CODE>Limit</CODE> directive groups access control
directives for specific types of HTTP requests and must appear
inside a <A HREF="#Location"><CODE>Location</CODE></A> section.
Access can be limited for individual request types
<CODE>TRACE</CODE>) or for all request types (<CODE>ALL</CODE>).
The request type names are case-sensitive for compatibility with

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="LimitIPP">Limit (Policy)</A></H2>


<PRE CLASS="command">
&lt;Policy name&gt;
  &lt;Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer&gt;

  &lt;Limit All&gt;


<P>When included in <A HREF="#Policy"><CODE>Policy</CODE></A>
sections, the <CODE>Limit</CODE> directive groups access control
directives for specific IPP operations. Multiple operations can
be listed, separated by spaces. Table 2 lists the supported

<DIV CLASS="table"><TABLE SUMMARY="Supported IPP Operations">
<CAPTION>Table 2: <A NAME="TABLE2">Supported IPP Operations</A></CAPTION>
	<TH>Operation Name</TH>
	<TD>All operations - used as the default limit for
	operations that are not listed</TD>
	<TD>Cancel a job</TD>
	<TD>Cancel a subscription</TD>
	<TD>Create a new, empty job</TD>
	<TD>Creates a notification subscription on a job</TD>
	<TD>Creates a notification subscription on a printer</TD>
	<TD>Sets the printer-is-accepting-jobs value for a printer to true</TD>
	<TD>Adds or modifies a class</TD>
	<TD>Adds or modifies a printer</TD>
	<TD>Authenticates a job for printing</TD>
	<TD>Deletes a class</TD>
	<TD>Deletes a printer</TD>
	<TD>Gets a list of classes</TD>
	<TD>Gets the (network/server) default printer or class</TD>
	<TD>Gets a list of available devices</TD>
	<TD>Gets a list of available manufacturers or drivers</TD>
	<TD>Gets a list of printers and/or classes</TD>
	<TD>Moves a job to a new destination</TD>
	<TD>Sets the printer-is-accepting-jobs value for a printer to false</TD>
	<TD>Sets the network/server default printer or class</TD>
	<TD>Sets the printer-state value for a printer to stopped</TD>
	<TD>Sets the printer-state value for a printer to idle/processing</TD>
	<TD>Gets information about a job</TD>
	<TD>Gets a list of jobs</TD>
	<TD>Gets a list of events</TD>
	<TD>Gets informaion about a printer or class</TD>
	<TD>Gets informaion about a notification subscription</TD>
	<TD>Gets a list of notification subscriptions</TD>
	<TD>Holds a job for printing</TD>
	<TD>Sets the printer-state value for a printer to stopped</TD>
	<TD>Creates a job with a single file for printing</TD>
	<TD>Removes all jobs from a printer</TD>
	<TD>Releases a previously held job for printing</TD>
	<TD>Renews a notification subscription</TD>
	<TD>Reprints a job</TD>
	<TD>Sets the printer-stae value for a printer to idle/processing</TD>
	<TD>Adds a file to an job created with Create-Job</TD>
	<TD>Changes job options</TD>
	<TD>Validates job options prior to printing</TD>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="LimitExcept">LimitExcept</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  &lt;LimitExcept GET POST&gt;


<P>The <CODE>LimitExcept</CODE> directive groups access control
directives for specific types of HTTP requests and must appear
inside a <A HREF="#Location"><CODE>Location</CODE></A> section.
Unlike the <A HREF="#Limit"><CODE>Limit</CODE></A> directive,
<CODE>LimitExcept</CODE> restricts access for all requests
<I>except</I> those listed on the <CODE>LimitExcept</CODE>

<H2 CLASS="title"><A NAME="LimitRequestBody">LimitRequestBody</A></H2>


<PRE CLASS="command">
LimitRequestBody 10485760
LimitRequestBody 10m
LimitRequestBody 0


<P>The <CODE>LimitRequestBody</CODE> directive controls the
maximum size of print files, IPP requests, and HTML form data in
HTTP POST requests. The default limit is 0 which disables the
limit check.</P>

<H2 CLASS="title"><A NAME="Listen">Listen</A></H2>


<PRE CLASS="command">
Listen [::1]:631
Listen *:631


<P>The <CODE>Listen</CODE> directive specifies a network address
and port to listen for connections. Multiple <CODE>Listen</CODE>
directives can be provided to listen on multiple addresses.</P>

<P>The <CODE>Listen</CODE> directive is similar to the <A
HREF="#Port"><CODE>Port</CODE></A> directive but allows you to
restrict access to specific interfaces or networks.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="ListenBackLog">ListenBackLog</A></H2>


<PRE CLASS="command">
ListenBackLog 5
ListenBackLog 10


<P>The <CODE>ListenBackLog</CODE> directive sets the maximum
number of pending connections the scheduler will allow. This
normally only affects very busy servers that have reached the <A
HREF="#MaxClients"><CODE>MaxClients</CODE></A> limit, but can
also be triggered by large numbers of simultaneous connections.
When the limit is reached, the operating system will refuse
additional connections until the scheduler can accept the pending
ones. The default is the OS-defined default limit, typically
either 5 for older operating systems or 128 for newer operating

<H2 CLASS="title"><A NAME="Location">Location</A></H2>


<PRE CLASS="command">
&lt;Location /&gt;

&lt;Location /admin&gt;

&lt;Location /admin/conf&gt;

&lt;Location /admin/log&gt;

&lt;Location /classes&gt;

&lt;Location /classes/name&gt;

&lt;Location /jobs&gt;

&lt;Location /printers&gt;

&lt;Location /printers/name&gt;



<P>The <CODE>Location</CODE> directive specifies access control
and authentication options for the specified HTTP resource or
path.  The  <A HREF="#Allow"><CODE>Allow</CODE></A>,  <A
HREF="#AuthType"><CODE>AuthType</CODE></A>,  <A
HREF="#Deny"><CODE>Deny</CODE></A>,  <A
HREF="#Encryption"><CODE>Encryption</CODE></A>,  <A
HREF="#Limit"><CODE>Limit</CODE></A>,  <A
HREF="#LimitExcept"><CODE>LimitExcept</CODE></A>,  <A
HREF="#Order"><CODE>Order</CODE></A>,  <A
HREF="#Require"><CODE>Require</CODE></A>, and <A
HREF="#Satisfy"><CODE>Satisfy</CODE></A> directives may all
appear inside a location.</P>

<P>Note that more specific resources override the less specific
ones. So the directives inside the <CODE>/printers/name</CODE>
location will override ones from <CODE>/printers</CODE>.
Directives inside <CODE>/printers</CODE> will override ones from
<CODE>/</CODE>. None of the directives are inherited.</P>

<DIV CLASS="table"><TABLE SUMMARY="Common Locaions on the Server">
<CAPTION>Table 3: <A NAME="TABLE3">Common Locations on the Server</A></CAPTION>
<TR><TD><CODE>/</CODE></TD><TD>The path for all get operations (get-printers, get-jobs, etc.)</TD></TR>
<TR><TD><CODE>/admin</CODE></TD><TD>The path for all administration operations (add-printer, delete-printer, start-printer, etc.)</TD></TR>
<TR><TD><CODE>/admin/conf</CODE></TD><TD>The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.)</TD></TR>
<TR><TD><CODE>/admin/log</CODE></TD><TD>The path for access to the CUPS log files (access_log, error_log, page_log)</TD></TR>
<TR><TD><CODE>/classes</CODE></TD><TD>The path for all classes</TD></TR>
<TR><TD><CODE>/classes/name</CODE></TD><TD>The resource for class <CODE>name</CODE></TD></TR>
<TR><TD><CODE>/jobs</CODE></TD><TD>The path for all jobs (hold-job, release-job, etc.)</TD></TR>
<TR><TD><CODE>/jobs/id</CODE></TD><TD>The resource for job <CODE>id</CODE></TD></TR>
<TR><TD><CODE>/printers</CODE></TD><TD>The path for all printers</TD></TR>
<TR><TD><CODE>/printers/name</CODE></TD><TD>The path for printer <CODE>name</CODE></TD></TR>
<TR><TD><CODE>/printers/name.ppd</CODE></TD><TD>The PPD file path for printer <CODE>name</CODE></TD></TR>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.15</SPAN><A NAME="LogFilePerm">LogFilePerm</A></H2>


<PRE CLASS="command">
LogFilePerm 0644
LogFilePerm 0600


<P>The <CODE>LogFilePerm</CODE> directive specifies the
permissions to use when writing configuration files. The default
is 0600.</P>

<H2 CLASS="title"><A NAME="LogLevel">LogLevel</A></H2>


<PRE CLASS="command">
LogLevel none
LogLevel emerg
LogLevel alert
LogLevel crit
LogLevel error
LogLevel warn
LogLevel notice
LogLevel info
LogLevel debug
LogLevel debug2


<P>The <CODE>LogLevel</CODE> directive specifies the level of
logging for the <A HREF="#ErrorLog"><CODE>ErrorLog</CODE></A>
file. The following values are recognized (each level logs
everything under the preceding levels):</P>


	<LI><CODE>none</CODE> - Log nothing</LI>

	<LI><CODE>emerg</CODE> - Log emergency conditions that
	prevent the server from running</LI>

	<LI><CODE>alert</CODE> - Log alerts that must be handled

	<LI><CODE>crit</CODE> - Log critical errors that don't
	prevent the server from running</LI>

	<LI><CODE>error</CODE> - Log general errors</LI>

	<LI><CODE>warn</CODE> - Log errors and warnings</LI>

	<LI><CODE>notice</CODE> - Log temporary error conditions</LI>

	<LI><CODE>info</CODE> - Log all requests and state
	changes (default)</LI>

	<LI><CODE>debug</CODE> - Log basic debugging

	<LI><CODE>debug2</CODE> - Log all debugging


<H2 CLASS="title"><A NAME="MaxClients">MaxClients</A></H2>


<PRE CLASS="command">
MaxClients 100
MaxClients 1024


<P>The <CODE>MaxClients</CODE> directive controls the maximum
number of simultaneous clients that will be allowed by the
server. The default is 100 clients.</P>


<P>Since each print job requires a file descriptor for the status
pipe, the scheduler internally limits the <CODE>MaxClients</CODE>
value to 1/3 of the available file descriptors to avoid possible
problems when printing large numbers of jobs.</P>


<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.18</SPAN><A NAME="MaxClientsPerHost">MaxClientsPerHost</A></H2>


<PRE CLASS="command">
MaxClientsPerHost 10


<P>The <CODE>MaxClientsPerHost</CODE> directive controls the
maximum number of simultaneous clients that will be allowed from
a single host by the server. The default is the
<CODE>MaxClients</CODE> value.</P>

<P>This directive provides a small measure of protection against
Denial of Service attacks from a single host.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="MaxCopies">MaxCopies</A></H2>


<PRE CLASS="command">
MaxCopies 100
MaxCopies 65535


<P>The <CODE>MaxCopies</CODE> directive controls the maximum
number of copies that a user can print of a job. The default is
100 copies.</P>


<P>Most HP PCL laser printers internally limit the number of
copies to 100.</P>


<H2 CLASS="title"><A NAME="MaxJobs">MaxJobs</A></H2>


<PRE CLASS="command">
MaxJobs 100
MaxJobs 9999
MaxJobs 0


<P>The <CODE>MaxJobs</CODE> directive controls the maximum number
of jobs that are kept in memory. Once the number of jobs reaches
the limit, the oldest completed job is automatically purged from
the system to make room for the new one. If all of the known jobs
are still pending or active then the new job will be

<P>Setting the maximum size to 0 disables this functionality. The
default setting is 500.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="MaxJobsPerPrinter">MaxJobsPerPrinter</A></H2>


<PRE CLASS="command">
MaxJobsPerPrinter 100
MaxJobsPerPrinter 9999
MaxJobsPerPrinter 0


<P>The <CODE>MaxJobsPerPrinter</CODE> directive controls the
maximum number of active jobs that are allowed for each printer
or class. Once a printer or class reaches the limit, new jobs
will be rejected until one of the active jobs is completed,
stopped, aborted, or canceled.</P>

<P>Setting the maximum to 0 disables this functionality. The
default setting is 0.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="MaxJobsPerUser">MaxJobsPerUser</A></H2>


<PRE CLASS="command">
MaxJobsPerUser 100
MaxJobsPerUser 9999
MaxJobsPerUser 0


<P>The <CODE>MaxJobsPerUser</CODE> directive controls the maximum
number of active jobs that are allowed for each user. Once a user
reaches the limit, new jobs will be rejected until one of the
active jobs is completed, stopped, aborted, or canceled.</P>

<P>Setting the maximum to 0 disables this functionality. The
default setting is 0.</P>

<H2 CLASS="title"><A NAME="MaxLogSize">MaxLogSize</A></H2>


<PRE CLASS="command">
MaxLogSize 1048576
MaxLogSize 1m
MaxLogSize 0


<P>The <CODE>MaxLogSize</CODE> directive controls the maximum
size of each log file. Once a log file reaches or exceeds the
maximum size it is closed and renamed to <VAR>filename.O</VAR>.
This allows you to rotate the logs automatically. The default
size is 1048576 bytes (1MB).</P>

<P>Setting the maximum size to 0 disables log rotation.</P>

<H2 CLASS="title"><SPAN CLASS="info">Deprecated</SPAN><A NAME="MaxRequestSize">MaxRequestSize</A></H2>


<PRE CLASS="command">
MaxRequestSize 10485760
MaxRequestSize 10m
MaxRequestSize 0


<P>The <CODE>MaxRequestSize</CODE> directive controls the maximum
size of print files, IPP requests, and HTML form data in HTTP
POST requests. The default limit is 0 which disables the limit

<P><B>This directive is deprecated and will be removed in a
future CUPS release.</B> Use the <A
directive instead.</P>

<H2 CLASS="title"><A NAME="Order">Order</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Order Allow,Deny
  Order Deny,Allow


<P>The <CODE>Order</CODE> directive defines the default access
control. The following values are supported:</P>


	<LI><CODE>allow,deny</CODE> - Deny requests by default,
	then check the <A HREF="#Allow"><CODE>Allow</CODE></A>
	lines followed by the <A
	HREF="#Deny"><CODE>Deny</CODE></A> lines</LI>

	<LI><CODE>deny,allow</CODE> - Allow requests by default,
	then check the <A HREF="#Deny"><CODE>Deny</CODE></A>
	lines followed by the <A
	HREF="#Allow"><CODE>Allow</CODE></A> lines</LI>


<P>The <CODE>Order</CODE> directive must appear inside a <A
HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><A NAME="PageLog">PageLog</A></H2>


<PRE CLASS="command">
PageLog /var/log/cups/page_log
PageLog /var/log/cups/page_log-%s
PageLog syslog


<P>The <CODE>PageLog</CODE> directive sets the name of the page
log file. If the filename is not absolute then it is assumed to
be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
default page log file is <VAR>/var/log/cups/page_log</VAR>.</P>

<P>The server name can be included in the filename by using
<CODE>%s</CODE> in the name.</P>

<P>The special name "syslog" can be used to send the page
information to the system log instead of a plain file.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="PassEnv">PassEnv</A></H2>


<PRE CLASS="command">


<P>The <CODE>PassEnv</CODE> directive specifies an environment
variable that should be passed to child processes. Normally, the
scheduler only passes the <CODE>DYLD_LIBRARY_PATH</CODE>,
environment variables to child processes.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="Policy">Policy</A></H2>


<PRE CLASS="command">
&lt;Policy name&gt;
  &lt;Limit operation ... operation&gt;
  &lt;Limit operation ... operation&gt;
  &lt;Limit All&gt;


<P>The <CODE>Policy</CODE> directive specifies IPP operation
access control limits. Each policy contains 1 or more <A
HREF="#LimitIPP"><CODE>Limit</CODE></A> sections to set the
access control limits for specific operations - user limits,
authentication, encryption, and allowed/denied addresses,
domains, or hosts. The <CODE>&lt;Limit All&gt;</CODE> section
specifies the default access control limits for operations that
are not listed.</P>

<P>Policies are named and associated with printers via the
printer's operation policy setting
(<CODE>printer-op-policy</CODE>). The default policy for the
scheduler is specified using the <A

<H2 CLASS="title"><A NAME="Port">Port</A></H2>


<PRE CLASS="command">
Port 631
Port 80


<P>The <CODE>Port</CODE> directive specifies a port to listen on.
Multiple <CODE>Port</CODE> lines can be specified to listen on
multiple ports. The <CODE>Port</CODE> directive is equivalent to
"<CODE>Listen *:nnn</CODE>". The default port is 631.</P>


<P>On systems that support IPv6, this directive will bind to both
the IPv4 and IPv6 wildcard address.</P>


<H2 CLASS="title"><A NAME="PreserveJobHistory">PreserveJobHistory</A></H2>


<PRE CLASS="command">
PreserveJobHistory On
PreserveJobHistory Off


<P>The <CODE>PreserveJobHistory</CODE> directive controls whether
the history of completed, canceled, or aborted print jobs is
stored on disk.</P>

<P>A value of <CODE>On</CODE> (the default) preserves job
information until the administrator purges it with the
<CODE>cancel</CODE> command.</P>

<P>A value of <CODE>Off</CODE> removes the job information as
soon as each job is completed, canceled, or aborted.</P>

<H2 CLASS="title"><A NAME="PreserveJobFiles">PreserveJobFiles</A></H2>


<PRE CLASS="command">
PreserveJobFiles On
PreserveJobFiles Off


<P>The <CODE>PreserveJobFiles</CODE> directive controls whether
the document files of completed, canceled, or aborted print jobs
are stored on disk.</P>

<P>A value of <CODE>On</CODE> preserves job files until the
administrator purges them with the <CODE>cancel</CODE> command.
Jobs can be restarted (and reprinted) as desired until they are

<P>A value of <CODE>Off</CODE> (the default) removes the job
files as soon as each job is completed, canceled, or aborted.</P>

<H2 CLASS="title"><A NAME="Printcap">Printcap</A></H2>


<PRE CLASS="command">
Printcap /etc/printcap
Printcap /etc/printers.conf


<P>The <CODE>Printcap</CODE> directive controls whether or not a
printcap file is automatically generated and updated with a list
of available printers. If specified with no value, then no
printcap file will be generated. The default is to generate a
file named <VAR>/etc/printcap</VAR>.</P>

<P>When a filename is specified (e.g. <VAR>/etc/printcap</VAR>),
the printcap file is written whenever a printer is added or
removed. The printcap file can then be used by applications that
are hardcoded to look at the printcap file for the available

<H2 CLASS="title"><A NAME="PrintcapFormat">PrintcapFormat</A></H2>


<PRE CLASS="command">
PrintcapFormat BSD
PrintcapFormat Solaris


<P>The <CODE>PrintcapFormat</CODE> directive controls the output
format of the printcap file. The default is to generate a BSD
printcap file.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.13</SPAN><A NAME="PrintcapGUI">PrintcapGUI</A></H2>


<PRE CLASS="command">
PrintGUI /usr/bin/glpoptions


<P>The <CODE>PrintcapGUI</CODE> directive sets the program to
associate with the IRIX printer GUI interface script which is
used by IRIX applications to display printer-specific options.
There is no default program.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ReloadTimeout">ReloadTimeout</A></H2>


<PRE CLASS="command">
ReloadTimeout 0
ReloadTimeout 60


<P>The <CODE>ReloadTimeout</CODE> directive specifies the number
of seconds the scheduler will wait for active jobs to complete
before doing a restart. The default is 60 seconds.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.3</SPAN><A NAME="RemoteRoot">RemoteRoot</A></H2>


<PRE CLASS="command">
RemoteRoot remroot
RemoteRoot root


<P>The <CODE>RemoteRoot</CODE> directive sets the username for
unauthenticated root requests from remote hosts. The default
username is <VAR>remroot</VAR>. Setting <CODE>RemoteRoot</CODE>
to <VAR>root</VAR> effectively disables this security

<H2 CLASS="title"><A NAME="RequestRoot">RequestRoot</A></H2>


<PRE CLASS="command">
RequestRoot /var/spool/cups
RequestRoot /foo/bar/spool/cups


<P>The <CODE>RequestRoot</CODE> directive sets the directory for
incoming IPP requests and HTML forms. If an absolute path is not
provided then it is assumed to be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
default request directory is <VAR>/var/spool/cups</VAR>.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Require">Require</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Require group foo bar
  Require user john mary
  Require valid-user
  Require user @groupname
  Require user @SYSTEM
  Require user @OWNER


<P>The <CODE>Require</CODE> directive specifies that
authentication is required for the resource. The
<CODE>group</CODE> keyword specifies that the authenticated user
must be a member of one or more of the named groups that

<P>The <CODE>user</CODE> keyboard specifies that the
authenticated user must be one of the named users or groups that
follow. Group names are specified using the "@" prefix.</P>

<P>The <CODE>valid-user</CODE> keyword specifies that any
authenticated user may access the resource.</P>

<P>The default is to do no authentication. This directive must
appear inside a <A HREF="#Location"><CODE>Location</CODE></A> or
<A HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><A NAME="RIPCache">RIPCache</A></H2>


<PRE CLASS="command">
RIPCache 8m
RIPCache 1g
RIPCache 2048k


<P>The <CODE>RIPCache</CODE> directive sets the size of the
memory cache used by Raster Image Processor ("RIP") filters such
as <CODE>imagetoraster</CODE> and <CODE>pstoraster</CODE>. The
size can be suffixed with a "k" for kilobytes, "m" for megabytes,
or "g" for gigabytes. The default cache size is "8m", or 8

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.16</SPAN><A NAME="RootCertDuration">RootCertDuration</A></H2>


<PRE CLASS="command">
RootCertDuration 0
RootCertDuration 300


<P>The <CODE>RootCertDuration</CODE> directive specifies the
number of seconds the <EM>root certificate</EM> remains valid.
The scheduler will generate a new certificate as needed when the
number of seconds has expired. If set to 0, the root certificate
is generated only once on startup or on a restart. The default is
300 seconds.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.7</SPAN><A NAME="Satisfy">Satisfy</A></H2>


<PRE CLASS="command">
&lt;Location /path&gt;
  Satisfy all
  Satisfy any


<P>The <CODE>Satisfy</CODE> directive specifies whether all
conditions must be satisfied to allow access to the resource. If
set to <CODE>all</CODE>, then all authentication and access
control conditions must be satified to allow access.</P>

<P>Setting <CODE>Satisfy</CODE> to <CODE>any</CODE> allows a user
to gain access if the authentication or access control
requirements are satisfied. For example, you might require
authentication for remote access, but allow local access without

<P>The default is <CODE>all</CODE>. This directive must appear
inside a <A HREF="#Location"><CODE>Location</CODE></A> or <A
HREF="#Limit"><CODE>Limit</CODE></A> section.</P>

<H2 CLASS="title"><A NAME="ServerAdmin">ServerAdmin</A></H2>


<PRE CLASS="command">
ServerAdmin user@host


<P>The <CODE>ServerAdmin</CODE> directive identifies the email
address for the administrator on the system. By default the
administrator email address is <CODE>root@server</CODE>, where
<CODE>server</CODE> is the <A

<H2 CLASS="title"><A NAME="ServerBin">ServerBin</A></H2>


<PRE CLASS="command">
ServerBin /usr/lib/cups
ServerBin /foo/bar/lib/cups


<P>The <CODE>ServerBin</CODE> directive sets the directory for
server-run executables. If an absolute path is not provided then
it is assumed to be relative to the <A
HREF="#ServerRoot"><CODE>ServerRoot</CODE></A> directory. The
default executable directory is <VAR>/usr/lib/cups</VAR>,
<VAR>/usr/lib32/cups</VAR>, or <VAR>/usr/libexec/cups</VAR>
depending on the operating system.</P>

<H2 CLASS="title"><A NAME="ServerCertificate">ServerCertificate</A></H2>


<PRE CLASS="command">
ServerCertificate /etc/cups/ssl/server.crt


<P>The <CODE>ServerCertificate</CODE> directive specifies the
location of the SSL certificate file used by the server when
negotiating encrypted connections. The certificate must not be
encrypted (password protected) since the scheduler normally runs
in the background and will be unable to ask for a password.</P>

<P>The default certificate file is

<H2 CLASS="title"><A NAME="ServerKey">ServerKey</A></H2>


<PRE CLASS="command">
ServerKey /etc/cups/ssl/server.key


<P>The <CODE>ServerKey</CODE> directive specifies the location of
the SSL private key file used by the server when negotiating
encrypted connections.</P>

<P>The default key file is

<H2 CLASS="title"><A NAME="ServerName">ServerName</A></H2>


<PRE CLASS="command">


<P>The <CODE>ServerName</CODE> directive specifies the hostname
that is reported to clients. By default the server name is the

<H2 CLASS="title"><A NAME="ServerRoot">ServerRoot</A></H2>


<PRE CLASS="command">
ServerRoot /etc/cups
ServerRoot /foo/bar/cups


<P>The <CODE>ServerRoot</CODE> directive specifies the absolute
path to the server configuration and state files. It is also used
to resolve relative paths in the <VAR>cupsd.conf</VAR> file. The
default server directory is <VAR>/etc/cups</VAR>.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.1.21</SPAN><A NAME="ServerTokens">ServerTokens</A></H2>


<PRE CLASS="command">
ServerTokens None
ServerTokens ProductOnly
ServerTokens Major
ServerTokens Minor
ServerTokens Minimal
ServerTokens OS
ServerTokens Full


<P>The <CODE>ServerTokens</CODE> directive specifies the
information that is included in the <CODE>Server:</CODE> header
of all HTTP responses. Table 4 lists the token name along with
the text that is returned. The default is

<DIV CLASS="table"><TABLE SUMMARY="ServerToken Names and Values">
<CAPTION>Table 4: <A NAME="TABLE4">ServerToken Names and Values</A></CAPTION>
	<TD>No <CODE>Server:</CODE> header is returned</TD>
	<TD>"CUPS 1"</TD>
	<TD>"CUPS 1.2"</TD>
	<TD>"CUPS 1.2.N" where N is the patch release</TD>
	<TD>"CUPS 1.2.N (UNAME)" where N is the patch release and
	UNAME is the output of the <B>uname(1)</B> command</TD>
	<TD>"CUPS 1.2.N (UNAME) IPP/1.1" where N is the patch
	release and UNAME is the output of the <B>uname(1)</B>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="SetEnv">SetEnv</A></H2>


<PRE CLASS="command">
SetEnv PATH /usr/lib/cups/filter:/bin:/usr/bin:/usr/local/bin
SetEnv MY_ENV_VAR foo


<P>The <CODE>SetEnv</CODE> directive specifies an environment
variable that should be passed to child processes.</P>

<H2 CLASS="title"><A NAME="SSLListen">SSLListen</A></H2>


<PRE CLASS="command">


<P>The <CODE>SSLListen</CODE> directive specifies a network
address and port to listen for secure connections. Multiple
<CODE>SSLListen</CODE> directives can be provided to listen on
multiple addresses.</P>

<P>The <CODE>SSLListen</CODE> directive is similar to the <A
HREF="#SSLPort"><CODE>SSLPort</CODE></A> directive but allows you
to restrict access to specific interfaces or networks.</P>

<H2 CLASS="title"><A NAME="SSLPort">SSLPort</A></H2>


<PRE CLASS="command">
SSLPort 443


<P>The <CODE>SSLPort</CODE> directive specifies a port to listen
on for secure connections. Multiple <CODE>SSLPort</CODE> lines
can be specified to listen on multiple ports.</P>

<H2 CLASS="title"><A NAME="SystemGroup">SystemGroup</A></H2>


<PRE CLASS="command">
SystemGroup lpadmin
SystemGroup sys
SystemGroup system
SystemGroup root
SystemGroup root lpadmin


<P>The <CODE>SystemGroup</CODE> directive specifies the system
administration group for <CODE>System</CODE> authentication.
Multiple groups can be listed, separated with spaces. The default
group list is <CODE>sys root</CODE>.</P>

<H2 CLASS="title"><A NAME="TempDir">TempDir</A></H2>


<PRE CLASS="command">
TempDir /var/tmp
TempDir /foo/bar/tmp


<P>The <CODE>TempDir</CODE> directive specifies an absolute path
for the directory to use for temporary files. The default
directory is <VAR>/var/spool/cups/tmp</VAR>.</P>

<P>Temporary directories must be world-writable and should have
the "sticky" permission bit enabled so that other users cannot
delete filter temporary files. The following commands will create
an appropriate temporary directory called

<PRE CLASS="command">
<KBD>mkdir /foo/bar/tmp</KBD>
<KBD>chmod a+rwxt /foo/bar/tmp</KBD>

<H2 CLASS="title"><A NAME="Timeout">Timeout</A></H2>


<PRE CLASS="command">
Timeout 300
Timeout 90


<P>The <CODE>Timeout</CODE> directive controls the amount of time
to wait before an active HTTP or IPP request times out. The
default timeout is 300 seconds.</P>

<H2 CLASS="title"><SPAN CLASS="info">CUPS 1.2</SPAN><A NAME="UseNetworkDefault">UseNetworkDefault</A></H2>


<PRE CLASS="command">
UseNetworkDefault yes
UseNetworkDefault no


<P>The <CODE>UseNetworkDefault</CODE> directive controls whether
the client will use a network/remote printer as a default
printer. If enabled, the default printer of a server is used as
the default printer on a client. When multiple servers are
advertising a default printer, the client's default printer is
set to the first discovered printer, or to the implicit class for
the same printer available from multiple servers.</P>

<P>The default is <CODE>Yes</CODE>.</P>

<H2 CLASS="title"><A NAME="User">User</A></H2>


<PRE CLASS="command">
User lp
User guest


<P>The <CODE>User</CODE> directive specifies the UNIX user that
filter and CGI programs run as. The default user is


<P>You may not use user <CODE>root</CODE>, as that would expose
the system to unacceptable security risks. The scheduler will
automatically choose user <CODE>nobody</CODE> if you specify a
user whose ID is 0.</P>