Karla:/home/ulrich # cat /etc/cups/cupsd.conf # # "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" # # Configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn # Only listen for connections from the local machine. Listen localhost:631 Listen /run/cups/cups.sock # Show shared printers on the local network. Browsing On BrowseLocalProtocols dnssd # Default authentication type, when authentication is required... DefaultAuthType Basic # Web interface setting... WebInterface Yes # Restrict access to the server... Order allow,deny # Restrict access to the admin pages... Order allow,deny # Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny # Set the default printer/job policies... # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... Order deny,allow Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow Order deny,allow # Set the authenticated printer/job policies... # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow AuthType Default Require user @OWNER @SYSTEM Order deny,allow # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow Order deny,allow # The policy below is added by SUSE during build of our cups package. # The policy 'allowallforanybody' is totally open and insecure and therefore # it can only be used within an internal network where only trused users exist # and where the cupsd is not accessible at all from any external host, see # http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings # Have in mind that any user who is allowed to do printer admin tasks # can change the print queues as he likes - e.g. send copies of confidental # print jobs from an internal network to any external destination, see # http://en.opensuse.org/SDB:CUPS_in_a_Nutshell # For documentation regarding 'Managing Operation Policies' see # http://www.cups.org/documentation.php/doc-1.7/policies.html # Allow anybody to access job's private values: JobPrivateAccess all # Make none of the job values to be private: JobPrivateValues none # Allow anybody to access subscription's private values: SubscriptionPrivateAccess all # Make none of the subscription values to be private: SubscriptionPrivateValues none # Allow anybody to do all IPP operations: # Currently the IPP operations Validate-Job Cancel-Jobs Cancel-My-Jobs Close-Job CUPS-Get-Document # must be additionally exlicitly specified because those IPP operations are not included # in the "All" wildcard value - otherwise cupsd prints error messages of the form # "No limit for Validate-Job defined in policy allowallforanybody and no suitable template found." Order deny,allow Allow from all # Explicitly set the CUPS 'default' policy to be used by default: DefaultPolicy default # # End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". #