Created
October 24, 2016 13:51
-
-
Save nomaster/02805a0d5477223f0a20b416b3326149 to your computer and use it in GitHub Desktop.
Printserver configuration sample
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Configuration file for the CUPS scheduler. See "man cupsd.conf" for a | |
| # complete description of this file. | |
| # | |
| # Disable cups internal logging - use logrotate instead | |
| MaxLogSize 0 | |
| # Log general information in error_log - change "warn" to "debug" | |
| # for troubleshooting... | |
| LogLevel warn | |
| #PageLogFormat | |
| Port 80 | |
| Port 631 | |
| Listen /run/cups/cups.sock | |
| # Show shared printers on the local network. | |
| Browsing On | |
| BrowseLocalProtocols dnssd | |
| # Default authentication type, when authentication is required... | |
| DefaultAuthType Basic | |
| DefaultEncryption Never | |
| # Web interface setting... | |
| WebInterface Yes | |
| ServerAlias * | |
| PreserveJobHistory off | |
| PreserveJobFiles Off | |
| # Restrict access to the server... | |
| <Location /> | |
| Order allow,deny | |
| Allow from localhost | |
| Allow from 10.0.0.0/255.0.0.0 | |
| Allow from [2001:4dd0:fff4::]/48 | |
| Allow from [2a01:198:7a7::]/48 | |
| Allow from [2001:470:1f15:72::]/64 | |
| Allow from [2001:470:78f2::]/48 | |
| Allow from [fe80::]/64 | |
| </Location> | |
| # Restrict access to the admin pages... | |
| <Location /admin> | |
| # Encryption disabled by default | |
| #Encryption Required | |
| Order allow,deny | |
| Allow from localhost | |
| Allow from 10.0.0.0/255.0.0.0 | |
| Allow from [2001:4dd0:fff4::]/48 | |
| Allow from [2a01:198:7a7::]/48 | |
| Allow from [2001:470:1f15:72::]/64 | |
| Allow from [2001:470:78f2::]/48 | |
| Allow from [fe80::]/64 | |
| </Location> | |
| # Restrict access to configuration files... | |
| <Location /admin/conf> | |
| AuthType Basic | |
| Require user @SYSTEM | |
| Order allow,deny | |
| Allow From localhost | |
| Allow from 10.0.0.0/255.0.0.0 | |
| Allow from [2001:4dd0:fff4::]/48 | |
| Allow from [2a01:198:7a7::]/48 | |
| Allow from [2001:470:1f15:72::]/64 | |
| Allow from [2001:470:78f2::]/48 | |
| Allow from [fe80::]/64 | |
| </Location> | |
| # Set the default printer/job policies... | |
| <Policy default> | |
| # Job/subscription privacy... | |
| JobPrivateAccess default | |
| JobPrivateValues default | |
| SubscriptionPrivateAccess default | |
| SubscriptionPrivateValues default | |
| # Job-related operations must be done by the owner or an administrator... | |
| <Limit Create-Job Print-Job Print-URI Validate-Job> | |
| Order deny,allow | |
| </Limit> | |
| <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All administration operations require an administrator to authenticate... | |
| <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All printer operations require a printer operator to authenticate... | |
| <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # Only the owner or an administrator can cancel or authenticate a job... | |
| <Limit Cancel-Job CUPS-Authenticate-Job> | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| <Limit All> | |
| Order deny,allow | |
| </Limit> | |
| </Policy> | |
| # Set the authenticated printer/job policies... | |
| <Policy authenticated> | |
| # Job/subscription privacy... | |
| JobPrivateAccess default | |
| JobPrivateValues default | |
| SubscriptionPrivateAccess default | |
| SubscriptionPrivateValues default | |
| # Job-related operations must be done by the owner or an administrator... | |
| <Limit Create-Job Print-Job Print-URI Validate-Job> | |
| AuthType Default | |
| Order deny,allow | |
| </Limit> | |
| <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All administration operations require an administrator to authenticate... | |
| <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All printer operations require a printer operator to authenticate... | |
| <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # Only the owner or an administrator can cancel or authenticate a job... | |
| <Limit Cancel-Job CUPS-Authenticate-Job> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| <Limit All> | |
| Order deny,allow | |
| </Limit> | |
| </Policy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines 31-32 are important, so we don't retend user data.