table of contents
cupsd.conf(5) | Apple Inc. | cupsd.conf(5) |
NAME¶
cupsd.conf - server configuration file for cups
DESCRIPTION¶
The cupsd.conf file configures the CUPS scheduler, cupsd(8). It is normally located in the /etc/cups directory. Note: File, directory, and user configuration directives that used to be allowed in the cupsd.conf file are now stored in the cups-files.conf(5) instead in order to prevent certain types of privilege escalation attacks.
Each line in the file can be a configuration directive, a blank line, or a comment. Comment lines start with the # character. The configuration directives are intentionally similar to those used by the popular Apache web server software and are described below.
DIRECTIVES¶
The following directives are understood by cupsd(8). Consult the on-line help for detailed descriptions:
- AccessLogLevel config
- AccessLogLevel actions
- AccessLogLevel all
-
Specifies the logging level for the AccessLog file. - Allow all
- Allow none
- Allow host.domain.com
- Allow *.domain.com
- Allow ip-address
- Allow ip-address/netmask
- Allow ip-address/mm
- Allow @IF(name)
- Allow @LOCAL
-
Allows access from the named hosts or addresses. - AuthType None
- AuthType Basic
- AuthType BasicDigest
- AuthType Digest
- AuthType Negotiate
-
Specifies the authentication type (None, Basic, BasicDigest, Digest, Negotiate) - AutoPurgeJobs Yes
- AutoPurgeJobs No
-
Specifies whether to purge job history data automatically when it is no longer required for quotas. - BrowseLocalProtocols [All] [DNSSD]
-
Specifies the protocols to use for local printer sharing. - BrowseWebIF Yes
- BrowseWebIF No
-
Specifies whether the CUPS web interface is advertised via DNS-SD. - Browsing Yes
- Browsing No
-
Specifies whether or not shared printers should be advertised. - Classification banner
-
Specifies the security classification of the server. - ClassifyOverride Yes
- ClassifyOverride No
-
Specifies whether to allow users to override the classification of individual print jobs. - DefaultAuthType Basic
- DefaultAuthType BasicDigest
- DefaultAuthType Digest
- DefaultAuthType Negotiate
-
Specifies the default type of authentication to use. - DefaultEncryption Never
- DefaultEncryption IfRequested
- DefaultEncryption Required
-
Specifies the type of encryption to use for authenticated requests. - DefaultLanguage locale
-
Specifies the default language to use for text and web content. - DefaultPaperSize Auto
- DefaultPaperSize None
- DefaultPaperSize sizename
-
Specifies the default paper size for new print queues. "Auto" uses a locale- specific default, while "None" specifies there is no default paper size. - DefaultPolicy policy-name
-
Specifies the default access policy to use. -
Specifies whether local printers are shared by default. - Deny all
- Deny none
- Deny host.domain.com
- Deny *.domain.com
- Deny ip-address
- Deny ip-address/netmask
- Deny ip-address/mm
- Deny @IF(name)
- Deny @LOCAL
-
Denies access to the named host or address. - DirtyCleanInterval seconds
-
Specifies the delay for updating of configuration and state files. A value of 0 causes the update to happen as soon as possible, typically within a few milliseconds. - Encryption IfRequested
- Encryption Never
- Encryption Required
-
Specifies the level of encryption that is required for a particular location. - ErrorPolicy abort-job
- Specifies that a failed print job should be aborted (discarded) unless otherwise specified for the printer.
- ErrorPolicy retry-job
- Specifies that a failed print job should be retried at a later time unless otherwise specified for the printer.
- ErrorPolicy retry-this-job
- Specifies that a failed print job should be retried immediately unless otherwise specified for the printer.
- ErrorPolicy stop-printer
- Specifies that a failed print job should stop the printer unless otherwise specified for the printer. The 'stop-printer' error policy is the default.
- FilterLimit limit
-
Specifies the maximum cost of filters that are run concurrently. - FilterNice nice-value
-
Specifies the scheduling priority ("nice" value) of filters that are run to print a job. - GSSServiceName name
-
Specifies the service name when using Kerberos authentication. The default service name is "host". - HostNameLookups On
- HostNameLookups Off
- HostNameLookups Double
-
Specifies whether or not to do reverse lookups on client addresses. - Include filename
-
Includes the named file. - JobKillDelay seconds
-
Specifies the number of seconds to wait before killing the filters and backend associated with a canceled or held job. - JobPrivateAccess all
- JobPrivateAccess default
- JobPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
-
Specifies an access list for a job's private values. The "default" access list is "@OWNER @SYSTEM". "@ACL" maps to the printer's requesting-user-name-allowed or requesting-user-name-denied values. - JobPrivateValues all
- JobPrivateValues default
- JobPrivateValues none
- JobPrivateValues attribute-name-1 [ ... attribute-name-N ]
- Specifies the list of job values to make private. The "default" values are "job-name", "job-originating-host-name", and "job-originating-user-name".
- JobRetryInterval seconds
-
Specifies the interval between retries of jobs in seconds. - JobRetryLimit count
-
Specifies the number of retries that are done for jobs. - KeepAlive Yes
- KeepAlive No
-
Specifies whether to support HTTP keep-alive connections. - KeepAliveTimeout seconds
-
Specifies the amount of time that connections are kept alive. - <Limit operations> ... </Limit>
-
Specifies the IPP operations that are being limited inside a policy. - <Limit methods> ... </Limit>
- <LimitExcept methods> ... </LimitExcept>
-
Specifies the HTTP methods that are being limited inside a location. - LimitRequestBody
-
Specifies the maximum size of any print job request. - Listen ip-address:port
- Listen *:port
- Listen /path/to/domain/socket
-
Listens to the specified address and port or domain socket path. - <Location /path> ... </Location>
-
Specifies access control for the named location. - LogDebugHistory #-messages
-
Specifies the number of debugging messages that are logged when an error occurs in a print job. - LogLevel alert
- LogLevel crit
- LogLevel debug2
- LogLevel debug
- LogLevel emerg
- LogLevel error
- LogLevel info
- LogLevel none
- LogLevel notice
- LogLevel warn
-
Specifies the logging level for the ErrorLog file. - LogTimeFormat standard
- LogTimeFormat usecs
-
Specifies the format of the date and time in the log files. - MaxClients number
-
Specifies the maximum number of simultaneous clients to support. - MaxClientsPerHost number
-
Specifies the maximum number of simultaneous clients to support from a single address. - MaxCopies number
-
Specifies the maximum number of copies that a user can print of each job. - MaxHoldTime seconds
-
Specifies the maximum time a job may remain in the "indefinite" hold state before it is canceled. Set to 0 to disable cancellation of held jobs. - MaxJobs number
-
Specifies the maximum number of simultaneous jobs to support. - MaxJobsPerPrinter number
-
Specifies the maximum number of simultaneous jobs per printer to support. - MaxJobsPerUser number
-
Specifies the maximum number of simultaneous jobs per user to support. - MaxJobTime seconds
-
Specifies the maximum time a job may take to print before it is canceled. The default is 10800 seconds (3 hours). Set to 0 to disable cancellation of "stuck" jobs. - MaxLogSize number-bytes
-
Specifies the maximum size of the log files before they are rotated (0 to disable rotation) - MaxRequestSize number-bytes
-
Specifies the maximum request/file size in bytes (0 for no limit) - MultipleOperationTimeout seconds
-
Specifies the maximum amount of time to allow between files in a multiple file print job. - Order allow,deny
- Order deny,allow
-
Specifies the order of HTTP access control (allow,deny or deny,allow) - PageLogFormat format string
-
Specifies the format of page log lines. - <Policy name> ... </Policy>
-
Specifies access control for the named policy. - Port number
-
Specifies a port number to listen to for HTTP requests. - PreserveJobFiles Yes
- PreserveJobFiles No
-
Specifies whether or not to preserve job files after they are printed. - PreserveJobHistory Yes
- PreserveJobHistory No
-
Specifies whether or not to preserve the job history after they are printed. - PrintcapFormat bsd
- PrintcapFormat plist
- PrintcapFormat solaris
-
Specifies the format of the printcap file. - ReloadTimeout seconds
-
Specifies the amount of time to wait for job completion before restarting the scheduler. - Require group group-name-list
- Require user user-name-list
- Require valid-user
-
Specifies that user or group authentication is required. - RIPCache bytes
-
Specifies the maximum amount of memory to use when converting images and PostScript files to bitmaps for a printer. - Satisfy all
- Satisfy any
-
Specifies whether all or any limits set for a Location must be satisfied to allow access. - ServerAdmin user@domain.com
-
Specifies the email address of the server administrator. - ServerAlias hostname [... hostname]
- ServerAlias *
-
Specifies an alternate name that the server is known by. The special name "*" allows any name to be used. - ServerName hostname-or-ip-address
-
Specifies the fully-qualified hostname of the server. - ServerTokens Full
- ServerTokens Major
- ServerTokens Minimal
- ServerTokens Minor
- ServerTokens None
- ServerTokens OS
- ServerTokens ProductOnly
-
Specifies what information is included in the Server header of HTTP responses. - SSLListen
-
Listens on the specified address and port for encrypted connections. - SSLOptions None
- SSLOptions [NoEmptyFragments] [AllowRC4] [Allow SSL3] [MinTLS1.2]
-
Sets SSL/TLS protocol options for encrypted connections. By default, CUPS only supports encryption using TLS v1.0 or higher using known secure cipher suites. The NoEmptyFragments option allows CUPS to work with Microsoft Windows with the FIPS conformance mode enabled. The AllowRC4 option enables the 128-bit RC4 cipher suites, which are required for some older clients that do not implement newer ones. The AllowSSL3 option enables SSL v3.0, which is required for some older clients that do not support TLS v1.0. The MinTLS1.2 option enforces CUPS to use TLS v1.2 and higher. - SSLPort
-
Listens on the specified port for encrypted connections. - StrictConformance Yes
- StrictConformance No
-
Specifies whether the scheduler requires clients to strictly adhere to the IPP specifications. The default is No. - SubscriptionPrivateAccess all
- SubscriptionPrivateAccess default
- SubscriptionPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM}+
-
Specifies an access list for a subscription's private values. The "default" access list is "@OWNER @SYSTEM". "@ACL" maps to the printer's requesting-user-name-allowed or requesting-user-name-denied values. - SubscriptionPrivateValues all
- SubscriptionPrivateValues default
- SubscriptionPrivateValues none
- SubscriptionPrivateValues attribute-name-1 [ ... attribute-name-N ]
- Specifies the list of job values to make private. The "default" values are "notify-events", "notify-pull-method", "notify-recipient-uri", "notify-subscriber-user-name", and "notify-user-data".
- Timeout seconds
-
Specifies the HTTP request timeout in seconds. - WebInterface yes
- WebInterface no
- Specifies whether the web interface is enabled.
SEE ALSO¶
classes.conf(5), cups-files.conf(5),
cupsd(8), mime.convs(5), mime.types(5),
printers.conf(5), subscriptions.conf(5),
http://localhost:631/help
COPYRIGHT¶
Copyright 2007-2013 by Apple Inc.
CUPS | 19 November 2012 |