Provided by: cups-daemon_2.2.12-2ubuntu1_amd64 bug

NAME

       cupsd.conf - server configuration file for cups

DESCRIPTION

       The  cupsd.conf  file  configures the CUPS scheduler, cupsd(8).  It is normally located in
       the /etc/cups directory.  Note: File, directory, and user  configuration  directives  that
       used  to  be  allowed in the cupsd.conf file are now stored in the cups-files.conf(5) file
       instead in order to prevent certain types of privilege escalation attacks.

       Each line in the file can be a configuration  directive,  a  blank  line,  or  a  comment.
       Configuration  directives typically consist of a name and zero or more values separated by
       whitespace.  The configuration directive name and values  are  case-insensitive.   Comment
       lines start with the # character.

   TOP-LEVEL DIRECTIVES
       The following top-level directives are understood by cupsd(8):

       AccessLogLevel config

       AccessLogLevel actions

       AccessLogLevel all
            Specifies  the  logging  level  for the AccessLog file.  The "config" level logs when
            printers and classes are added, deleted, or modified and when configuration files are
            accessed  or  updated.  The "actions" level logs when print jobs are submitted, held,
            released, modified, or canceled, and any of the conditions for "config".   The  "all"
            level logs all requests.  The default access log level is "actions".

       AutoPurgeJobs Yes

       AutoPurgeJobs No
            Specifies  whether  to  purge  job  history  data  automatically when it is no longer
            required for quotas.  The default is "No".

       BrowseLocalProtocols all

       BrowseLocalProtocols dnssd

       BrowseLocalProtocols none
            Specifies which protocols to use for local printer sharing.  The default  is  "dnssd"
            on systems that support Bonjour and "none" otherwise.

       BrowseWebIF Yes

       BrowseWebIF No
            Specifies whether the CUPS web interface is advertised.  The default is "No".

       Browsing Yes

       Browsing No
            Specifies whether shared printers are advertised.  The default is "No".

       DefaultAuthType Basic

       DefaultAuthType Negotiate
            Specifies the default type of authentication to use.  The default is "Basic".

       DefaultEncryption Never

       DefaultEncryption IfRequested

       DefaultEncryption Required
            Specifies whether encryption will be used for authenticated requests.  The default is
            "Required".

       DefaultLanguage locale
            Specifies the default language to use for text and web content.  The default is "en".

       DefaultPaperSize Auto

       DefaultPaperSize None

       DefaultPaperSize sizename
            Specifies the default paper size for new print queues. "Auto" uses a  locale-specific
            default,  while "None" specifies there is no default paper size.  Specific size names
            are typically "Letter" or "A4".  The default is "Auto".

       DefaultPolicy policy-name
            Specifies the default access policy to use.  The default access policy is "default".

       DefaultShared Yes

       DefaultShared No
            Specifies whether local printers are shared by default.  The default is "Yes".

       DirtyCleanInterval seconds
            Specifies the delay for updating of configuration and state  files.   A  value  of  0
            causes the update to happen as soon as possible, typically within a few milliseconds.
            The default value is "30".

       ErrorPolicy abort-job
            Specifies that a failed print job should  be  aborted  (discarded)  unless  otherwise
            specified for the printer.

       ErrorPolicy retry-current-job
            Specifies  that  a  failed  print  job should be retried immediately unless otherwise
            specified for the printer.

       ErrorPolicy retry-job
            Specifies that a failed print job should be retried at a later time unless  otherwise
            specified for the printer. The 'retry-job' error policy is the default.

       ErrorPolicy stop-printer
            Specifies  that a failed print job should stop the printer unless otherwise specified
            for the printer.

       FilterLimit limit
            Specifies the maximum cost of filters that are run concurrently, which can be used to
            minimize  disk,  memory,  and  CPU  resource  problems.  A limit of 0 disables filter
            limiting.  An average print to a non-PostScript printer needs a filter limit of about
            200.   A  PostScript  printer  needs  about half that (100).  Setting the limit below
            these thresholds will effectively limit the scheduler to printing a single job at any
            time.  The default limit is "0".

       FilterNice nice-value
            Specifies the scheduling priority ( nice(8) value) of filters that are run to print a
            job.  The nice value ranges from 0, the highest priority, to 19, the lowest priority.
            The default is 0.

       GSSServiceName name
            Specifies  the  service name when using Kerberos authentication.  The default service
            name is "http."

       HostNameLookups On

       HostNameLookups Off

       HostNameLookups Double
            Specifies whether to do reverse lookups on connecting clients.  The "Double"  setting
            causes  cupsd(8) to verify that the hostname resolved from the address matches one of
            the addresses returned for that hostname.  Double lookups also prevent  clients  with
            unregistered addresses from connecting to your server.  The default is "Off" to avoid
            the potential server performance problems  with  hostname  lookups.   Only  set  this
            option to "On" or "Double" if absolutely required.

       IdleExitTimeout seconds
            Specifies  the  length  of  time to wait before shutting down due to inactivity.  The
            default is "60" seconds.  Note: Only applicable when cupsd(8) is run on-demand (e.g.,
            with -l).

       JobKillDelay seconds
            Specifies  the  number  of  seconds  to  wait  before killing the filters and backend
            associated with a canceled or held job.  The default is "30".

       JobRetryInterval seconds
            Specifies the interval between retries of jobs in seconds.  This  is  typically  used
            for  fax  queues  but can also be used with normal print queues whose error policy is
            "retry-job" or "retry-current-job".  The default is "30".

       JobRetryLimit count
            Specifies the number of retries that are done for jobs.  This is typically  used  for
            fax  queues  but  can  also  be  used  with normal print queues whose error policy is
            "retry-job" or "retry-current-job".  The default is "5".

       KeepAlive Yes

       KeepAlive No
            Specifies whether to support HTTP keep-alive connections.  The default is "Yes".

       KeepAliveTimeout seconds
            Specifies how long an idle client connection remains open.  The default is "30".

       <Limit operation ...> ... </Limit>
            Specifies the IPP operations that are being limited  inside  a  Policy  section.  IPP
            operation names are listed below in the section "IPP OPERATION NAMES".

       <Limit method ...> ... </Limit>

       <LimitExcept method ...> ... </LimitExcept>
            Specifies  the  HTTP  methods  that are being limited inside a Location section. HTTP
            method names are listed below in the section "HTTP METHOD NAMES".

       LimitRequestBody size
            Specifies the maximum size of print files, IPP requests, and  HTML  form  data.   The
            default is "0" which disables the limit check.

       Listen ipv4-address:port

       Listen [ipv6-address]:port

       Listen *:port

       Listen /path/to/domain/socket
            Listens  to  the  specified  address  and port or domain socket path for connections.
            Multiple Listen directives can be provided to  listen  on  multiple  addresses.   The
            Listen  directive  is similar to the Port directive but allows you to restrict access
            to specific interfaces or networks.

       ListenBackLog number
            Specifies the number of pending connections that will be allowed.  This normally only
            affects  very  busy  servers  that have reached the MaxClients limit, but can also be
            triggered by large numbers of simultaneous connections.  When the limit  is  reached,
            the  operating  system  will  refuse  additional  connections until the scheduler can
            accept the pending ones.  The default is  the  OS-defined  default  limit,  typically
            either "5" for older operating systems or "128" for newer operating systems.

       <Location /path> ... </Location>
            Specifies  access  control for the named location.  Paths are documented below in the
            section "LOCATION PATHS".

       LogDebugHistory number
            Specifies the number of debugging messages that are retained for logging if an  error
            occurs in a print job. Debug messages are logged regardless of the LogLevel setting.

       LogLevel none

       LogLevel emerg

       LogLevel alert

       LogLevel crit

       LogLevel error

       LogLevel warn

       LogLevel notice

       LogLevel info

       LogLevel debug

       LogLevel debug2
            Specifies  the  level  of  logging for the ErrorLog file.  The value "none" stops all
            logging while "debug2" logs everything.  The default is "warn".

       LogTimeFormat standard

       LogTimeFormat usecs
            Specifies the format of the date and time in the log files.  The value "standard"  is
            the default and logs whole seconds while "usecs" logs microseconds.

       MaxClients number
            Specifies  the  maximum  number  of  simultaneous  clients  that  are  allowed by the
            scheduler.  The default is "100".

       MaxClientsPerHost number
            Specifies the maximum number of simultaneous clients that are allowed from  a  single
            address.  The default is the MaxClients value.

       MaxCopies number
            Specifies  the  maximum  number  of  copies  that  a user can print of each job.  The
            default is "9999".

       MaxHoldTime seconds
            Specifies the maximum time a job may remain in the "indefinite" hold state before  it
            is canceled.  The default is "0" which disables cancellation of held jobs.

       MaxJobs number
            Specifies  the  maximum  number of simultaneous jobs that are allowed.  Set to "0" to
            allow an unlimited number of jobs.  The default is "500".

       MaxJobsPerPrinter number
            Specifies the maximum number of simultaneous jobs that are allowed per printer.   The
            default is "0" which allows up to MaxJobs jobs per printer.

       MaxJobsPerUser number
            Specifies  the  maximum  number  of simultaneous jobs that are allowed per user.  The
            default is "0" which allows up to MaxJobs jobs per user.

       MaxJobTime seconds
            Specifies the maximum time a job may take to print before it is canceled.  Set to "0"
            to disable cancellation of "stuck" jobs.  The default is "10800" (3 hours).

       MaxLogSize size
            Specifies  the  maximum size of the log files before they are rotated.  The value "0"
            disables log rotation.  The default is "1048576" (1MB).

       MultipleOperationTimeout seconds
            Specifies the maximum amount of time to allow between files in a multiple file  print
            job.  The default is "900" (15 minutes).

       <Policy name> ... </Policy>
            Specifies access control for the named policy.

       Port number
            Listens to the specified port number for connections.

       PreserveJobFiles Yes

       PreserveJobFiles No

       PreserveJobFiles seconds
            Specifies  whether  job files (documents) are preserved after a job is printed.  If a
            numeric value is specified, job files are  preserved  for  the  indicated  number  of
            seconds after printing.  The default is "86400" (preserve 1 day).

       PreserveJobHistory Yes

       PreserveJobHistory No

       PreserveJobHistory seconds
            Specifies  whether the job history is preserved after a job is printed.  If a numeric
            value is specified, the job history is preserved for the indicated number of  seconds
            after  printing.   If  "Yes", the job history is preserved until the MaxJobs limit is
            reached.  The default is "Yes".

       ReloadTimeout seconds
            Specifies the amount of time  to  wait  for  job  completion  before  restarting  the
            scheduler.  The default is "30".

       ServerAdmin email-address
            Specifies  the  email  address  of  the  server  administrator.  The default value is
            "root@ServerName".

       ServerAlias hostname [ ... hostname ]

       ServerAlias *
            The ServerAlias directive is used  for  HTTP  Host  header  validation  when  clients
            connect  to  the  scheduler from external interfaces.  Using the special name "*" can
            expose your system to known browser-based DNS rebinding attacks, even when  accessing
            sites through a firewall.  If the auto-discovery of alternate names does not work, we
            recommend listing each alternate name with a ServerAlias directive instead  of  using
            "*".

       ServerName hostname
            Specifies  the  fully-qualified  hostname  of  the  server.  The default is the value
            reported by the hostname(1) command.

       ServerTokens None

       ServerTokens ProductOnly

       ServerTokens Major

       ServerTokens Minor

       ServerTokens Minimal

       ServerTokens OS

       ServerTokens Full
            Specifies what information is included  in  the  Server  header  of  HTTP  responses.
            "None"  disables  the  Server header.  "ProductOnly" reports "CUPS".  "Major" reports
            "CUPS 2".  "Minor" reports "CUPS 2.0".  "Minimal" reports "CUPS 2.0.0".  "OS" reports
            "CUPS  2.0.0  (UNAME)"  where  UNAME  is  the output of the uname(1) command.  "Full"
            reports "CUPS 2.0.0 (UNAME) IPP/2.0".  The default is "Minimal".

       SSLListen ipv4-address:port

       SSLListen [ipv6-address]:port

       SSLListen *:port
            Listens on the specified address and port for encrypted connections.

       SSLOptions [AllowDH] [AllowRC4] [AllowSSL3] [DenyCBC] [DenyTLS1.0]

       SSLOptions None
            Sets encryption options.  By default, CUPS only supports encryption using TLS v1.0 or
            higher  using known secure cipher suites.  Security is reduced when Allow options are
            used.  Security is enhanced when Deny options are used.  The AllowDH  option  enables
            cipher  suites  using  plain Diffie-Hellman key negotiation (not supported on systems
            using GNU TLS).  The AllowRC4 option enables the 128-bit RC4 cipher suites, which are
            required  for  some  older  clients.  The AllowSSL3 option enables SSL v3.0, which is
            required for some older clients that do not support TLS  v1.0.   The  DenyCBC  option
            disables  all  CBC  cipher suites.  The DenyTLS1.0 option disables TLS v1.0 support -
            this sets the minimum protocol version to TLS v1.1.

       SSLPort port
            Listens on the specified port for encrypted connections.

       StrictConformance Yes

       StrictConformance No
            Specifies whether the scheduler requires  clients  to  strictly  adhere  to  the  IPP
            specifications.  The default is "No".

       Timeout seconds
            Specifies the HTTP request timeout.  The default is "900" (15 minutes).

       WebInterface yes

       WebInterface no
            Specifies whether the web interface is enabled.  The default is "No".

   HTTP METHOD NAMES
       The following HTTP methods are supported by cupsd(8):

       GET  Used by a client to download icons and other printer resources and to access the CUPS
            web interface.

       HEAD Used by a client to get the type, size, and modification date of resources.

       OPTIONS
            Used by a client to establish a secure (SSL/TLS) connection.

       POST Used by a client to submit IPP requests and HTML forms from the CUPS web interface.

       PUT  Used by a client to upload configuration files.

   IPP OPERATION NAMES
       The following IPP operations are supported by cupsd(8):

       CUPS-Accept-Jobs
            Allows a printer to accept new jobs.

       CUPS-Add-Modify-Class
            Adds or modifies a printer class.

       CUPS-Add-Modify-Printer
            Adds or modifies a printer.

       CUPS-Authenticate-Job
            Releases a job that is held for authentication.

       CUPS-Delete-Class
            Deletes a printer class.

       CUPS-Delete-Printer
            Deletes a printer.

       CUPS-Get-Classes
            Gets a list of printer classes.

       CUPS-Get-Default
            Gets the server default printer or printer class.

       CUPS-Get-Devices
            Gets a list of devices that are currently available.

       CUPS-Get-Document
            Gets a document file for a job.

       CUPS-Get-PPD
            Gets a PPD file.

       CUPS-Get-PPDs
            Gets a list of installed PPD files.

       CUPS-Get-Printers
            Gets a list of printers.

       CUPS-Move-Job
            Moves a job.

       CUPS-Reject-Jobs
            Prevents a printer from accepting new jobs.

       CUPS-Set-Default
            Sets the server default printer or printer class.

       Cancel-Job
            Cancels a job.

       Cancel-Jobs
            Cancels one or more jobs.

       Cancel-My-Jobs
            Cancels one or more jobs creates by a user.

       Cancel-Subscription
            Cancels a subscription.

       Close-Job
            Closes a job that is waiting for more documents.

       Create-Job
            Creates a new job with no documents.

       Create-Job-Subscriptions
            Creates a subscription for job events.

       Create-Printer-Subscriptions
            Creates a subscription for printer events.

       Get-Job-Attributes
            Gets information about a job.

       Get-Jobs
            Gets a list of jobs.

       Get-Notifications
            Gets a list of event notifications for a subscription.

       Get-Printer-Attributes
            Gets information about a printer or printer class.

       Get-Subscription-Attributes
            Gets information about a subscription.

       Get-Subscriptions
            Gets a list of subscriptions.

       Hold-Job
            Holds a job from printing.

       Hold-New-Jobs
            Holds all new jobs from printing.

       Pause-Printer
            Stops processing of jobs by a printer or printer class.

       Pause-Printer-After-Current-Job
            Stops processing of jobs by a printer or printer  class  after  the  current  job  is
            finished.

       Print-Job
            Creates a new job with a single document.

       Purge-Jobs
            Cancels one or more jobs and deletes the job history.

       Release-Held-New-Jobs
            Allows previously held jobs to print.

       Release-Job
            Allows a job to print.

       Renew-Subscription
            Renews a subscription.

       Restart-Job
            Reprints a job, if possible.

       Send-Document
            Adds a document to a job.

       Set-Job-Attributes
            Changes job information.

       Set-Printer-Attributes
            Changes printer or printer class information.

       Validate-Job
            Validates options for a new job.

   LOCATION PATHS
       The following paths are commonly used when configuring cupsd(8):

       /    The path for all get operations (get-printers, get-jobs, etc.)

       /admin
            The  path  for  all  administration  operations  (add-printer, delete-printer, start-
            printer, etc.)

       /admin/conf
            The path for access to the CUPS configuration files (cupsd.conf, client.conf, etc.)

       /admin/log
            The path for access to the CUPS log files (access_log, error_log, page_log)

       /classes
            The path for all printer classes

       /classes/name
            The resource for the named printer class

       /jobs
            The path for all jobs (hold-job, release-job, etc.)

       /jobs/id
            The path for the specified job

       /printers
            The path for all printers

       /printers/name
            The path for the named printer

       /printers/name.png
            The icon file path for the named printer

       /printers/name.ppd
            The PPD file path for the named printer

   DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS
       The following directives  may  be  placed  inside  Location  and  Limit  sections  in  the
       cupsd.conf file:

       Allow all

       Allow none

       Allow host.domain.com

       Allow *.domain.com

       Allow ipv4-address

       Allow ipv4-address/netmask

       Allow ipv4-address/mm

       Allow [ipv6-address]

       Allow [ipv6-address]/mm

       Allow @IF(name)

       Allow @LOCAL
            Allows  access  from  the  named hosts, domains, addresses, or interfaces.  The Order
            directive controls whether Allow lines are evaluated before or after Deny lines.

       AuthType None

       AuthType Basic

       AuthType Default

       AuthType Negotiate
            Specifies the type of authentication required.  The value  "Default"  corresponds  to
            the DefaultAuthType value.

       Deny all

       Deny none

       Deny host.domain.com

       Deny *.domain.com

       Deny ipv4-address

       Deny ipv4-address/netmask

       Deny ipv4-address/mm

       Deny [ipv6-address]

       Deny [ipv6-address]/mm

       Deny @IF(name)

       Deny @LOCAL
            Denies  access  from  the  named hosts, domains, addresses, or interfaces.  The Order
            directive controls whether Deny lines are evaluated before or after Allow lines.

       Encryption IfRequested

       Encryption Never

       Encryption Required
            Specifies the level of encryption that is required for a  particular  location.   The
            default value is "IfRequested".

       Order allow,deny
            Specifies  that  access is denied by default. Allow lines are then processed followed
            by Deny lines to determine whether a client may access a particular resource.

       Order deny,allow
            Specifies that access is allowed by default. Deny lines are then  processed  followed
            by Allow lines to determine whether a client may access a particular resource.

       Require group group-name [ group-name ... ]
            Specifies that an authenticated user must be a member of one of the named groups.

       Require user {user-name|@group-name} ...
            Specifies that an authenticated user must match one of the named users or be a member
            of one of the named groups.  The group name "@SYSTEM"  corresponds  to  the  list  of
            groups  defined  by  the  SystemGroup  directive in the cups-files.conf(5) file.  The
            group name "@OWNER" corresponds to the owner of the resource, for example the  person
            that submitted a print job.  Note: The 'root' user is not special and must be granted
            privileges like any other user account.

       Require valid-user
            Specifies that any authenticated user is acceptable.

       Satisfy all
            Specifies that all Allow, AuthType, Deny,  Order,  and  Require  conditions  must  be
            satisfied to allow access.

       Satisfy any
            Specifies  that  any  a  client  may  access  a resource if either the authentication
            (AuthType/Require) or  address  (Allow/Deny/Order)  conditions  are  satisfied.   For
            example, this can be used to require authentication only for remote accesses.

   DIRECTIVES VALID WITHIN POLICY SECTIONS
       The following directives may be placed inside Policy sections in the cupsd.conf file:

       JobPrivateAccess all

       JobPrivateAccess default

       JobPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM} ...
            Specifies  an  access  list for a job's private values.  The "default" access list is
            "@OWNER @SYSTEM".  "@ACL"  maps  to  the  printer's  requesting-user-name-allowed  or
            requesting-user-name-denied  values.   "@OWNER"  maps  to the job's owner.  "@SYSTEM"
            maps to the groups listed for the SystemGroup  directive  in  the  cups-files.conf(5)
            file.

       JobPrivateValues all

       JobPrivateValues default

       JobPrivateValues none

       JobPrivateValues attribute-name [ ... attribute-name ]
            Specifies  the  list  of  job values to make private.  The "default" values are "job-
            name", "job-originating-host-name", "job-originating-user-name", and "phone".

       SubscriptionPrivateAccess all

       SubscriptionPrivateAccess default

       SubscriptionPrivateAccess {user|@group|@ACL|@OWNER|@SYSTEM} ...
            Specifies an access list for a subscription's private values.  The  "default"  access
            list  is "@OWNER @SYSTEM".  "@ACL" maps to the printer's requesting-user-name-allowed
            or requesting-user-name-denied values.  "@OWNER" maps to the job's owner.   "@SYSTEM"
            maps  to  the  groups  listed for the SystemGroup directive in the cups-files.conf(5)
            file.

       SubscriptionPrivateValues all

       SubscriptionPrivateValues default

       SubscriptionPrivateValues none

       SubscriptionPrivateValues attribute-name [ ... attribute-name ]
            Specifies the list of subscription values to make private.  The "default" values  are
            "notify-events",  "notify-pull-method",  "notify-recipient-uri",  "notify-subscriber-
            user-name", and "notify-user-data".

   DEPRECATED DIRECTIVES
       The following directives are deprecated and will be removed in a future release of CUPS:

       Classification banner
            Specifies the security classification of the server.  Any valid banner  name  can  be
            used,    including   "classified",   "confidential",   "secret",   "topsecret",   and
            "unclassified", or the banner can be omitted to disable  secure  printing  functions.
            The default is no classification banner.

       ClassifyOverride Yes

       ClassifyOverride No
            Specifies  whether  users  may override the classification (cover page) of individual
            print jobs using the "job-sheets" option.  The default is "No".

       PageLogFormat format-string
            Specifies the  format  of  PageLog  lines.   Sequences  beginning  with  percent  (%)
            characters   are  replaced  with  the  corresponding  information,  while  all  other
            characters are copied literally.  The following percent sequences are recognized:

                "%%" inserts a single percent character.
                "%{name}" inserts the value of the specified IPP attribute.
                "%C" inserts the number of copies for the current page.
                "%P" inserts the current page number.
                "%T" inserts the current date and time in common log format.
                "%j" inserts the job ID.
                "%p" inserts the printer name.
                "%u" inserts the username.

            The default is the empty string, which disables page logging.  The string "%p  %u  %j
            %T  %P  %C %{job-billing} %{job-originating-host-name} %{job-name} %{media} %{sides}"
            creates a page log with the standard items.

       RIPCache size
            Specifies the maximum amount of memory to use when converting documents into  bitmaps
            for a printer.  The default is "128m".

CONFORMING TO

       The cupsd.conf file format is based on the Apache HTTP Server configuration file format.

EXAMPLES

       Log everything with a maximum log file size of 32 megabytes:

           AccessLogLevel all
           LogLevel debug2
           MaxLogSize 32m

       Require authentication for accesses from outside the 10. network:

           <Location />
           Order allow,deny
           Allow from 10./8
           AuthType Basic
           Require valid-user
           Satisfy any
           </Location>

SEE ALSO

       classes.conf(5),     cups-files.conf(5),     cupsd(8),    mime.convs(5),    mime.types(5),
       printers.conf(5), subscriptions.conf(5), CUPS Online Help (http://localhost:631/help)

COPYRIGHT

       Copyright © 2007-2019 by Apple Inc.