cupsd.conf - server configuration file for cups
The cupsd.conf file configures the CUPS scheduler,
cupsd(8). It is normally located in the /etc/cups directory.
Each line in the file can be a configuration directive, a blank line, or a
comment. Configuration directives typically consist of a name and zero or
more values separated by whitespace. The configuration directive name and
values are case-insensitive. Comment lines start with the # character.
The following top-level directives are understood by
cupsd(8):
- AccessLogLevel
config
- AccessLogLevel
actions
- AccessLogLevel
all
- Specifies the logging level for the AccessLog file. The "config"
level logs when printers and classes are added, deleted, or modified and
when configuration files are accessed or updated. The "actions"
level logs when print jobs are submitted, held, released, modified, or
canceled, and any of the conditions for "config". The
"all" level logs all requests. The default access log level is
"actions".
- AutoPurgeJobs
Yes
- AutoPurgeJobs
No
-
Specifies whether to purge job history data automatically when it is no
longer required for quotas. The default is "No".
- BrowseDNSSDSubTypes_subtype[,...]
- Specifies a list of Bonjour sub-types to advertise for each shared
printer. For example, "BrowseDNSSDSubTypes _cups,_print" will
tell network clients that both CUPS sharing and IPP Everywhere are
supported. The default is "_cups" which is necessary for printer
sharing to work between systems using CUPS.
- BrowseLocalProtocols
all
- BrowseLocalProtocols
dnssd
- BrowseLocalProtocols
none
- Specifies which protocols to use for local printer sharing. The default is
"dnssd" on systems that support Bonjour and "none"
otherwise.
- BrowseWebIF
Yes
- BrowseWebIF
No
-
Specifies whether the CUPS web interface is advertised. The default is
"No".
- Browsing
Yes
- Browsing
No
-
Specifies whether shared printers are advertised. The default is
"No".
- DefaultAuthType
Basic
- DefaultAuthType
Negotiate
-
Specifies the default type of authentication to use. The default is
"Basic".
- DefaultEncryption
Never
- DefaultEncryption
IfRequested
- DefaultEncryption
Required
- Specifies whether encryption will be used for authenticated requests. The
default is "Required".
- DefaultLanguage
locale
- Specifies the default language to use for text and web content. The
default is "en".
- DefaultPaperSize
Auto
- DefaultPaperSize
None
- DefaultPaperSize
sizename
- Specifies the default paper size for new print queues. "Auto"
uses a locale-specific default, while "None" specifies there is
no default paper size. Specific size names are typically
"Letter" or "A4". The default is
"Auto".
- DefaultPolicy
policy-name
- Specifies the default access policy to use. The default access policy is
"default".
- DefaultShared
Yes
- DefaultShared
No
- Specifies whether local printers are shared by default. The default is
"Yes".
- DirtyCleanInterval
seconds
- Specifies the delay for updating of configuration and state files. A value
of 0 causes the update to happen as soon as possible, typically within a
few milliseconds. The default value is "30".
- DNSSDHostNamehostname.example.com
- Specifies the fully-qualified domain name for the server that is used for
Bonjour sharing. The default is typically the server's ".local"
hostname.
- ErrorPolicy
abort-job
- Specifies that a failed print job should be aborted (discarded) unless
otherwise specified for the printer.
- ErrorPolicy
retry-current-job
- Specifies that a failed print job should be retried immediately unless
otherwise specified for the printer.
- ErrorPolicy
retry-job
- Specifies that a failed print job should be retried at a later time unless
otherwise specified for the printer.
- ErrorPolicy
stop-printer
- Specifies that a failed print job should stop the printer unless otherwise
specified for the printer. The 'stop-printer' error policy is the
default.
- FilterLimit
limit
- Specifies the maximum cost of filters that are run concurrently, which can
be used to minimize disk, memory, and CPU resource problems. A limit of 0
disables filter limiting. An average print to a non-PostScript printer
needs a filter limit of about 200. A PostScript printer needs about half
that (100). Setting the limit below these thresholds will effectively
limit the scheduler to printing a single job at any time. The default
limit is "0".
- FilterNice
nice-value
- Specifies the scheduling priority ( nice(8) value) of filters that
are run to print a job. The nice value ranges from 0, the highest
priority, to 19, the lowest priority. The default is 0.
- GSSServiceName
name
- Specifies the service name when using Kerberos authentication. The default
service name is "http."
- HostNameLookups
On
- HostNameLookups
Off
- HostNameLookups
Double
- Specifies whether to do reverse lookups on connecting clients. The
"Double" setting causes cupsd(8) to verify that the
hostname resolved from the address matches one of the addresses returned
for that hostname. Double lookups also prevent clients with unregistered
addresses from connecting to your server. The default is "Off"
to avoid the potential server performance problems with hostname lookups.
Only set this option to "On" or "Double" if absolutely
required.
- IdleExitTimeout
seconds
- Specifies the length of time to wait before shutting down due to
inactivity. The default is "60" seconds. Note: Only applicable
when cupsd(8) is run on-demand (e.g., with -l).
- JobKillDelay
seconds
- Specifies the number of seconds to wait before killing the filters and
backend associated with a canceled or held job. The default is
"30".
- JobRetryInterval
seconds
- Specifies the interval between retries of jobs in seconds. This is
typically used for fax queues but can also be used with normal print
queues whose error policy is "retry-job" or
"retry-current-job". The default is "30".
- JobRetryLimit
count
- Specifies the number of retries that are done for jobs. This is typically
used for fax queues but can also be used with normal print queues whose
error policy is "retry-job" or "retry-current-job".
The default is "5".
- KeepAlive
Yes
- KeepAlive
No
- Specifies whether to support HTTP keep-alive connections. The default is
"Yes".
- KeepAliveTimeout
seconds
- Specifies how long an idle client connection remains open. The default is
"30".
- <Limit operation ...> ...
</Limit>
- Specifies the IPP operations that are being limited inside a Policy
section. IPP operation names are listed below in the section "IPP
OPERATION NAMES".
- <Limit method ...> ...
</Limit>
- <LimitExcept method ...> ...
</LimitExcept>
- Specifies the HTTP methods that are being limited inside a Location
section. HTTP method names are listed below in the section "HTTP
METHOD NAMES".
- LimitRequestBody
size
- Specifies the maximum size of print files, IPP requests, and HTML form
data. The default is "0" which disables the limit check.
- Listen
ipv4-address:port
- Listen
[ipv6-address]:port
- Listen
*:port
- Listen
/path/to/domain/socket
- Listens to the specified address and port or domain socket path for
connections. Multiple Listen directives can be provided to listen on
multiple addresses. The Listen directive is similar to the Port directive
but allows you to restrict access to specific interfaces or networks.
Note: "Listen *:port" and "Port port"
effectively listen on all IP addresses, so you cannot combine them with
Listen directives for explicit IPv4 or IPv6 addresses on the same
port.
- ListenBackLog
number
- Specifies the number of pending connections that will be allowed. This
normally only affects very busy servers that have reached the MaxClients
limit, but can also be triggered by large numbers of simultaneous
connections. When the limit is reached, the operating system will refuse
additional connections until the scheduler can accept the pending ones.
The default is the OS-defined default limit, typically either
"5" for older operating systems or "128" for newer
operating systems.
- <Location /path> ...
</Location>
- Specifies access control for the named location. Paths are documented
below in the section "LOCATION PATHS".
- LogDebugHistory
number
- Specifies the number of debugging messages that are retained for logging
if an error occurs in a print job. Debug messages are logged regardless of
the LogLevel setting.
- LogLevel
none
- LogLevel
emerg
- LogLevel
alert
- LogLevel
crit
- LogLevel
error
- LogLevel
warn
- LogLevel
notice
- LogLevel
info
- LogLevel
debug
- LogLevel
debug2
- Specifies the level of logging for the ErrorLog file. The value
"none" stops all logging while "debug2" logs
everything. The default is "warn".
- LogTimeFormat
standard
- LogTimeFormat
usecs
- Specifies the format of the date and time in the log files. The value
"standard" is the default and logs whole seconds while
"usecs" logs microseconds.
- MaxClients
number
- Specifies the maximum number of simultaneous clients that are allowed by
the scheduler. The default is "100".
- MaxClientsPerHost
number
- Specifies the maximum number of simultaneous clients that are allowed from
a single address. The default is the MaxClients value.
- MaxCopies
number
- Specifies the maximum number of copies that a user can print of each job.
The default is "9999".
- MaxHoldTime
seconds
- Specifies the maximum time a job may remain in the "indefinite"
hold state before it is canceled. The default is "0" which
disables cancellation of held jobs.
- MaxJobs
number
- Specifies the maximum number of simultaneous jobs that are allowed. Set to
"0" to allow an unlimited number of jobs. The default is
"500".
- MaxJobsPerPrinter
number
- Specifies the maximum number of simultaneous jobs that are allowed per
printer. The default is "0" which allows up to MaxJobs jobs per
printer.
- MaxJobsPerUser
number
- Specifies the maximum number of simultaneous jobs that are allowed per
user. The default is "0" which allows up to MaxJobs jobs per
user.
- MaxJobTime
seconds
- Specifies the maximum time a job may take to print before it is canceled.
Set to "0" to disable cancellation of "stuck" jobs.
The default is "10800" (3 hours).
- MaxLogSize
size
- Specifies the maximum size of the log files before they are rotated. The
value "0" disables log rotation. The default is
"1048576" (1MB).
- MultipleOperationTimeout
seconds
- Specifies the maximum amount of time to allow between files in a multiple
file print job. The default is "900" (15 minutes).
- <Policy name> ... </Policy>
- Specifies access control for the named policy.
- Port
number
- Listens to the specified port number for connections.
- PreserveJobFiles
Yes
- PreserveJobFiles
No
- PreserveJobFiles
seconds
- Specifies whether job files (documents) are preserved after a job is
printed. If a numeric value is specified, job files are preserved for the
indicated number of seconds after printing. The default is
"86400" (preserve 1 day).
- PreserveJobHistory
Yes
- PreserveJobHistory
No
- PreserveJobHistory
seconds
- Specifies whether the job history is preserved after a job is printed. If
a numeric value is specified, the job history is preserved for the
indicated number of seconds after printing. If "Yes", the job
history is preserved until the MaxJobs limit is reached. The default is
"Yes".
- ReloadTimeout
seconds
- Specifies the amount of time to wait for job completion before restarting
the scheduler. The default is "30".
- ServerAdmin
email-address
- Specifies the email address of the server administrator. The default value
is "root@ServerName".
- ServerAlias
hostname [ ... hostname ]
- ServerAlias
*
- The ServerAlias directive is used for HTTP Host header validation when
clients connect to the scheduler from external interfaces. Using the
special name "*" can expose your system to known browser-based
DNS rebinding attacks, even when accessing sites through a firewall. If
the auto-discovery of alternate names does not work, we recommend listing
each alternate name with a ServerAlias directive instead of using
"*".
- ServerName
hostname
- Specifies the fully-qualified hostname of the server. The default is the
value reported by the hostname(1) command.
- ServerTokens
None
- ServerTokens
ProductOnly
- ServerTokens
Major
- ServerTokens
Minor
- ServerTokens
Minimal
- ServerTokens
OS
- ServerTokens
Full
- Specifies what information is included in the Server header of HTTP
responses. "None" disables the Server header.
"ProductOnly" reports "CUPS". "Major"
reports "CUPS/major IPP/2". "Minor" reports
"CUPS/major.minor IPP/2.1". "Minimal" reports
"CUPS/major.minor.patch IPP/2.1". "OS" reports
"CUPS/major.minor.path (osname osversion) IPP/2.1".
"Full" reports "CUPS/major.minor.path (osname osversion;
architecture) IPP/2.1". The default is "Minimal".
- SSLListen
ipv4-address:port
- SSLListen
[ipv6-address]:port
- SSLListen
*:port
- Listens on the specified address and port for encrypted connections.
- SSLOptions
[AllowDH] [AllowRC4] [AllowSSL3] [DenyCBC]
[DenyTLS1.0] [MaxTLS1.0] [MaxTLS1.1] [MaxTLS1.2]
[MaxTLS1.3] [MinTLS1.0] [MinTLS1.1] [MinTLS1.2]
[MinTLS1.3]
- SSLOptions
None
- Sets encryption options (only in /etc/cups/client.conf). By default, CUPS
only supports encryption using TLS v1.0 or higher using known secure
cipher suites. Security is reduced when Allow options are used.
Security is enhanced when Deny options are used. The AllowDH
option enables cipher suites using plain Diffie-Hellman key negotiation
(not supported on systems using GNU TLS). The AllowRC4 option
enables the 128-bit RC4 cipher suites, which are required for some older
clients. The AllowSSL3 option enables SSL v3.0, which is required
for some older clients that do not support TLS v1.0. The DenyCBC
option disables all CBC cipher suites. The DenyTLS1.0 option
disables TLS v1.0 support - this sets the minimum protocol version to TLS
v1.1. The MinTLS options set the minimum TLS version to support.
The MaxTLS options set the maximum TLS version to support. Not all
operating systems support TLS 1.3 at this time.
- SSLPort
port
- Listens on the specified port for encrypted connections.
- StrictConformance
Yes
- StrictConformance
No
- Specifies whether the scheduler requires clients to strictly adhere to the
IPP specifications. The default is "No".
- Timeout
seconds
- Specifies the HTTP request timeout. The default is "900" (15
minutes).
- WebInterface
yes
- WebInterface
no
- Specifies whether the web interface is enabled. The default is
"No".
The following HTTP methods are supported by cupsd(8):
- GET
- Used by a client to download icons and other printer resources and to
access the CUPS web interface.
- HEAD
- Used by a client to get the type, size, and modification date of
resources.
- OPTIONS
- Used by a client to establish a secure (SSL/TLS) connection.
- POST
- Used by a client to submit IPP requests and HTML forms from the CUPS web
interface.
- PUT
- Used by a client to upload configuration files.
The following paths are commonly used when configuring
cupsd(8):
- /
- The path for all get operations (get-printers, get-jobs, etc.)
- /admin
- The path for all administration operations (add-printer, delete-printer,
start-printer, etc.)
- /admin/conf
- The path for access to the CUPS configuration files (cupsd.conf,
client.conf, etc.)
- /admin/log
- The path for access to the CUPS log files (access_log, error_log,
page_log)
- /classes
- The path for all printer classes
- /classes/name
- The resource for the named printer class
- /jobs
- The path for all jobs (hold-job, release-job, etc.)
- /jobs/id
- The path for the specified job
- /printers
- The path for all printers
- /printers/name
- The path for the named printer
- /printers/name.png
- The icon file path for the named printer
- /printers/name.ppd
- The PPD file path for the named printer
The following directives may be placed inside Location and Limit
sections in the cupsd.conf file:
- Allow all
- Allow
none
- Allow
host.domain.com
- Allow
*.domain.com
- Allow
ipv4-address
- Allow
ipv4-address/netmask
- Allow
ipv4-address/mm
- Allow
[ipv6-address]
- Allow
[ipv6-address]/mm
- Allow
@IF(name)
- Allow
@LOCAL
- Allows access from the named hosts, domains, addresses, or interfaces. The
@IF(name) form uses the current subnets configured for the named
interface. The @LOCAL form uses the current subnets configured for all
interfaces that are not point-to-point, for example Ethernet and Wi-Fi
interfaces are used but DSL and VPN interfaces are not. The Order
directive controls whether Allow lines are evaluated before or after Deny
lines.
- AuthType
None
- AuthType
Basic
- AuthType
Default
- AuthType
Negotiate
- Specifies the type of authentication required. The value
"Default" corresponds to the DefaultAuthType value.
- Deny all
- Deny none
- Deny
host.domain.com
- Deny
*.domain.com
- Deny
ipv4-address
- Deny
ipv4-address/netmask
- Deny
ipv4-address/mm
- Deny
[ipv6-address]
- Deny
[ipv6-address]/mm
- Deny
@IF(name)
- Deny
@LOCAL
- Denies access from the named hosts, domains, addresses, or interfaces. The
@IF(name) form uses the current subnets configured for the named
interface. The @LOCAL form uses the current subnets configured for all
interfaces that are not point-to-point, for example Ethernet and Wi-Fi
interfaces are used but DSL and VPN interfaces are not. The Order
directive controls whether Deny lines are evaluated before or after Allow
lines.
- Encryption
IfRequested
- Encryption
Never
- Encryption
Required
- Specifies the level of encryption that is required for a particular
location. The default value is "IfRequested".
- Order
allow,deny
- Specifies that access is denied by default. Allow lines are then processed
followed by Deny lines to determine whether a client may access a
particular resource.
- Order
deny,allow
- Specifies that access is allowed by default. Deny lines are then processed
followed by Allow lines to determine whether a client may access a
particular resource.
- Require group
group-name [ group-name ... ]
- Specifies that an authenticated user must be a member of one of the named
groups.
- Require user
{user-name|@group-name} ...
- Specifies that an authenticated user must match one of the named users or
be a member of one of the named groups. The group name "@SYSTEM"
corresponds to the list of groups defined by the SystemGroup directive in
the cups-files.conf(5) file. The group name "@OWNER"
corresponds to the owner of the resource, for example the person that
submitted a print job. Note: The 'root' user is not special and must be
granted privileges like any other user account.
- Require
valid-user
- Specifies that any authenticated user is acceptable.
- Satisfy
all
- Specifies that all Allow, AuthType, Deny, Order, and Require conditions
must be satisfied to allow access.
- Satisfy
any
- Specifies that any a client may access a resource if either the
authentication (AuthType/Require) or address (Allow/Deny/Order) conditions
are satisfied. For example, this can be used to require authentication
only for remote accesses.
The following directives are deprecated and will be removed in a
future release of CUPS:
- Classification
banner
-
Specifies the security classification of the server. Any valid banner name
can be used, including "classified", "confidential",
"secret", "topsecret", and "unclassified",
or the banner can be omitted to disable secure printing functions. The
default is no classification banner.
- ClassifyOverride
Yes
- ClassifyOverride
No
-
Specifies whether users may override the classification (cover page) of
individual print jobs using the "job-sheets" option. The default
is "No".
- PageLogFormat
format-string
- Specifies the format of PageLog lines. Sequences beginning with percent
(%) characters are replaced with the corresponding information, while all
other characters are copied literally. The following percent sequences are
recognized:
"%%" inserts a single percent character.
"%{name}" inserts the value of the specified IPP attribute.
"%C" inserts the number of copies for the current page.
"%P" inserts the current page number.
"%T" inserts the current date and time in common log format.
"%j" inserts the job ID.
"%p" inserts the printer name.
"%u" inserts the username.
The default is the empty string, which disables page logging. The string
"%p %u %j %T %P %C %{job-billing} %{job-originating-host-name}
%{job-name} %{media} %{sides}" creates a page log with the standard
items. Use "%{job-impressions-completed}" to insert the number
of pages (sides) that were printed, or
"%{job-media-sheets-completed}" to insert the number of sheets
that were printed.
- RIPCache
size
- Specifies the maximum amount of memory to use when converting documents
into bitmaps for a printer. The default is "128m".
File, directory, and user configuration directives that used to be
allowed in the cupsd.conf file are now stored in the
cups-files.conf(5) file instead in order to prevent certain types of
privilege escalation attacks.
The scheduler MUST be restarted manually after making changes to
the cupsd.conf file. On Linux this is typically done using the
systemctl(8) command, while on macOS the launchctl(8) command
is used instead.
The @LOCAL macro name can be confusing since the system running
cupsd often belongs to a different set of subnets from its
clients.
The cupsd.conf file format is based on the Apache HTTP
Server configuration file format.
Log everything with a maximum log file size of 32 megabytes:
AccessLogLevel all
LogLevel debug2
MaxLogSize 32m
Require authentication for accesses from outside the 10.
network:
<Location />
Order allow,deny
Allow from 10./8
AuthType Basic
Require valid-user
Satisfy any
</Location>
Copyright © 2020 by Michael R Sweet
Copyright © 2007-2019 by Apple Inc.