| 68 | | To allow access to the management pages on local network the cupsd.conf file must be edited. |
| 69 | | |
| 70 | | {{{ |
| 71 | | nano /etc/cups/cupsd.conf |
| 72 | | }}} |
| 73 | | |
| 74 | | {{{ |
| 75 | | # |
| 76 | | # Configuration file for the CUPS scheduler. See "man cupsd.conf" for a |
| 77 | | # complete description of this file. |
| 78 | | # |
| 79 | | |
| 80 | | # Log general information in error_log - change "warn" to "debug" |
| 81 | | # for troubleshooting... |
| 82 | | LogLevel warn |
| 83 | | PageLogFormat |
| 84 | | |
| 85 | | # Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation. |
| 86 | | MaxLogSize 1m |
| 87 | | |
| 88 | | # Default error policy for printers |
| 89 | | ErrorPolicy stop-printer |
| 90 | | |
| 91 | | # Only listen for connections from the local machine. |
| 92 | | #Listen localhost:631 |
| 93 | | Port 631 |
| 94 | | Listen /run/cups/cups.sock |
| 95 | | |
| 96 | | # Show shared printers on the local network. |
| 97 | | Browsing Yes |
| 98 | | BrowseLocalProtocols dnssd |
| 99 | | |
| 100 | | # Default authentication type, when authentication is required... |
| 101 | | DefaultAuthType Basic |
| 102 | | |
| 103 | | # Web interface setting... |
| 104 | | WebInterface Yes |
| 105 | | |
| 106 | | # Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) |
| 107 | | IdleExitTimeout 60 |
| 108 | | |
| 109 | | # Restrict access to the server... |
| 110 | | <Location /> |
| 111 | | Order allow,deny |
| 112 | | Allow @local |
| 113 | | </Location> |
| 114 | | |
| 115 | | # Restrict access to the admin pages... |
| 116 | | <Location /admin> |
| 117 | | Order allow,deny |
| 118 | | Allow @local |
| 119 | | </Location> |
| 120 | | |
| 121 | | # Restrict access to configuration files... |
| 122 | | <Location /admin/conf> |
| 123 | | AuthType Default |
| 124 | | Require user @SYSTEM |
| 125 | | Order allow,deny |
| 126 | | Allow @local |
| 127 | | </Location> |
| 128 | | |
| 129 | | # Restrict access to log files... |
| 130 | | <Location /admin/log> |
| 131 | | AuthType Default |
| 132 | | Require user @SYSTEM |
| 133 | | Order allow,deny |
| 134 | | Allow @local |
| 135 | | </Location> |
| 136 | | |
| 137 | | # Set the default printer/job policies... |
| 138 | | <Policy default> |
| 139 | | # Job/subscription privacy... |
| 140 | | JobPrivateAccess default |
| 141 | | JobPrivateValues default |
| 142 | | SubscriptionPrivateAccess default |
| 143 | | SubscriptionPrivateValues default |
| 144 | | |
| 145 | | # Job-related operations must be done by the owner or an administrator... |
| 146 | | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| 147 | | Order deny,allow |
| 148 | | </Limit> |
| 149 | | |
| 150 | | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| 151 | | Require user @OWNER @SYSTEM |
| 152 | | Order deny,allow |
| 153 | | </Limit> |
| 154 | | |
| 155 | | # All administration operations require an administrator to authenticate... |
| 156 | | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> |
| 157 | | AuthType Default |
| 158 | | Require user @SYSTEM |
| 159 | | Order deny,allow |
| 160 | | </Limit> |
| 161 | | |
| 162 | | # All printer operations require a printer operator to authenticate... |
| 163 | | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| 164 | | AuthType Default |
| 165 | | Require user @SYSTEM |
| 166 | | Order deny,allow |
| 167 | | </Limit> |
| 168 | | |
| 169 | | # Only the owner or an administrator can cancel or authenticate a job... |
| 170 | | <Limit Cancel-Job CUPS-Authenticate-Job> |
| 171 | | Require user @OWNER @SYSTEM |
| 172 | | Order deny,allow |
| 173 | | </Limit> |
| 174 | | |
| 175 | | <Limit All> |
| 176 | | Order deny,allow |
| 177 | | </Limit> |
| 178 | | </Policy> |
| 179 | | |
| 180 | | # Set the authenticated printer/job policies... |
| 181 | | <Policy authenticated> |
| 182 | | # Job/subscription privacy... |
| 183 | | JobPrivateAccess default |
| 184 | | JobPrivateValues default |
| 185 | | SubscriptionPrivateAccess default |
| 186 | | SubscriptionPrivateValues default |
| 187 | | |
| 188 | | # Job-related operations must be done by the owner or an administrator... |
| 189 | | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| 190 | | AuthType Default |
| 191 | | Order deny,allow |
| 192 | | </Limit> |
| 193 | | |
| 194 | | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| 195 | | AuthType Default |
| 196 | | Require user @OWNER @SYSTEM |
| 197 | | Order deny,allow |
| 198 | | </Limit> |
| 199 | | |
| 200 | | # All administration operations require an administrator to authenticate... |
| 201 | | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> |
| 202 | | AuthType Default |
| 203 | | Require user @SYSTEM |
| 204 | | Order deny,allow |
| 205 | | </Limit> |
| 206 | | |
| 207 | | # All printer operations require a printer operator to authenticate... |
| 208 | | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| 209 | | AuthType Default |
| 210 | | Require user @SYSTEM |
| 211 | | Order deny,allow |
| 212 | | </Limit> |
| 213 | | |
| 214 | | # Only the owner or an administrator can cancel or authenticate a job... |
| 215 | | <Limit Cancel-Job CUPS-Authenticate-Job> |
| 216 | | AuthType Default |
| 217 | | Require user @OWNER @SYSTEM |
| 218 | | Order deny,allow |
| 219 | | </Limit> |
| 220 | | |
| 221 | | <Limit All> |
| 222 | | Order deny,allow |
| 223 | | </Limit> |
| 224 | | </Policy> |
| 225 | | |
| 226 | | # Set the kerberized printer/job policies... |
| 227 | | <Policy kerberos> |
| 228 | | # Job/subscription privacy... |
| 229 | | JobPrivateAccess default |
| 230 | | JobPrivateValues default |
| 231 | | SubscriptionPrivateAccess default |
| 232 | | SubscriptionPrivateValues default |
| 233 | | |
| 234 | | # Job-related operations must be done by the owner or an administrator... |
| 235 | | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| 236 | | AuthType Negotiate |
| 237 | | Order deny,allow |
| 238 | | </Limit> |
| 239 | | |
| 240 | | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| 241 | | AuthType Negotiate |
| 242 | | Require user @OWNER @SYSTEM |
| 243 | | Order deny,allow |
| 244 | | </Limit> |
| 245 | | |
| 246 | | # All administration operations require an administrator to authenticate... |
| 247 | | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> |
| 248 | | AuthType Default |
| 249 | | Require user @SYSTEM |
| 250 | | Order deny,allow |
| 251 | | </Limit> |
| 252 | | |
| 253 | | # All printer operations require a printer operator to authenticate... |
| 254 | | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| 255 | | AuthType Default |
| 256 | | Require user @SYSTEM |
| 257 | | Order deny,allow |
| 258 | | </Limit> |
| 259 | | |
| 260 | | # Only the owner or an administrator can cancel or authenticate a job... |
| 261 | | <Limit Cancel-Job CUPS-Authenticate-Job> |
| 262 | | AuthType Negotiate |
| 263 | | Require user @OWNER @SYSTEM |
| 264 | | Order deny,allow |
| 265 | | </Limit> |
| 266 | | |
| 267 | | <Limit All> |
| 268 | | Order deny,allow |
| 269 | | </Limit> |
| 270 | | </Policy> |
| 271 | | }}} |
| 272 | | |
| 273 | | The line '''localhost:631''' limits access so that only the page could only be accessed from the 825 itself. Commented this out be placing '''#''' in front and added line '''Port 631''' below it. |
| 274 | | |
| 275 | | Added '''Allow @local''' just above each of the four '''</Location>''' lines. |
| 276 | | |
| 277 | | Then restart the cups service |
| 278 | | {{{ |
| 279 | | sudo systemctl restart cups |
| 280 | | }}} |
| 447 | | |
| 448 | | |
| | 234 | Technical information: |
| | 235 | |
| | 236 | To allow access to the management pages on local network the cupsd.conf file must be edited. |
| | 237 | |
| | 238 | {{{ |
| | 239 | nano /etc/cups/cupsd.conf |
| | 240 | }}} |
| | 241 | |
| | 242 | {{{ |
| | 243 | # |
| | 244 | # Configuration file for the CUPS scheduler. See "man cupsd.conf" for a |
| | 245 | # complete description of this file. |
| | 246 | # |
| | 247 | |
| | 248 | # Log general information in error_log - change "warn" to "debug" |
| | 249 | # for troubleshooting... |
| | 250 | LogLevel warn |
| | 251 | PageLogFormat |
| | 252 | |
| | 253 | # Specifies the maximum size of the log files before they are rotated. The value "0" disables log rotation. |
| | 254 | MaxLogSize 1m |
| | 255 | |
| | 256 | # Default error policy for printers |
| | 257 | ErrorPolicy stop-printer |
| | 258 | |
| | 259 | # Only listen for connections from the local machine. |
| | 260 | #Listen localhost:631 |
| | 261 | Port 631 |
| | 262 | Listen /run/cups/cups.sock |
| | 263 | |
| | 264 | # Show shared printers on the local network. |
| | 265 | Browsing Yes |
| | 266 | BrowseLocalProtocols dnssd |
| | 267 | |
| | 268 | # Default authentication type, when authentication is required... |
| | 269 | DefaultAuthType Basic |
| | 270 | |
| | 271 | # Web interface setting... |
| | 272 | WebInterface Yes |
| | 273 | |
| | 274 | # Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l) |
| | 275 | IdleExitTimeout 60 |
| | 276 | |
| | 277 | # Restrict access to the server... |
| | 278 | <Location /> |
| | 279 | Order allow,deny |
| | 280 | Allow @local |
| | 281 | </Location> |
| | 282 | |
| | 283 | # Restrict access to the admin pages... |
| | 284 | <Location /admin> |
| | 285 | Order allow,deny |
| | 286 | Allow @local |
| | 287 | </Location> |
| | 288 | |
| | 289 | # Restrict access to configuration files... |
| | 290 | <Location /admin/conf> |
| | 291 | AuthType Default |
| | 292 | Require user @SYSTEM |
| | 293 | Order allow,deny |
| | 294 | Allow @local |
| | 295 | </Location> |
| | 296 | |
| | 297 | # Restrict access to log files... |
| | 298 | <Location /admin/log> |
| | 299 | AuthType Default |
| | 300 | Require user @SYSTEM |
| | 301 | Order allow,deny |
| | 302 | Allow @local |
| | 303 | </Location> |
| | 304 | |
| | 305 | # Set the default printer/job policies... |
| | 306 | <Policy default> |
| | 307 | # Job/subscription privacy... |
| | 308 | JobPrivateAccess default |
| | 309 | JobPrivateValues default |
| | 310 | SubscriptionPrivateAccess default |
| | 311 | SubscriptionPrivateValues default |
| | 312 | |
| | 313 | # Job-related operations must be done by the owner or an administrator... |
| | 314 | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| | 315 | Order deny,allow |
| | 316 | </Limit> |
| | 317 | |
| | 318 | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| | 319 | Require user @OWNER @SYSTEM |
| | 320 | Order deny,allow |
| | 321 | </Limit> |
| | 322 | |
| | 323 | # All administration operations require an administrator to authenticate... |
| | 324 | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> |
| | 325 | AuthType Default |
| | 326 | Require user @SYSTEM |
| | 327 | Order deny,allow |
| | 328 | </Limit> |
| | 329 | |
| | 330 | # All printer operations require a printer operator to authenticate... |
| | 331 | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| | 332 | AuthType Default |
| | 333 | Require user @SYSTEM |
| | 334 | Order deny,allow |
| | 335 | </Limit> |
| | 336 | |
| | 337 | # Only the owner or an administrator can cancel or authenticate a job... |
| | 338 | <Limit Cancel-Job CUPS-Authenticate-Job> |
| | 339 | Require user @OWNER @SYSTEM |
| | 340 | Order deny,allow |
| | 341 | </Limit> |
| | 342 | |
| | 343 | <Limit All> |
| | 344 | Order deny,allow |
| | 345 | </Limit> |
| | 346 | </Policy> |
| | 347 | |
| | 348 | # Set the authenticated printer/job policies... |
| | 349 | <Policy authenticated> |
| | 350 | # Job/subscription privacy... |
| | 351 | JobPrivateAccess default |
| | 352 | JobPrivateValues default |
| | 353 | SubscriptionPrivateAccess default |
| | 354 | SubscriptionPrivateValues default |
| | 355 | |
| | 356 | # Job-related operations must be done by the owner or an administrator... |
| | 357 | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| | 358 | AuthType Default |
| | 359 | Order deny,allow |
| | 360 | </Limit> |
| | 361 | |
| | 362 | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| | 363 | AuthType Default |
| | 364 | Require user @OWNER @SYSTEM |
| | 365 | Order deny,allow |
| | 366 | </Limit> |
| | 367 | |
| | 368 | # All administration operations require an administrator to authenticate... |
| | 369 | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> |
| | 370 | AuthType Default |
| | 371 | Require user @SYSTEM |
| | 372 | Order deny,allow |
| | 373 | </Limit> |
| | 374 | |
| | 375 | # All printer operations require a printer operator to authenticate... |
| | 376 | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| | 377 | AuthType Default |
| | 378 | Require user @SYSTEM |
| | 379 | Order deny,allow |
| | 380 | </Limit> |
| | 381 | |
| | 382 | # Only the owner or an administrator can cancel or authenticate a job... |
| | 383 | <Limit Cancel-Job CUPS-Authenticate-Job> |
| | 384 | AuthType Default |
| | 385 | Require user @OWNER @SYSTEM |
| | 386 | Order deny,allow |
| | 387 | </Limit> |
| | 388 | |
| | 389 | <Limit All> |
| | 390 | Order deny,allow |
| | 391 | </Limit> |
| | 392 | </Policy> |
| | 393 | |
| | 394 | # Set the kerberized printer/job policies... |
| | 395 | <Policy kerberos> |
| | 396 | # Job/subscription privacy... |
| | 397 | JobPrivateAccess default |
| | 398 | JobPrivateValues default |
| | 399 | SubscriptionPrivateAccess default |
| | 400 | SubscriptionPrivateValues default |
| | 401 | |
| | 402 | # Job-related operations must be done by the owner or an administrator... |
| | 403 | <Limit Create-Job Print-Job Print-URI Validate-Job> |
| | 404 | AuthType Negotiate |
| | 405 | Order deny,allow |
| | 406 | </Limit> |
| | 407 | |
| | 408 | <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> |
| | 409 | AuthType Negotiate |
| | 410 | Require user @OWNER @SYSTEM |
| | 411 | Order deny,allow |
| | 412 | </Limit> |
| | 413 | |
| | 414 | # All administration operations require an administrator to authenticate... |
| | 415 | <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> |
| | 416 | AuthType Default |
| | 417 | Require user @SYSTEM |
| | 418 | Order deny,allow |
| | 419 | </Limit> |
| | 420 | |
| | 421 | # All printer operations require a printer operator to authenticate... |
| | 422 | <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> |
| | 423 | AuthType Default |
| | 424 | Require user @SYSTEM |
| | 425 | Order deny,allow |
| | 426 | </Limit> |
| | 427 | |
| | 428 | # Only the owner or an administrator can cancel or authenticate a job... |
| | 429 | <Limit Cancel-Job CUPS-Authenticate-Job> |
| | 430 | AuthType Negotiate |
| | 431 | Require user @OWNER @SYSTEM |
| | 432 | Order deny,allow |
| | 433 | </Limit> |
| | 434 | |
| | 435 | <Limit All> |
| | 436 | Order deny,allow |
| | 437 | </Limit> |
| | 438 | </Policy> |
| | 439 | }}} |
| | 440 | |
| | 441 | The line '''localhost:631''' limits access so that only the page could only be accessed from the 825 itself. Commented this out be placing '''#''' in front and added line '''Port 631''' below it. |
| | 442 | |
| | 443 | Added '''Allow @local''' just above each of the four '''</Location>''' lines. |
| | 444 | |
| | 445 | Then restart the cups service |
| | 446 | {{{ |
| | 447 | sudo systemctl restart cups |
| | 448 | }}} |
| | 449 | |
| | 450 | |
![(please configure the [header_logo] section in trac.ini)](/chrome/site/cardinal.gif)
