CUPS and cupsd.conf on Linux

Accessing a CUPS driven printer without password

I had to do a few print-outs with my old printer, and realized the old cupsd.conf didn’t do any more what I wanted it to do, namely running my printer on my home network, via http://127.0.0.1:631/, and without having to type in usernames and passwords there every time I wanted to change some printer settings.

After lots of googling I found a solution: I forgot where I found the template, and how much I changed it to make it work the way it should. You’ll find it below.

Please note that this configuration file is for a secure home network. That is I’m the only one using that printer. So if in doubt whether it’s a good idea or not to use this cupsd.conf – then for the sake of your network security: don’t use it.

Note the cups Debian packages installed with this file :

$ dpkg -l | grep -i cups
ii  cups                                  1.3.10-1                       Common UNIX Printing System(tm) - server
ii  cups-bsd                              1.3.10-1                       Common UNIX Printing System(tm) - BSD comman
ii  cups-client                           1.3.10-1                       Common UNIX Printing System(tm) - client pro
ii  cups-common                           1.3.10-1                       Common UNIX Printing System(tm) - common fil
ii  cups-driver-gutenprint                5.2.3-2+b1                     printer drivers for CUPS
ii  gutenprint-doc                        5.2.3-2                        users' guide for Gutenprint and CUPS
ii  libcups2                              1.3.10-1                       Common UNIX Printing System(tm) - libs
ii  libcupsimage2                         1.3.10-1                       Common UNIX Printing System(tm) - image libs

So here goes /etc/cups/cupsd.conf:

#
# "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $"
#
#   Sample configuration file for the Common UNIX Printing System (CUPS)
#   scheduler.  See "man cupsd.conf" for a complete description of this
#   file.
#

# Log general information in error_log - change "info" to "debug" for
# troubleshooting...
LogLevel debug

# Administrator user group...
#SystemGroup lpadmin


# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order deny,allow
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Encryption Required
  Order deny,allow
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType None
#  Require user @SYSTEM
  Order deny,allow
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
#    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType None
#    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType None
#    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
#    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

#
# End of "$Id: cupsd.conf.in 7199 2008-01-08 00:16:30Z mike $".
#

An important part to stop access without authentication do seem to play the ‘Require user’ instances, that are commented out above.

I wouldn’t be astonished if the code above could be written much easier, more efficient, and yes, more beautiful than here – if all we want is unrestricted access to some printer: I did not have the time so far to find that solution. Please leave a comment here if you have one.

Thanks in anticipation.

About these ads

2 Responses to “CUPS and cupsd.conf on Linux”

  1. online printing company Says:

    I have been browsing online more than 2 hours today, yet
    I never found any interesting article like yours.
    It’s pretty worth enough for me. Personally, if all webmasters and bloggers made good content as you did, the web will be much more useful than ever before.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: