- Integrated Systems
- About Us
- Integrated Systems
- About Us
09-02-2010 07:43 AM
I am setting up a CUPS printing environment for all the Unix servers to print through a centralized print server.
I have a CUPS print server which has all the printers defined.
On each client(Unix server), I have configured cupsd.conf with the following lines
Is there a way we can control the access to printers to a specific client or a group of clients ?.
I have been going through CUPS manual for sometime but I have not reached anywhere. Anybody who has ran into a similar requirement, please drop a few lines.
Solved! Go to Solution.
09-02-2010 02:31 PMSolution
In /etc/cups/cupsd.conf, you can use an access control syntax that is almost identical to the one used by the Apache web server.
For example, if you have a printer named "testprinter", and want to allow only the server itself, client1.example and client2.example to print on it, you might add something like this to the cupsd.conf file:
# Deny all by default
Order allow, deny
Allow from 127.0.0.1
Allow from client1.example
Allow from client2.example
On the "Allow from ..." lines, you can use hostnames, domain names, IP addressesm network/netmask pairs and some special keywords (like @LOCAL and @IF(name) ) to grant access.
There is also a corresponding "Deny from ..." keyword.
The "Order" statement may be a bit confusing.
"Order allow, deny" means access is denied by default; the client *must* match one of the Allow lines to have a chance of using the printer. But an explicit "Deny from ..." will override the Allow statement. So if you want to grant access to a group of clients except one or two special cases, you can Allow the entire group, then explicitly Deny the special cases.
If you want to allow access by default, you can use "Order deny, allow" to make it all work in the opposite sense. When "Order deny, allow" is in effect, access is allowed by default. If you want to deny access, you must use a "Deny from ..." line, and you can still make special exceptions that override the Deny lines by using "Allow from ..." lines.
See "man cupsd.conf" for documentation on all the directives available for cupsd.conf file.
All the above-mentioned applies only for CUPS's native printing protocol, IPP. If you use "cups-lpd" on your central print server to allow it receive print jobs using the traditional LPD protocol too, this access control does not apply to LPD jobs. But cups-lpd is invoked from inetd or xinetd, so you can use TCP-Wrapper with cups-lpd for access control.
With traditional inetd, you must explicitly add the TCP-Wrapper to the cups-lpd's configuration line in /etc/inetd.conf; if your central print server uses xinetd, it already has TCP-Wrapper support integrated (known as "libwrap support") so you only need to add the access rules to /etc/hosts.allow and/or /etc/hosts.deny.
See "man cups-lpd" for inetd/xinetd configuration examples:
09-08-2010 10:13 AM
Re: HPUX / Linux - CUPS configuration
Allow client1 printer1,printer2
Allow client2 printer2,printer3
Can we get to that level ?