General
cancel
Showing results for 
Search instead for 
Did you mean: 

HPUX / Linux - CUPS configuration

SOLVED
Go to solution
KapilRaj
Honored Contributor

HPUX / Linux - CUPS configuration

Hello folks,

I am setting up a CUPS printing environment for all the Unix servers to print through a centralized print server.

I have a CUPS print server which has all the printers defined.
On each client(Unix server), I have configured cupsd.conf with the following lines

Browsepoll

Is there a way we can control the access to printers to a specific client or a group of clients ?.

I have been going through CUPS manual for sometime but I have not reached anywhere. Anybody who has ran into a similar requirement, please drop a few lines.

Regards,

Kaps
Nothing is impossible
3 REPLIES
Matti_Kurkela
Honored Contributor
Solution

Re: HPUX / Linux - CUPS configuration

If by a "client" you mean a Unix host that has a known DNS name or IP address, implementing restrictions is easy.

In /etc/cups/cupsd.conf, you can use an access control syntax that is almost identical to the one used by the Apache web server.

For example, if you have a printer named "testprinter", and want to allow only the server itself, client1.example and client2.example to print on it, you might add something like this to the cupsd.conf file:


# Deny all by default
Order allow, deny
Allow from 127.0.0.1
Allow from client1.example
Allow from client2.example


On the "Allow from ..." lines, you can use hostnames, domain names, IP addressesm network/netmask pairs and some special keywords (like @LOCAL and @IF(name) ) to grant access.

There is also a corresponding "Deny from ..." keyword.

The "Order" statement may be a bit confusing.

"Order allow, deny" means access is denied by default; the client *must* match one of the Allow lines to have a chance of using the printer. But an explicit "Deny from ..." will override the Allow statement. So if you want to grant access to a group of clients except one or two special cases, you can Allow the entire group, then explicitly Deny the special cases.

If you want to allow access by default, you can use "Order deny, allow" to make it all work in the opposite sense. When "Order deny, allow" is in effect, access is allowed by default. If you want to deny access, you must use a "Deny from ..." line, and you can still make special exceptions that override the Deny lines by using "Allow from ..." lines.

See "man cupsd.conf" for documentation on all the directives available for cupsd.conf file.

http://www.cups.org/documentation.php/doc-1.4/ref-cupsd-conf.html

All the above-mentioned applies only for CUPS's native printing protocol, IPP. If you use "cups-lpd" on your central print server to allow it receive print jobs using the traditional LPD protocol too, this access control does not apply to LPD jobs. But cups-lpd is invoked from inetd or xinetd, so you can use TCP-Wrapper with cups-lpd for access control.

With traditional inetd, you must explicitly add the TCP-Wrapper to the cups-lpd's configuration line in /etc/inetd.conf; if your central print server uses xinetd, it already has TCP-Wrapper support integrated (known as "libwrap support") so you only need to add the access rules to /etc/hosts.allow and/or /etc/hosts.deny.

See "man cups-lpd" for inetd/xinetd configuration examples:
http://www.cups.org/documentation.php/doc-1.4/man-cups-lpd.html

MK
MK
KapilRaj
Honored Contributor

Re: HPUX / Linux - CUPS configuration

My requirement is kind of,

Allow client1 printer1,printer2
Allow client2 printer2,printer3

Can we get to that level ?
Nothing is impossible
KapilRaj
Honored Contributor

Re: HPUX / Linux - CUPS configuration

Or mask a few printers to a client.

Just like masking a LUN to one or many WWNs ?
Nothing is impossible