CUPS and printer security
Anonymous
anonymous at easysw.com
Mon Aug 15 07:14:24 PDT 2005
> I don't remember if IPP itself provides such a mechanism, but CUPS does by the
> DenyFrom and AllowFrom directives in cupsd.conf. With little effort, you may set these
> directives for any printer (besides a default access control which is valid for all
> destinations that haven't been specifically configured.
>
> Helge
>
> --
> Helge Blischke
> Softwareentwicklung
> SRZ Berlin | Firmengruppe besscom
> http://www.srz.de
Yes, that stops the printers in question being accessed through that CUPS installation, but unless the printers themselves have been locked down (e.g. with HP's restricted access list - of IP addresses of systems permitted to access them) then there's nothing to stop a user on your network from installing another - unauthorised - copy of CUPS (or any other print system, or even no print system at all) and then sending jobs to the printers. If you're charging for printing, this is a real problem. I'd hoped that there might be a general, higher-level, mechanism in IPP implemented by CUPS to prevent this. (I have the IPP 1.1 RFCs and have been reading them to see what I can find, but nothing so far.)
John A. Murdie
Department of Computer Science
University of York
UK
More information about the cups
mailing list