CUPS and printer security

Anonymous anonymous at
Mon Aug 15 07:14:24 PDT 2005

> I don't remember if IPP itself provides such a mechanism, but CUPS does by the
> DenyFrom and AllowFrom directives in cupsd.conf. With little effort, you may set these
> directives for any printer (besides a default access control which is valid for all
> destinations that haven't been specifically configured.
> Helge
> --
> Helge Blischke
> Softwareentwicklung
> SRZ Berlin | Firmengruppe besscom

Yes, that stops the printers in question being accessed through that CUPS installation, but unless the printers themselves have been locked down (e.g. with HP's restricted access list - of IP addresses of systems permitted to access them) then there's nothing to stop a user on your network from installing another - unauthorised - copy of CUPS (or any other print system, or even no print system at all) and then sending jobs to the printers. If you're charging for printing, this is a real problem. I'd hoped that there might be a general, higher-level, mechanism in IPP implemented by CUPS to prevent this. (I have the IPP 1.1 RFCs and have been reading them to see what I can find, but nothing so far.)

John A. Murdie
Department of Computer Science
University of York

More information about the cups mailing list