[cups.general] Listen vs. <Location />
Michael Sweet
msweet at apple.com
Wed Apr 22 16:35:50 PDT 2009
On Apr 22, 2009, at 3:19 PM, Paul Landers wrote:
> One of the most confusing things for me had been what appear to be
> overlapping directives. For example, why is it necessary to specify
> both a Listen directive as well as the <Location /> directive? They
> both appear to control the same access, and I have not yet found a
> clear explanation of the differences.
Listen controls which address(es) the scheduler will accept
connections on. For example, you might have a public and private
network interface. Using:
Listen *:631
or:
Port 631
would accept connections from both interfaces while:
Listen privatehostname:631
would only accept connections using the address(es) defined for the
private network interface (which are listed for "privatehostname"...)
Location controls access to specific resources once you are connected
to the server. For example, when you enable printer sharing from the
web interface (or cupsctl command-line utility) the cupsd.conf file is
updated from:
Listen localhost:631
<Location />
Order allow,deny
</Location>
to:
Port 631
<Location />
Order allow,deny
Allow @LOCAL
</Location>
The change from Listen to Port allows connections on any network
interface, however the "Allow @LOCAL" only allows access beyond the
initial connection to systems on the same subnets as your server.
You'll also see a Policy directive in the default cupsd.conf file - it
serves a similar purpose, just for IPP operations instead of file and
directories.
FWIW, the same rules apply to the Apache HTTP server (I used the same
syntax and rules when designing the cupsd.conf format), so any good
Apache book should provide more examples to explain how Listen/Port
and Location/Order/Allow/Deny/AuthType/Require interact.
> Also, from the CUPS SAM, the explanation for the directive 'Browsing
> On':
>
> "This directive does not enable sharing of local printers by itself;
> you must also use the BrowseAddress or BrowseProtocols directives to
> advertise local printers to other systems."
>
> My question is simply 'why not'? In other words, if I set 'Browsing
> On' but did not set any BrowseAddress or BrowseProtocols, then how
> would CUPS behave?
"Browsing On" by itself would just let your system see other shared
printers.
Setting a BrowseAddress tells CUPS to advertise its shared printers to
other systems on the corresponding network, with @LOCAL advertising to
all of the networks you are directly connected to.
BrowseProtocols (and now more formally BrowseLocalProtocols and
BrowseRemoteProtocols) allows you to control which protocols are used
for printer sharing. The defaults vary based on the platform, but
always include CUPS so specifying the BrowseLocalProtocols directive
is optional.
BrowseRemoteProtocols specifies the protocols used to discover
printers shared by other systems; on Mac OS X this defaults to "none",
while other platforms use "CUPS" by default.
>
> I would be very grateful if someone could clarify and simplify these
> questions.
>
> Thank you!
> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups
________________________________________
Michael R Sweet, Senior Printing System Engineer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.cups.org/pipermail/cups/attachments/20090422/e506992f/attachment-0001.html>
More information about the cups
mailing list