[cups.general] cups access control

Michael Sweet msweet at apple.com
Tue Dec 29 14:10:06 PST 2009 

In short, you can't limit the visibility of automatically shared printers. The best you could do is have separate policies for each printer that only allows incoming jobs from the corresponding computers, but the other printers would still see them - print jobs would simply be rejected.

If you disable CUPS browsing and hardwire the shared printers then you can have each client only see a single printer.  You can do this for each client at the command-line with:

    cupsctl --no-remote-printers --no-share-printers
    lpadmin -p NAME -E -v ipp://server/printers/NAME

On the server you'd use:

    cupsctl --share-printers Browsing=No

To further limit access to the shared printers, setup policies for each printer or use the Location directive in cupsd.conf, e.g.:

    <Location /printers/A>
    Order allow,deny
    Allow 192.168.136.10
    Allow 192.168.136.11
    Allow 192.168.136.12
    Allow 192.168.136.13
    Allow 192.168.136.14
    Allow 192.168.136.15
    Allow 192.168.136.16
    Allow 192.168.136.17
    Allow 192.168.136.18
    Allow 192.168.136.19
    Allow 192.168.136.20
    </Location>

You can find more information on this and policies in the online help:

    http://localhost:631/help/policies.html
    http://localhost:631/help/ref-cupsd-conf.html


On Dec 29, 2009, at 1:59 PM, maxmad wrote:

> Debian Linux Lenny
> 
> It seems to be a beginners problem, but I don't find the right combination in configuration.
> 
> It is a 192.168.136.XYZ network with three groups of computers:
> group A: 192.168.136.10-20
> group B: 192.168.136.30-40
> group C: 192.168.136.50-60
> 
> and three printers
> printer for A: 192.168.136.21
> printer for B: 192.168.136.41
> printer for C: 192.168.136.61
> 
> I would like to have printer A visible and printable only for group A and so on.
> 
> As soon as a printer is not published, it can't be accessed by anyone. Once published, everybody sees it and can print on it.
> How can I make a printer visible and accessable only for one group?
> Which parameters have to be set in printers.conf and cupsd.conf?
> Thank you for helping.
> 
> 
> _______________________________________________
> cups mailing list
> cups at easysw.com
> http://lists.easysw.com/mailman/listinfo/cups

___________________________________________________
Michael Sweet, Senior Printing System Engineer

More information about the cups mailing list