diff options
author | Sebastian | 2016-04-25 12:01:08 +0200 |
---|---|---|
committer | Sebastian | 2016-04-25 12:01:08 +0200 |
commit | 5acda3eaeabae9045609539303a8c12c4ce401f1 (patch) | |
tree | 7e71975f8570b05aafe2ea6ec0e242a8912387bb /core/modules/cups/data | |
parent | initial commit (diff) | |
download | mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.tar.gz mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.tar.xz mltk-5acda3eaeabae9045609539303a8c12c4ce401f1.zip |
merge with latest dev version
Diffstat (limited to 'core/modules/cups/data')
3 files changed, 153 insertions, 0 deletions
diff --git a/core/modules/cups/data/etc/cups/cupsd.conf b/core/modules/cups/data/etc/cups/cupsd.conf new file mode 100644 index 00000000..bd3bc179 --- /dev/null +++ b/core/modules/cups/data/etc/cups/cupsd.conf @@ -0,0 +1,143 @@ +# +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel warn + +# Deactivate CUPS' internal logrotating, as we provide a better one, especially +# LogLevel debug2 gets usable now +MaxLogSize 0 + +# Administrator user group... +SystemGroup lpadmin + + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen /var/run/cups/cups.sock + +# Show shared printers on the local network. +Browsing Off +BrowseOrder allow,deny +BrowseAllow all +BrowseLocalProtocols CUPS dnssd +BrowseAddress @LOCAL + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Web interface setting... +WebInterface Yes + +# Restrict access to the server... +<Location /> + Order allow,deny +</Location> + +# Restrict access to the admin pages... +<Location /admin> + Order allow,deny +</Location> + +# Restrict access to configuration files... +<Location /admin/conf> + AuthType Default + Require user @SYSTEM + Order allow,deny +</Location> + +# Set the default printer/job policies... +<Policy default> + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + <Limit Create-Job Print-Job Print-URI Validate-Job> + Order deny,allow + </Limit> + + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + + # All administration operations require an administrator to authenticate... + <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> + AuthType Default + Require user @SYSTEM + Order deny,allow + </Limit> + + # All printer operations require a printer operator to authenticate... + <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> + AuthType Default + Require user @SYSTEM + Order deny,allow + </Limit> + + # Only the owner or an administrator can cancel or authenticate a job... + <Limit Cancel-Job CUPS-Authenticate-Job> + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + + <Limit All> + Order deny,allow + </Limit> +</Policy> + +# Set the authenticated printer/job policies... +<Policy authenticated> + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + <Limit Create-Job Print-Job Print-URI Validate-Job> + AuthType Default + Order deny,allow + </Limit> + + <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + + # All administration operations require an administrator to authenticate... + <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> + AuthType Default + Require user @SYSTEM + Order deny,allow + </Limit> + + # All printer operations require a printer operator to authenticate... + <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> + AuthType Default + Require user @SYSTEM + Order deny,allow + </Limit> + + # Only the owner or an administrator can cancel or authenticate a job... + <Limit Cancel-Job CUPS-Authenticate-Job> + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + </Limit> + + <Limit All> + Order deny,allow + </Limit> +</Policy> + +# +# diff --git a/core/modules/cups/data/etc/systemd/system/cups.service b/core/modules/cups/data/etc/systemd/system/cups.service new file mode 100644 index 00000000..1c1e6305 --- /dev/null +++ b/core/modules/cups/data/etc/systemd/system/cups.service @@ -0,0 +1,9 @@ +[Unit] +Description=Common Unix Printing System +Requires=network.target graphical.target +After=network.target +Before=graphical.target +ConditionFileNotEmpty=/etc/cups/printers.conf + +[Service] +ExecStart=/usr/sbin/cupsd -f diff --git a/core/modules/cups/data/etc/systemd/system/network.target.wants/cups.service b/core/modules/cups/data/etc/systemd/system/network.target.wants/cups.service new file mode 120000 index 00000000..d8578ebb --- /dev/null +++ b/core/modules/cups/data/etc/systemd/system/network.target.wants/cups.service @@ -0,0 +1 @@ +../cups.service
\ No newline at end of file |