• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1<!DOCTYPE HTML>
2<html>
3<!-- SECTION: Man Pages -->
4<head>
5	<link rel="stylesheet" type="text/css" href="../cups-printable.css">
6	<title>cups-files.conf(5)</title>
7</head>
8<body>
9<h1 class="title">cups-files.conf(5)</h1>
10<h2 class="title"><a name="NAME">Name</a></h2>
11cups-files.conf - file and directory configuration file for cups
12<h2 class="title"><a name="DESCRIPTION">Description</a></h2>
13The <b>cups-files.conf</b> file configures the files and directories used by the CUPS scheduler,
14<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8).</a>
15It is normally located in the <i>/etc/cups</i> directory.
16<p>Each line in the file can be a configuration directive, a blank line, or a comment.
17Configuration directives typically consist of a name and zero or more values separated by whitespace.
18The configuration directive name and values are case-insensitive.
19Comment lines start with the # character.
20<h3><a name="DIRECTIVES">Directives</a></h3>
21The following directives are understood by
22<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8):</a>
23<dl class="man">
24<dt><a name="AccessLog"></a><b>AccessLog</b>
25<dd style="margin-left: 5.0em"><dt><b>AccessLog </b><i>filename</i>
26<dd style="margin-left: 5.0em"><dt><b>AccessLog stderr</b>
27<dd style="margin-left: 5.0em"><dt><b>AccessLog syslog</b>
28<dd style="margin-left: 5.0em">Defines the access log filename.
29Specifying a blank filename disables access log generation.
30The value "stderr" causes log entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run in the background.
31The value "syslog" causes log entries to be sent to the system log daemon.
32The server name may be included in filenames using the string "%s", for example:
33<pre class="man">
34    AccessLog /var/log/cups/%s-access_log
35
36</pre>
37The default is "/var/log/cups/access_log".
38<dt><a name="CacheDir"></a><b>CacheDir </b><i>directory</i>
39<dd style="margin-left: 5.0em">Specifies the directory to use for long-lived temporary (cache) files.
40The default is "/var/spool/cups/cache" or "/var/cache/cups" depending on the platform.
41<dt><a name="ConfigFilePerm"></a><b>ConfigFilePerm </b><i>mode</i>
42<dd style="margin-left: 5.0em">Specifies the permissions for all configuration files that the scheduler writes.
43The default is "0644" on macOS and "0640" on all other operating systems.
44</dl>
45<p><b>Note:</b> The permissions for the <i>printers.conf</i> file are currently masked to only allow access from the scheduler user (typically root).
46This is done because printer device URIs sometimes contain sensitive authentication information that should not be generally known on the system.
47There is no way to disable this security feature.
48<dl class="man">
49<dt><a name="CreateSelfSignedCerts"></a><b>CreateSelfSignedCerts yes</b>
50<dd style="margin-left: 5.0em"><dt><b>CreateSelfSignedCerts no</b>
51<dd style="margin-left: 5.0em">Specifies whether the scheduler automatically creates self-signed certificates for client connections using TLS.
52The default is yes.
53<dt><a name="DataDir"></a><b>DataDir </b><i>path</i>
54<dd style="margin-left: 5.0em">Specifies the directory where data files can be found.
55The default is usually "/usr/share/cups".
56<dt><a name="DocumentRoot"></a><b>DocumentRoot </b><i>directory</i>
57<dd style="margin-left: 5.0em">Specifies the root directory for the CUPS web interface content.
58The default is usually "/usr/share/doc/cups".
59<dt><a name="ErrorLog"></a><b>ErrorLog</b>
60<dd style="margin-left: 5.0em"><dt><b>ErrorLog </b><i>filename</i>
61<dd style="margin-left: 5.0em"><dt><b>ErrorLog stderr</b>
62<dd style="margin-left: 5.0em"><dt><b>ErrorLog syslog</b>
63<dd style="margin-left: 5.0em">Defines the error log filename.
64Specifying a blank filename disables error log generation.
65The value "stderr" causes log entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run in the background.
66The value "syslog" causes log entries to be sent to the system log daemon.
67The server name may be included in filenames using the string "%s", for example:
68<pre class="man">
69    ErrorLog /var/log/cups/%s-error_log
70
71</pre>
72The default is "/var/log/cups/error_log".
73<dt><a name="FatalErrors"></a><b>FatalErrors none</b>
74<dd style="margin-left: 5.0em"><dt><b>FatalErrors all </b><i>-kind </i>[ ... <i>-kind </i>]
75<dd style="margin-left: 5.0em"><dt><b>FatalErrors </b><i>kind </i>[ ... <i>kind </i>]
76<dd style="margin-left: 5.0em">Specifies which errors are fatal, causing the scheduler to exit.
77The default is "config".
78The <i>kind</i> strings are:
79<div style="margin-left: 0.0em;">
80<dl class="man">
81<dt><b>none</b>
82<dd style="margin-left: 5.0em">No errors are fatal.
83<dt><b>all</b>
84<dd style="margin-left: 5.0em">All of the errors below are fatal.
85<dt><b>browse</b>
86<dd style="margin-left: 5.0em">Browsing initialization errors are fatal, for example failed connections to the DNS-SD daemon.
87<dt><b>config</b>
88<dd style="margin-left: 5.0em">Configuration file syntax errors are fatal.
89<dt><b>listen</b>
90<dd style="margin-left: 5.0em">Listen or Port errors are fatal, except for IPv6 failures on the loopback or "any" addresses.
91<dt><b>log</b>
92<dd style="margin-left: 5.0em">Log file creation or write errors are fatal.
93<dt><b>permissions</b>
94<dd style="margin-left: 5.0em">Bad startup file permissions are fatal, for example shared TLS certificate and key files with world-read permissions.
95</div>
96<dt><a name="Group"></a><b>Group </b><i>group-name-or-number</i>
97<dd style="margin-left: 5.0em">Specifies the group name or ID that will be used when executing external programs.
98The default group is operating system specific but is usually "lp" or "nobody".
99</div>
100<dt><a name="LogFileGroup"></a><b>LogFileGroup </b><i>group-name-or-number</i>
101<dd style="margin-left: 5.0em">Specifies the group name or ID that will be used for log files.
102The default group is operating system specific but is usually "lp" or "nobody".
103<dt><a name="LogFilePerm"></a><b>LogFilePerm </b><i>mode</i>
104<dd style="margin-left: 5.0em">Specifies the permissions of all log files that the scheduler writes.
105The default is "0644".
106<dt><a name="PageLog"></a><b>PageLog </b>[ <i>filename</i> ]
107<dd style="margin-left: 5.0em"><dt><b>PageLog stderr</b>
108<dd style="margin-left: 5.0em"><dt><b>PageLog syslog</b>
109<dd style="margin-left: 5.0em">Defines the page log filename.
110The value "stderr" causes log entries to be sent to the standard error file when the scheduler is running in the foreground, or to the system log daemon when run in the background.
111The value "syslog" causes log entries to be sent to the system log daemon.
112Specifying a blank filename disables page log generation.
113The server name may be included in filenames using the string "%s", for example:
114<pre class="man">
115    PageLog /var/log/cups/%s-page_log
116
117</pre>
118The default is "/var/log/cups/page_log".
119<dt><a name="PassEnv"></a><b>PassEnv </b><i>variable </i>[ ... <i>variable </i>]
120<dd style="margin-left: 5.0em">Passes the specified environment variable(s) to child processes.
121Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
122<dt><a name="RemoteRoot"></a><b>RemoteRoot </b><i>username</i>
123<dd style="margin-left: 5.0em">Specifies the username that is associated with unauthenticated accesses by clients claiming to be the root user.
124The default is "remroot".
125<dt><a name="RequestRoot"></a><b>RequestRoot </b><i>directory</i>
126<dd style="margin-left: 5.0em">Specifies the directory that contains print jobs and other HTTP request data.
127The default is "/var/spool/cups".
128<dt><a name="Sandboxing"></a><b>Sandboxing relaxed</b>
129<dd style="margin-left: 5.0em"><dt><b>Sandboxing strict</b>
130<dd style="margin-left: 5.0em">Specifies the level of security sandboxing that is applied to print filters, backends, and other child processes of the scheduler.
131The default is "strict".
132This directive is currently only used/supported on macOS.
133<dt><a name="ServerBin"></a><b>ServerBin </b><i>directory</i>
134<dd style="margin-left: 5.0em">Specifies the directory containing the backends, CGI programs, filters, helper programs, notifiers, and port monitors.
135The default is "/usr/lib/cups" or "/usr/libexec/cups" depending on the platform.
136<dt><a name="ServerKeychain"></a><b>ServerKeychain </b><i>path</i>
137<dd style="margin-left: 5.0em">Specifies the location of TLS certificates and private keys.
138The default is "/Library/Keychains/System.keychain" on macOS and "/etc/cups/ssl" on all other operating systems.
139macOS uses its keychain database to store certificates and keys while other platforms use separate files in the specified directory, *.crt for PEM-encoded certificates and *.key for PEM-encoded private keys.
140<dt><a name="ServerRoot"></a><b>ServerRoot </b><i>directory</i>
141<dd style="margin-left: 5.0em">Specifies the directory containing the server configuration files.
142The default is "/etc/cups".
143<dt><a name="SetEnv"></a><b>SetEnv </b><i>variable value</i>
144<dd style="margin-left: 5.0em">Set the specified environment variable to be passed to child processes.
145Note: the standard CUPS filter and backend environment variables cannot be overridden using this directive.
146<dt><a name="StateDir"></a><b>StateDir </b><i>directory</i>
147<dd style="margin-left: 5.0em">Specifies the directory to use for PID and local certificate files.
148The default is "/var/run/cups" or "/etc/cups" depending on the platform.
149<dt><a name="StripUserDomain"></a><b>StripUserDomain Yes</b>
150<dd style="margin-left: 5.0em"><dt><b>StripUserDomain No</b>
151<dd style="margin-left: 5.0em">Specifies whether to remove domain from user name during local user authentication (e.g., "user@example.com" –> "user").
152This practice can be beneficial for maintaining compatibility with older versions of Kerberos.
153However, enabling this option can have negative consequences.
154It may result in confusion between domain and local users with identical names, potentially leading
155to incorrect assignment of user permissions and unintentional permission escalation,
156thus creating a security risk. Therefore, it is advisable to avoid using this option in most cases.
157<dt><a name="SyncOnClose"></a><b>SyncOnClose Yes</b>
158<dd style="margin-left: 5.0em"><dt><b>SyncOnClose No</b>
159<dd style="margin-left: 5.0em">Specifies whether the scheduler calls
160<b>fsync</b>(2)
161after writing configuration or state files.
162<dt><a name="SystemGroup"></a><b>SystemGroup </b><i>group-name </i>[ ... <i>group-name</i> ]
163<dd style="margin-left: 5.0em">Specifies the group(s) to use for <i>@SYSTEM</i> group authentication.
164The default contains "admin", "lpadmin", "root", "sys", and/or "system".
165<dt><a name="TempDir"></a><b>TempDir </b><i>directory</i>
166<dd style="margin-left: 5.0em">Specifies the directory where short-term temporary files are stored.
167The default is "/var/spool/cups/tmp".
168<dt><a name="User"></a><b>User </b><i>username</i>
169<dd style="margin-left: 5.0em">Specifies the user name or ID that is used when running external programs.
170The default is "lp".
171</dl>
172<h3><a name="DEPRECATED_DIRECTIVES">Deprecated Directives</a></h3>
173The following directives are deprecated and will be removed from a future version of CUPS:
174<dl class="man">
175<dt><a name="FileDevice"></a><b>FileDevice Yes</b>
176<dd style="margin-left: 5.0em"><dt><b>FileDevice No</b>
177<dd style="margin-left: 5.0em">Specifies whether the file pseudo-device can be used for new printer queues.
178The URI "file:///dev/null" is always allowed.
179File devices cannot be used with "raw" print queues - a PPD file is required.
180The specified file is overwritten for every print job.
181Writing to directories is not supported.
182<dt><a name="Printcap"></a><b>Printcap </b><i>filename</i>
183<dd style="margin-left: 5.0em">Specifies a file that is filled with a list of local print queues.
184<dt><a name="PrintcapFormat"></a><b>PrintcapFormat bsd</b>
185<dd style="margin-left: 5.0em"><dt><b>PrintcapFormat plist</b>
186<dd style="margin-left: 5.0em"><dt><b>PrintcapFormat solaris</b>
187<dd style="margin-left: 5.0em">Specifies the format to use for the Printcap file.
188"bsd" is the historical LPD printcap file format.
189"plist" is the Apple plist file format.
190"solaris" is the historical Solaris LPD printcap file format.
191</dl>
192<h2 class="title"><a name="NOTES">Notes</a></h2>
193The scheduler MUST be restarted manually after making changes to the <b>cups-files.conf</b> file.
194On Linux this is typically done using the
195<b>systemctl</b>(8)
196command, while on macOS the
197<b>launchctl</b>(8)
198command is used instead.
199<h2 class="title"><a name="SEE_ALSO">See Also</a></h2>
200<a href="man-classes.conf.html?TOPIC=Man+Pages"><b>classes.conf</b>(5),</a>
201<a href="man-cups.html?TOPIC=Man+Pages"><b>cups</b>(1),</a>
202<a href="man-cupsd.html?TOPIC=Man+Pages"><b>cupsd</b>(8),</a>
203<a href="man-cupsd.conf.html?TOPIC=Man+Pages"><b>cupsd.conf</b>(5),</a>
204<a href="man-mime.convs.html?TOPIC=Man+Pages"><b>mime.convs</b>(5),</a>
205<a href="man-mime.types.html?TOPIC=Man+Pages"><b>mime.types</b>(5),</a>
206<a href="man-printers.conf.html?TOPIC=Man+Pages"><b>printers.conf</b>(5),</a>
207<a href="man-subscriptions.conf.html?TOPIC=Man+Pages"><b>subscriptions.conf</b>(5),</a>
208CUPS Online Help (<a href="http://localhost:631/help">http://localhost:631/help</a>)
209<h2 class="title"><a name="COPYRIGHT">Copyright</a></h2>
210Copyright &copy; 2020-2023 by OpenPrinting.
211
212</body>
213</html>
214