From cfae6975a659dac9766dff7deccf622a7a252550 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 23 May 2018 22:47:20 +0200 Subject: [PATCH] saving uncommitted changes in /etc prior to emerge run --- .etckeeper | 4 + config-archive/etc/cups/cupsd.conf | 29 ++-- config-archive/etc/cups/cupsd.conf.1 | 9 +- config-archive/etc/cups/cupsd.conf.2 | 53 +++++- config-archive/etc/cups/cupsd.conf.3 | 68 +------- config-archive/etc/cups/cupsd.conf.4 | 6 +- config-archive/etc/cups/cupsd.conf.5 | 33 +++- config-archive/etc/cups/cupsd.conf.6 | 134 ++++++++++++++ config-archive/etc/cups/cupsd.conf.dist.new | 182 ++++++++++++++++++++ cups/cupsd.conf.default | 182 ++++++++++++++++++++ 10 files changed, 605 insertions(+), 95 deletions(-) create mode 100644 config-archive/etc/cups/cupsd.conf.6 create mode 100644 config-archive/etc/cups/cupsd.conf.dist.new create mode 100644 cups/cupsd.conf.default diff --git a/.etckeeper b/.etckeeper index 01fc7bee..fc015402 100755 --- a/.etckeeper +++ b/.etckeeper @@ -468,9 +468,11 @@ maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.2' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.3' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.4' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.5' +maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.6' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.default' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.default.dist' maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.dist' +maybe chmod 0640 'config-archive/etc/cups/cupsd.conf.dist.new' maybe chmod 0640 'config-archive/etc/cups/snmp.conf' maybe chmod 0640 'config-archive/etc/cups/snmp.conf.dist' maybe chmod 0755 'config-archive/etc/cupshelpers' @@ -1134,6 +1136,8 @@ maybe chmod 0640 'cups/cups-files.conf.default' maybe chmod 0644 'cups/cups-pdf.conf' maybe chgrp 'lp' 'cups/cupsd.conf' maybe chmod 0640 'cups/cupsd.conf' +maybe chgrp 'lp' 'cups/cupsd.conf.default' +maybe chmod 0640 'cups/cupsd.conf.default' maybe chmod 0755 'cups/interfaces' maybe chmod 0644 'cups/interfaces/.keep_net-print_cups-0' maybe chgrp 'lp' 'cups/ppd' diff --git a/config-archive/etc/cups/cupsd.conf b/config-archive/etc/cups/cupsd.conf index 07df1c0d..1d7b63af 100644 --- a/config-archive/etc/cups/cupsd.conf +++ b/config-archive/etc/cups/cupsd.conf @@ -5,16 +5,15 @@ # Log general information in error_log - change "warn" to "debug" # for troubleshooting... -LogLevel warn +LogLevel info PageLogFormat -# Only listen for connections from the local machine. -Listen localhost:631 -Listen 10.12.11.2:631 -Listen /var/run/cups/cups.sock +# Allow remote access +Port 631 +Listen /run/cups/cups.sock Browsing On -BrowseLocalProtocols CUPS dnssd -#BrowseLocalProtocols dnssd +#BrowseLocalProtocols CUPS dnssd +BrowseLocalProtocols all # Default authentication type, when authentication is required... DefaultAuthType Basic @@ -22,10 +21,10 @@ DefaultAuthType Basic # Web interface setting... WebInterface Yes -# Restrict access to the server... + # Allow remote access... Order allow,deny - Allow @LOCAL + Allow all # Restrict access to the admin pages... @@ -43,8 +42,16 @@ WebInterface Yes Allow @LOCAL +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + # Set the default printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default @@ -84,17 +91,18 @@ WebInterface Yes Order deny,allow + # Set the authenticated printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default - # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow @@ -131,3 +139,4 @@ WebInterface Yes Order deny,allow + diff --git a/config-archive/etc/cups/cupsd.conf.1 b/config-archive/etc/cups/cupsd.conf.1 index e91ae0fa..07df1c0d 100644 --- a/config-archive/etc/cups/cupsd.conf.1 +++ b/config-archive/etc/cups/cupsd.conf.1 @@ -1,13 +1,12 @@ # -# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" -# -# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. # # Log general information in error_log - change "warn" to "debug" # for troubleshooting... LogLevel warn +PageLogFormat # Only listen for connections from the local machine. Listen localhost:631 @@ -132,7 +131,3 @@ WebInterface Yes Order deny,allow - -# -# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". -# diff --git a/config-archive/etc/cups/cupsd.conf.2 b/config-archive/etc/cups/cupsd.conf.2 index 6eb9901d..e91ae0fa 100644 --- a/config-archive/etc/cups/cupsd.conf.2 +++ b/config-archive/etc/cups/cupsd.conf.2 @@ -1,87 +1,138 @@ -# Show general information in error_log. +# +# "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $" +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... LogLevel warn + +# Only listen for connections from the local machine. Listen localhost:631 Listen 10.12.11.2:631 Listen /var/run/cups/cups.sock Browsing On BrowseLocalProtocols CUPS dnssd +#BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... DefaultAuthType Basic + +# Web interface setting... WebInterface Yes + +# Restrict access to the server... Order allow,deny Allow @LOCAL + +# Restrict access to the admin pages... Encryption Required Order allow,deny Allow @LOCAL + +# Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL + +# Set the default printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... Order deny,allow + Require user @OWNER @SYSTEM Order deny,allow + + # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow + Order deny,allow + +# Set the authenticated printer/job policies... + # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow + AuthType Default Require user @OWNER @SYSTEM Order deny,allow + + # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow + + # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow + Order deny,allow + +# +# End of "$Id: cupsd.conf.in 11025 2013-06-07 01:00:33Z msweet $". +# diff --git a/config-archive/etc/cups/cupsd.conf.3 b/config-archive/etc/cups/cupsd.conf.3 index b03f1ffa..6eb9901d 100644 --- a/config-archive/etc/cups/cupsd.conf.3 +++ b/config-archive/etc/cups/cupsd.conf.3 @@ -1,151 +1,87 @@ -# -# "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $" -# -# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a -# complete description of this file. -# - -# Log general information in error_log - change "warn" to "debug" -# for troubleshooting... -LogLevel debug - -# Administrator user group... -SystemGroup lpadmin - - -# Only listen for connections from the local machine. +# Show general information in error_log. +LogLevel warn Listen localhost:631 Listen 10.12.11.2:631 -# Port 631 Listen /var/run/cups/cups.sock -AccessLog /var/log/cups/access.log -ErrorLog /var/log/cups/error.log -PageLog /var/log/cups/page.log -# Show shared printers on the local network. Browsing On -# We switch this off by default in Gentoo, to avoid an unnecessary open port. -#Browsing Off -BrowseOrder allow,deny -BrowseAllow all -# BrowseLocalProtocols CUPS BrowseLocalProtocols CUPS dnssd - -# Default authentication type, when authentication is required... DefaultAuthType Basic - -# Web interface setting... WebInterface Yes - -# Restrict access to the server... Order allow,deny Allow @LOCAL - -# Restrict access to the admin pages... Encryption Required Order allow,deny Allow @LOCAL - -# Restrict access to configuration files... AuthType Default Require user @SYSTEM Order allow,deny Allow @LOCAL - -# Set the default printer/job policies... - # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default - - # Job-related operations must be done by the owner or an administrator... Order deny,allow - Require user @OWNER @SYSTEM Order deny,allow - - # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # Only the owner or an administrator can cancel or authenticate a job... Require user @OWNER @SYSTEM Order deny,allow - Order deny,allow - -# Set the authenticated printer/job policies... - # Job/subscription privacy... JobPrivateAccess default JobPrivateValues default SubscriptionPrivateAccess default SubscriptionPrivateValues default - - # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow - AuthType Default Require user @OWNER @SYSTEM Order deny,allow - - # All administration operations require an administrator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # All printer operations require a printer operator to authenticate... AuthType Default Require user @SYSTEM Order deny,allow - - # Only the owner or an administrator can cancel or authenticate a job... AuthType Default Require user @OWNER @SYSTEM Order deny,allow - Order deny,allow - -# -# End of "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $". -# diff --git a/config-archive/etc/cups/cupsd.conf.4 b/config-archive/etc/cups/cupsd.conf.4 index e460ebec..b03f1ffa 100644 --- a/config-archive/etc/cups/cupsd.conf.4 +++ b/config-archive/etc/cups/cupsd.conf.4 @@ -1,5 +1,5 @@ # -# "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $" +# "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. @@ -7,7 +7,7 @@ # Log general information in error_log - change "warn" to "debug" # for troubleshooting... -LogLevel info +LogLevel debug # Administrator user group... SystemGroup lpadmin @@ -147,5 +147,5 @@ WebInterface Yes # -# End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". +# End of "$Id: cupsd.conf.in 10710 2012-11-26 18:26:01Z mike $". # diff --git a/config-archive/etc/cups/cupsd.conf.5 b/config-archive/etc/cups/cupsd.conf.5 index 936099fc..e460ebec 100644 --- a/config-archive/etc/cups/cupsd.conf.5 +++ b/config-archive/etc/cups/cupsd.conf.5 @@ -1,5 +1,5 @@ # -# "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $" +# "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $" # # Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a # complete description of this file. @@ -23,16 +23,21 @@ ErrorLog /var/log/cups/error.log PageLog /var/log/cups/page.log # Show shared printers on the local network. Browsing On +# We switch this off by default in Gentoo, to avoid an unnecessary open port. +#Browsing Off BrowseOrder allow,deny BrowseAllow all -BrowseLocalProtocols CUPS +# BrowseLocalProtocols CUPS +BrowseLocalProtocols CUPS dnssd # Default authentication type, when authentication is required... DefaultAuthType Basic +# Web interface setting... +WebInterface Yes + # Restrict access to the server... - # Allow remote administration... Order allow,deny Allow @LOCAL @@ -54,12 +59,18 @@ DefaultAuthType Basic # Set the default printer/job policies... + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + # Job-related operations must be done by the owner or an administrator... Order deny,allow - + Require user @OWNER @SYSTEM Order deny,allow @@ -72,7 +83,7 @@ DefaultAuthType Basic # All printer operations require a printer operator to authenticate... - + AuthType Default Require user @SYSTEM Order deny,allow @@ -91,13 +102,19 @@ DefaultAuthType Basic # Set the authenticated printer/job policies... + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + # Job-related operations must be done by the owner or an administrator... AuthType Default Order deny,allow - + AuthType Default Require user @OWNER @SYSTEM Order deny,allow @@ -111,7 +128,7 @@ DefaultAuthType Basic # All printer operations require a printer operator to authenticate... - + AuthType Default Require user @SYSTEM Order deny,allow @@ -130,5 +147,5 @@ DefaultAuthType Basic # -# End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $". +# End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $". # diff --git a/config-archive/etc/cups/cupsd.conf.6 b/config-archive/etc/cups/cupsd.conf.6 new file mode 100644 index 00000000..936099fc --- /dev/null +++ b/config-archive/etc/cups/cupsd.conf.6 @@ -0,0 +1,134 @@ +# +# "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $" +# +# Sample configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel info + +# Administrator user group... +SystemGroup lpadmin + + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen 10.12.11.2:631 +# Port 631 +Listen /var/run/cups/cups.sock +AccessLog /var/log/cups/access.log +ErrorLog /var/log/cups/error.log +PageLog /var/log/cups/page.log +# Show shared printers on the local network. +Browsing On +BrowseOrder allow,deny +BrowseAllow all +BrowseLocalProtocols CUPS + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Restrict access to the server... + + # Allow remote administration... + Order allow,deny + Allow @LOCAL + + +# Restrict access to the admin pages... + + Encryption Required + Order allow,deny + Allow @LOCAL + + +# Restrict access to configuration files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + Allow @LOCAL + + +# Set the default printer/job policies... + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# +# End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $". +# diff --git a/config-archive/etc/cups/cupsd.conf.dist.new b/config-archive/etc/cups/cupsd.conf.dist.new new file mode 100644 index 00000000..658d83e5 --- /dev/null +++ b/config-archive/etc/cups/cupsd.conf.dist.new @@ -0,0 +1,182 @@ +# +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel warn +PageLogFormat + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen /run/cups/cups.sock + +# Show shared printers on the local network. +Browsing On +BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Web interface setting... +WebInterface Yes + +# Restrict access to the server... + + Order allow,deny + + +# Restrict access to the admin pages... + + Order allow,deny + + +# Restrict access to configuration files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Set the default printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the kerberized printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Negotiate + Order deny,allow + + + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + diff --git a/cups/cupsd.conf.default b/cups/cupsd.conf.default new file mode 100644 index 00000000..658d83e5 --- /dev/null +++ b/cups/cupsd.conf.default @@ -0,0 +1,182 @@ +# +# Configuration file for the CUPS scheduler. See "man cupsd.conf" for a +# complete description of this file. +# + +# Log general information in error_log - change "warn" to "debug" +# for troubleshooting... +LogLevel warn +PageLogFormat + +# Only listen for connections from the local machine. +Listen localhost:631 +Listen /run/cups/cups.sock + +# Show shared printers on the local network. +Browsing On +BrowseLocalProtocols dnssd + +# Default authentication type, when authentication is required... +DefaultAuthType Basic + +# Web interface setting... +WebInterface Yes + +# Restrict access to the server... + + Order allow,deny + + +# Restrict access to the admin pages... + + Order allow,deny + + +# Restrict access to configuration files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Restrict access to log files... + + AuthType Default + Require user @SYSTEM + Order allow,deny + + +# Set the default printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + Order deny,allow + + + + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the authenticated printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Default + Order deny,allow + + + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Default + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + + +# Set the kerberized printer/job policies... + + # Job/subscription privacy... + JobPrivateAccess default + JobPrivateValues default + SubscriptionPrivateAccess default + SubscriptionPrivateValues default + + # Job-related operations must be done by the owner or an administrator... + + AuthType Negotiate + Order deny,allow + + + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + # All administration operations require an administrator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # All printer operations require a printer operator to authenticate... + + AuthType Default + Require user @SYSTEM + Order deny,allow + + + # Only the owner or an administrator can cancel or authenticate a job... + + AuthType Negotiate + Require user @OWNER @SYSTEM + Order deny,allow + + + + Order deny,allow + + -- 2.39.5