## Modified by Colin Charles, ## For Terra-Ju Media Group Sdn. Bhd. ## This is really for Redhat 8 using the LPRng print system ## Note that the configuration is that we have a "mother" - the server ## and many hosts whom want to print to "mother". Mother has a laserjet ## attached to it. ## Will work for others too. Go fix your print drivers first (on server) ## man lpd.perms will surely help further ########################################################################### # LPRng - An Extended Print Spooler System # # Copyright 1988-2001 Patrick Powell, San Diego, CA # papowell@lprng.com # See LICENSE for conditions of use. # ########################################################################### # MODULE: TESTSUPPORT/lpd.perms.proto # PURPOSE: prototype printer permissions file # $Id: lpd.perms.in,v 1.19 2002/03/06 17:02:38 papowell Exp $ ########################################################################## # Printer permissions data base ## # ## LPRng - An Enhanced Printer Spooler ## lpd.perms file ## Patrick Powell ## ## VERSION=3.8.9 ## ## Access control to the LPRng facilities is controlled by entries ## in a set of lpd.perms files. The common location for these files ## are: /etc/lpd.perms, /usr/etc/lpd.perms, and /var/spool/lpd/lpd.perms. ## The locations of these files are set by the perms_path entry ## in the lpd.conf file or by compile time defaults in the ## src/common/defaults.c file. ## ## Each time the lpd server is given a user request or carries out an ## operation, it searches to the perms files to determine if the action ## is ACCEPT or REJECT. The first ACCEPT or REJECT found terminates the search. ## If none is found, then the last DEFAULT action is used. ## ## Permissions are checked by the use of 'keys' and matches. For each of ## the following LPR activities, the following keys have a value. ## ## Key Match Connect Job Job LPQ LPRM LPC ## Spool Print ## SERVICE S 'X' 'R' 'P' 'Q' 'M' 'C' ## USER S - JUSR JUSR JUSR JUSR JUSR ## HOST S RH JH JH JH JH JH ## GROUP S - JUSR JUSR JUSR JUSR JUSR ## IP IP RIP JIP JIP RIP JIP JIP ## PORT N PORT PORT - PORT PORT PORT ## REMOTEUSER S - JUSR JUSR JUSR CUSR CUSR ## REMOTEHOST S RH RH JH RH RH RH ## REMOTEGROUP S - JUSR JUSR JUSR CUSR CUSR ## REMOTEIP IP RIP RIP JIP RIP RIP RIP ## CONTROLLINE S - CL CL CL CL CL ## PRINTER S - PR PR PR PR PR ## FORWARD V - SA - - SA SA ## SAMEHOST V - SA - SA SA SA ## SAMEUSER V - - - SU SU SU ## SERVER V - SV - SV SV SV ## LPC S - - - - - LPC ## AUTH V - AU AU AU AU AU ## AUTHTYPE S - AU AU AU AU AU ## AUTHUSER S - AU AU AU AU AU ## AUTHFROM S - AU AU AU AU AU ## AUTHSAMEUSER S - AU AU AU AU AU ## ## KEY: ## JH = HOST host in control file ## RH = REMOTEHOST connecting host name ## JUSR = USER user in control file ## CUSR = REMOTEUSER user from control request ## JIP= IP IP address of host in control file ## RIP= REMOTEIP IP address of requesting host ## PORT= connecting host origination port ## CONTROLLINE= pattern match of control line in control file ## FW= IP of source of request = IP of host in control file ## SA= IP of source of request = IP of host in control file ## SU= user from request = user in control file ## SA= IP of source of request = IP of host in control file FROM info ## SV= IP of source of request = IP of server host or server Localhost ## LPC= lpc command globmatched against values ## AU= Authorization check on transfer ## AUTH will be true (match) if authenticated request ## AUTHTYPE will match authentication type of request to pattern ## AUTHUSER will match client authentication id to pattern ## AUTHFROM will match request originator authentication id to pattern ## AUTHSAMEUSER will match requestor authentication id ## to authentication id in job ## ## Match: S = globmatch, IP = IPaddress[/netmask], ## N = low[-high] number range, V= matching or compatible values ## SERVICE: 'X' - Connection request; 'R' - lpr request from remote host; ## 'P' - print job in queue; 'Q' - lpq request, 'M' - lprm request; ## 'C' - lpc spool control request; ## NOTE: when printing (P action), the remote and job check values ## (i.e. - RUSR, JUSR) are identical. ## NOTE: the HOST, USER, SAMEUSER and SAMEHOST checks always succeed ## when checking permissions for a spool queue; they are active only when ## checking permissions of a spooled job. ## ## The SAMEHOST match checks to see that one (or more) of the ## IP addresses of the host originating the request are the ## same as one or more of the IP addresses of the host whose ## hostname appears in the control file. ## The SERVER match checks to see if one (or more) of the ## IP addresses of the host originating the request are the ## same as one or more of the IP addresses of the server or ## match the localhost's IP address. Note that in IPV6, there may ## be multiple IP addresses for a single host. ## The FORWARD checks to see that all of the IP addresses of the ## IP addresses of the host originating the request are not the ## same as one or more of the IP addresses of the host whose ## hostname appears in the control file. This is equivalent to ## NOT SAMEHOST ## ## The special key letter=patterns searches the control file ## line starting with the (upper case) letter, and is usually ## used with printing and spooling checks. For example, ## C=A*,B* would check that the class information (i.e.- line ## in the control file starting with C) had a value starting ## with A or B. ## ## A permission line consists of list of tests and an a result value ## If all of the tests succeed, then a match has been found and the ## permission testing completes with the result value. You use the ## DEFAULT reserved word to set the default ACCEPT/DENY result. ## The NOT keyword will reverse the sense of a test. ## ## Each test can have one or more optional values separated by ## commas. For example USER=john,paul,mark has 3 test values. ## ## The Match type specifies how the matching is done. ## S = glob type string match OR