Integrated support for various authentication mechanisms makes it easy to limit access to specific printers with CUPS.

The other CUPS hacks in this chapter have focused on its most excellent web-based administrative interface and how the interface simplifies and standardizes printer setup, regardless of the type of CUPS client you're configuring. However, like most Unix/Linux programs, you can also administer the CUPS server by directly manipulating its configuration file, /etc/cups/cupsd.conf. While this may seem somewhat intimidating at first blush, the format of this file is actually quite simple and is conceptually evocative of an Apache configuration file (which we've all probably had to modify at one time or another). A few simple changes to this file can quickly add a new layer of security to your CUPS printing environment.

Many sysadmins are paranoid today, and for good reason. Securing your existing systems by eliminating unnecessary services is just plain smart [Hack #63] . Similarly, there may be cases where you want to restrict access to certain printers. There are many security and cost reasons for limiting access to specific printers to certain users or certain IP addresses, whether it's because of who "owns" the printer (such as your CEO or department head) or because the printer uses platinum toner to print on gold sheets (and is therefore the wrong place for freshmen to print their CS101 homework). Here's how to do just that ...