Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
LPD.PERMS(5)			lpd.perms file			  LPD.PERMS(5)

       lpd.perms - permissions control file for	the LPRng line printer spooler

       The file	lpd.perms is used to provide permission	 information  for  the
       LPRng  Printer  spooler system.	Blank lines and	all characters after a
       hash sign (``#'') to the	end of line are	ignored.  If a	hash  sign  is
       desired	in  the	 permission  information,  it should be	escaped	with a
       backslash (``\'').  All	other  lines  specify  permissions  entry  and
       should be of the	following form:
	      ACCEPT [[not] key	= value[,value]* ]*
	      REJECT [[not] key	= value[,value]* ]*

       Each  LPD service request is checked against the	entries	in the permis-
       sions database or file.	The following is a typical permissions file:
	      #	Set default permissions
	      #	Reject any connections from outside our	subnet
	      #	Only accept spooling (LPR) from
	      #	Engineering Lab	or the Dean's office
	      #	Do not accept forwarded	jobs for printing
	      #	Allow only the administrators control access
	      ACCEPT SERVICE=C,M REMOTEUSER=root,papowell
	      #	Allow only the user on the same	host who spooled job to	remove it
	      #	Allow users to check status
	      ACCEPT SERVICE=C LPC=status
	      #	Require	connection for other operations	over UNIX socket
	      #	not TCP/IP port.  Effectively requiring	them to	be made	from the
	      #	localhost

	      #	Variation - accept all spooled jobs,  but then apply
	      #	 permissions checking when job is printed.  Allows
	      #	 prevents remote spoolers from locking up trying resend
	      #	 same request

       Permission checking is done by using a set of keys (or fields) with as-
       sociated	 values	 to check for permission.  The SERVICE key has value P
       for printing (i.e.- unspooling),	R for spooling (i.e.- LPR request),  P
       for  printing  (i.e.,  after  job  has been spooled), C printer control
       (i.e. - LPC), M for removal (i.e.- LPRM request), and Q for  queue  in-
       formation  (i.e.-  LPQ  request).   The X key is	used when checking for
       connection information.

       Initially, all of the keys have undefined or NULL values, and  are  as-
       signed  values during the permissions checking process.	When a connec-
       tion is made to the server, it assigns The REMOTEHOST (alias  REMOTEIP)
       key  the	 list  of IP addresses and hostnames determined	by doing a re-
       verse Domain Name Service (DNS) lookup on the remote host's IP address.
       If  the	reverse	DNS fails, then	only the IP address will be used.  The
       REMOTEPORT (PORT	is an alias for	REMOTEPORT) is assigned	the port  num-
       ber  of	the connection origination.  The UNIXSOCKET key	will match (be
       true) if	the connection is over a UNIX socket.  By convention, this  is
       from  the localhost.  Finally, the SERVICE value	is assigned X, and the
       lpd server will check the database to see if the	connection is accepted
       or rejected.

       The  server will	then read the request information from the connection.
       If the request is for an	authenticated data transfer, the  server  will
       invoke  the appropriate authentication mechanism	which will assign AUTH
       a true (or matching) value, AUTHTYPE the	type  of  authentication,  AU-
       THUSER  the  authenticated user id value, which may differ from the ac-
       tual user name, and AUTHFROM the	authenticated  identification  of  the
       originator of the request, which	may be a server	if the request is for-

       Next, the SERVICE value is set to R, C, M, or Q depending on whether it
       is  an LPR, LPC,	LPRM, or LPQ request, and the LPC value	set to the re-
       quested LPC command if it was an	LPC request.  If the request contained
       a  user name, then REMOTEUSER is	set to this name.  If the request con-
       tained a	printer	name, then PRINTER is set to the printer name.	If the
       request	is  a print request, then the HOST value is set	to the list of
       host names and IP addresses given by a DNS lookup of the	value in the H
       field  of  the  job.  The database is scanned again to determine	if the
       operation can be	performed on the requested  queue.   To	 simplify  the
       rule writing, if	the operation requires modification or checking	of in-
       dividual	jobs, such as the LPC, LPQ, or LPRM commands, then the various
       checks that depend on jobs will succeed in this step.

       Finally,	if the operation requires modification or checking of individ-
       ual jobs, such as the LPC, LPQ, or LPRM commands,  then	the  specified
       print  queue  is	scanned, and for each job in the print queue, the HOST
       and USER	values are set to the host and user values in the control file
       for the job.

       The  database is	checked	as follows.  Each line of the permissions file
       is scanned for key names	and values, and	these are matched against  the
       request	keys  information.   When all matches on a line	are made, then
       search terminates with the specified  action  (ACCEPT/REJECT).	If  no
       match  is  found	the default permission value is	used.  The DEFAULT key
       is used to specify the current default permission to be used  for  suc-
       cessful	matches	or if there is no match	after scanning the entire per-
       missions	database.

       The following keys provide some additional checking capabilities.   The
       REMOTEGROUP  entry  checks that the REMOTEUSER value appears in a group
       or netgroup entry in the	system database, and the GROUP entry  for  the
       USER  value.   For example, GROUP=student*,staff* would check to	see if
       any of the group	names matching student*	or staff* have	the  specified
       user  name  in  them.   If  a  system  has  the netgroups capability, a
       printer,	group, or remotegroup name starting with a @ will  be  treated
       as  a netgroup name, and	specified user name or printer will be checked
       to see if it is in the group.

       The SERVER entry	will be	true (match) if	the  request  originated  from
       the print server.  The SAMEHOST is true (matches) if the	REMOTEHOST and
       HOST values have	a common  entry,  i.e.	-  are	the  same  host.   The
       SAMEUSER	 is true (matches) if the REMOTEUSER and USER values are iden-
       tical.  The AUTHSAMEUSER	is true	(matches) if the AUTHUSER  value  that
       originated  the	request	 and the AUTHUSER which	was used to transfer a
       job are identical.  AUTHJOB is true (matches) if	 the  job  was	trans-
       ferred  using  authentication.	The  FORWARD value is an alias for NOT

       The CONTROLLINE value can be used to determine if there is  a  matching
       line  in	 the control file.  This facility has been used	to ensure that
       jobs contain various information	fields in order	to be printed.

       Key	    Match Connect Job	Job    LPQ  LPRM  LPC
				  Spool	Print
       SERVICE	    S	  'X'	  'R'	'P'    'Q'  'M'	  'C,S'
       USER	    S	  -	  JUSR	JUSR   JUSR JUSR  JUSR
       HOST	    S	  RH	  JH	JH     JH   JH	  JH
       GROUP	    S	  -	  JUSR	JUSR   JUSR JUSR  JUSR
       REMOTEHOST   S	  RH	  RH	JH     RH   RH	  RH
       UNIXSOCKET   V	  SK	  SK	SK     SK   SK	  SK
       CONTROLLINE  S	  -	  CL	CL     CL   CL	  CL
       PRINTER	    S	  -	  PR	PR     PR   PR	  PR
       FORWARD	    V	  -	  SA	-      -    SA	  SA
       SAMEHOST	    V	  -	  SA	-      SA   SA	  SA
       SAMEUSER	    V	  -	  -	-      SU   SU	  SU
       SERVER	    V	  -	  SV	-      SV   SV	  SV
       AUTH	    V	  -	  AU	-      AU   AU	  AU
       AUTHTYPE	    S	  -	  AU	-      AU   AU	  AU
       AUTHUSER	    S	  -	  AU	-      AU   AU	  AU
       AUTHSAMEUSER S	  -	  AU	-      AU   AU	  AU
       AUTHFROM	    S	  -	  AU	-      AU   AU	  AU
       AUTHJOB	    V	  -	  AU	-      AU   AU	  AU
	 PORT is alias for REMOTEPORT
	 IP is alias for HOST

	  JH = HOST	     host in control file
	  RH = REMOTEHOST    connecting	host name/IP
	  JUSR = USER	     user in control file
	  CUSR = REMOTEUSER  user from control request
	  JIP= IP	     host/IP addr of host in control file
	  RIP= REMOTEIP	     host/IP addr of requesting	host
	  PORT=		     connecting	host origination port
	   SK=	match if connection over a UNIX	socket
	  CONTROLLINE=	     pattern match of control line in control file
	  FW= IP of source of request == IP of host in control file
	  SA= IP of source of request == IP of host in control file
	  SU= user from	request	== user	in control file
	  SA= IP of source of request == IP of server host
	  SV= matches if from same address as server
	  AU= value determined by server authentication	operation
			     AUTH is true if authenticated transfer,
			     TYPE is set to the	type of	authentication (kerberos, etc)
			     AUTHUSER is user authentication id
			     AUTHFROM is sender	authentication id (can be remote server)
			     AUTHSAMEUSER matches if remote user authentication	id matches original
			     user authentication id
			     AUTHJOB it	true if	print job has authentication
       Match: S	= string with wild card, IP = IP address[/netmask],
	  N = low[-high] number	range, V = exact value match
       SERVICE:	'X' - Connection request; 'R' -	lpr request from remote	host;
	   'P' - print job in queue; 'Q' - lpq request,	'M' - lprm request;
	   'C' - lpc spool control request; 'S'	- lpc spool status request
	  'U' -	administratively allowed user operation
       NOTE: when printing (P action), the remote and job check	values
	  (i.e.	- RUSR,	JUSR) are identical.

       The special key letter=patterns searches	the control file line starting
       with  the  (upper  case)	 letter, and is	usually	used with printing and
       spooling	checks.	 For example, C=A*,B* would check that the  class  in-
       formation  (i.e.- line in the control file starting with	C) had a value
       starting	with A or B.

       A permission line consists of a list of tests and a result  value.   If
       all  of	the tests succeed, then	a match	has been found and the permis-
       sion testing completes with the result value.  You use the DEFAULT  re-
       served  word  to	 set  the default ACCEPT/DENY result.  The NOT keyword
       will reverse the	sense of a test.

       Each test can have one or more optional values separated	by commas. For
       example	USER=john,paul,mark has	3 test values.	The Match value	speci-
       fies how	the matching is	done.

       S = string type match - string match with glob.
	   Format:  string with	wildcards (*)
	       * matches 0 or more chars
	   Character comparison	is case	insensitive.
	   For example - USER=th*s matches uTHS, This, This, Theses

       IP = IP address and submask.  IP	address	must be	in dotted form.
	   Format: x.x.x.x[/y.y.y.y or /z]
	       x.x.x.x is IP address
	       y.y.y.y is optional submask, default is
	       z is a netmask with most	significant z bits set.
	   Match is done by IP address to a 32 bit value and using:
	       success = ((x ^ IP ) & y) == 0	(C language notation)
	   i.e.- only bits where mask is non-zero are used in comparison.
	   For example - IP= matches all	address	130.191.X.X
	   IP= has the same value.

       N = numerical range  -  low-high	integer	range.
	   Format: low[-high]
	   Example: PORT=0-1023	matches	a port in range	0 - 1023 (privileged)

       The authentication entries AUTH,	AUTHTYPE, AUTHUSER,  AUTHSAMEUSER  and
       AUTHFROM	can be used to check permissions for authenticated operations.
       AUTH is set (true) if authentication was	done.  We can use this to  re-
       ject non-authenticated transfers:
       The AUTHTYPE will match the authentication type being used or requested
       by the remote client or server.	 The  AUTHUSER	matches	 the  original
       client  authentication information used by the client to	make a request
       to the server, and the AUTHFROM matches the sender  authentication  in-
       formation.   The	 AUTHSAMEUSER  will match if the remote	client or user
       authentication id is the	same as	that used for the job generation.

       The LPC=op entry	is useful to allow various users to  perform  adminis-
       tration operations.  The	following permissions entry would allows users
       to hold or release their	own jobs:

       There is	a subtle problem with names and	IP  addresses  which  are  ob-
       tained for 'multi-homed hosts', i.e. - those with multiple Ethernet in-
       terfaces,  and for IPV6 (IP Version 6),	in which a host	can have  mul-
       tiple  addresses,   and for the normal host which can have both a short
       name and	a fully	qualified domain name.

       When performing an IP address match,  the entire	list of	 IP  addresses
       for  a  system will now be checked.  If one of these matches, then suc-
       cess is reported.  Similarly,   the  entire  list  of  host  names  and
       aliases	will  be checked.  If one of these matches,  then success will
       be reported.

       The files used by LPRng are set by values in the	printer	 configuration
       file.  The following are	a commonly used	set of default values.
       /usr/local/etc//lpd.conf			    LPRng configuration	file
       ${HOME}/.printcap			    user printer description file
       /etc/printcap				    printer description	file
       /usr/local/etc//lpd.perms		    permissions
       /var/run/lpd				    lock file for queue	control
       /var/spool/lpd				    spool directories
       /var/spool/lpd/QUEUE/control		    queue control
       /var/spool/lpd/QUEUE/log			    trace or debug log file
       /var/spool/lpd/QUEUE/acct		    accounting file
       /var/spool/lpd/QUEUE/status		    status file

       lpd.conf(5),  lpc(8),  lpd(8),  checkpc(8),  lpr(1),  lpq(1),  lprm(1),
       printcap(5), pr(1), lprng_certs(1), lprng_index_certs(1).

       Patrick Powell <>.

       LPRng is	a enhanced printer spooler system with	functionality  similar
       to  the	Berkeley  LPR  software.   The LPRng developer mailing list is;      subscribe      by      visiting	  or   sending
       mail to with	the word subscribe  in
       the body.
       The software is available via

LPRng				  2006-12-09			  LPD.PERMS(5)


Want to link to this manual page? Use this URL:

home | help