Last active
June 22, 2021 06:54
-
-
Save npenin/412b3a3f4b8c3c77fc1b75e460e5e1e7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM alpine:latest | |
| RUN apk add cups cups-libs cups-client cups-filters | |
| COPY ./cupsd.conf /etc/cupsd.conf | |
| RUN mkdir /home/print | |
| RUN adduser -h /home/print -D print | |
| #RUN adduser print sudo | |
| RUN adduser print lp | |
| RUN adduser print lpadmin | |
| #RUN #&& sed -i '/%sudo[[:space:]]/ s/ALL[[:space:]]*$/NOPASSWD:ALL/' /etc/sudoers | |
| RUN echo print:print | chpasswd | |
| USER print:lpadmin | |
| CMD cupsd -c /etc/cupsd.conf -f |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Configuration file for the CUPS scheduler. See "man cupsd.conf" for a | |
| # complete description of this file. | |
| # | |
| # Log general information in error_log - change "warn" to "debug" | |
| # for troubleshooting... | |
| LogLevel warn | |
| PageLogFormat | |
| # Only listen for connections from the local machine. | |
| Listen 0.0.0.0:631 | |
| Listen /run/cups/cups.sock | |
| # Show shared printers on the local network. | |
| Browsing On | |
| BrowseLocalProtocols dnssd | |
| # Default authentication type, when authentication is required... | |
| DefaultAuthType Basic | |
| # Web interface setting... | |
| WebInterface Yes | |
| # Restrict access to the server... | |
| <Location /> | |
| Order allow,deny | |
| Allow from 10.68.*.* | |
| </Location> | |
| # Restrict access to the admin pages... | |
| <Location /admin> | |
| Order allow,deny | |
| Allow from 10.68.*.* | |
| </Location> | |
| # Restrict access to configuration files... | |
| <Location /admin/conf> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order allow,deny | |
| </Location> | |
| # Restrict access to log files... | |
| <Location /admin/log> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order allow,deny | |
| </Location> | |
| # Set the default printer/job policies... | |
| <Policy default> | |
| # Job/subscription privacy... | |
| JobPrivateAccess default | |
| JobPrivateValues default | |
| SubscriptionPrivateAccess default | |
| SubscriptionPrivateValues default | |
| # Job-related operations must be done by the owner or an administrator... | |
| <Limit Create-Job Print-Job Print-URI Validate-Job> | |
| Order deny,allow | |
| </Limit> | |
| <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All administration operations require an administrator to authenticate... | |
| <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All printer operations require a printer operator to authenticate... | |
| <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # Only the owner or an administrator can cancel or authenticate a job... | |
| <Limit Cancel-Job CUPS-Authenticate-Job> | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| <Limit All> | |
| Order deny,allow | |
| Allow from 10.68.*.* | |
| </Limit> | |
| </Policy> | |
| # Set the authenticated printer/job policies... | |
| <Policy authenticated> | |
| # Job/subscription privacy... | |
| JobPrivateAccess default | |
| JobPrivateValues default | |
| SubscriptionPrivateAccess default | |
| SubscriptionPrivateValues default | |
| # Job-related operations must be done by the owner or an administrator... | |
| <Limit Create-Job Print-Job Print-URI Validate-Job> | |
| AuthType Default | |
| Order deny,allow | |
| </Limit> | |
| <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All administration operations require an administrator to authenticate... | |
| <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All printer operations require a printer operator to authenticate... | |
| <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # Only the owner or an administrator can cancel or authenticate a job... | |
| <Limit Cancel-Job CUPS-Authenticate-Job> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| <Limit All> | |
| Order deny,allow | |
| </Limit> | |
| </Policy> | |
| # Set the kerberized printer/job policies... | |
| <Policy kerberos> | |
| # Job/subscription privacy... | |
| JobPrivateAccess default | |
| JobPrivateValues default | |
| SubscriptionPrivateAccess default | |
| SubscriptionPrivateValues default | |
| # Job-related operations must be done by the owner or an administrator... | |
| <Limit Create-Job Print-Job Print-URI Validate-Job> | |
| AuthType Default | |
| Order deny,allow | |
| </Limit> | |
| <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All administration operations require an administrator to authenticate... | |
| <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # All printer operations require a printer operator to authenticate... | |
| <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs> | |
| AuthType Default | |
| Require user @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| # Only the owner or an administrator can cancel or authenticate a job... | |
| <Limit Cancel-Job CUPS-Authenticate-Job> | |
| AuthType Default | |
| Require user @OWNER @SYSTEM | |
| Order deny,allow | |
| </Limit> | |
| <Limit All> | |
| Order deny,allow | |
| </Limit> | |
| </Policy> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment