17.4. Example Permission File

    # allow root on server to control jobs
    ACCEPT SERVICE=C SERVER REMOTEUSER=root
    ACCEPT SERVICE=C LPC=lpd
    REJECT SERVICE=C
    #
    # allow same user on originating host to remove a job
    ACCEPT SERVICE=M SAMEHOST SAMEUSER
    # allow root on server to remove a job
    ACCEPT SERVICE=M SERVER REMOTEUSER=root
    REJECT SERVICE=M
    # all other operations allowed
    DEFAULT ACCEPT


In the above sample, we first specify that lpC commands from user root on the lpd server will be accepted. This is traditionally the way that most lpc commands operate. We also allow anybody to use the lpc lpd command. We reject any other lpc requests.

We accept lprM requests from the host and user that submitted the job, as well as from root on the server, and reject any others.

Finally, all other types of commands (lpq, lpr) are allowed by default.