17.6. More Examples

The following is a more complex lpd.perms file.

    # All operations allowed except those specifically forbidden
    DEFAULT ACCEPT
    #Reject connections which do not originate from hosts with an
    # address on 130.191.0.0 or from localhost,
    # or name is not assigned to Engineering pc's
    REJECT SERVICE=X NOT IFIP=130.191.0.0/16,127.0.0.1/32
    REJECT SERVICE=X NOT REMOTEHOST=engpc*
    #Do not allow anybody but root or papowell on
    #astart1.private or the server to use control
    #facilities.
    ACCEPT SERVICE=C SERVER REMOTEUSER=root
    ACCEPT SERVICE=C REMOTEHOST=astart1.private REMOTEUSER=papowell
    #Allow root on talker.private to control printer hpjet
    ACCEPT SERVICE=C HOST=talker.private PRINTER=hpjet REMOTEUSER=root
    #Reject all others
    REJECT SERVICE=C
    #Do not allow forwarded jobs or requests
    REJECT SERVICE=R,C,M FORWARD
    # allow same user on originating host to remove a job
    ACCEPT SERVICE=M SAMEHOST SAMEUSER
    # allow root on server to remove a job
    ACCEPT SERVICE=M SERVER REMOTEUSER=root