PyKota relies on two configuration files, named 'pykota.conf' and 'pykotadmin.conf'. These files must be placed into the home directory of system user 'pykota', usually '/etc/pykota'. The permissions set on this directory and these files will determine who can use PyKota and how. One thing you'll have to remember is that anyone who has read access to 'pykotadmin.conf' is considered to be a PyKota Administrator, and as such, can use any option of any PyKota command line tool. This is why you have to be absolutely careful about *not* giving any access to this file to students for example. Usually, 'pykotadmin.conf' will contain the database username (or LDAP dn) and password needed to access to PyKota's datas in **read+write** mode. Although as we'll see later on, this file can also point PyKota to a database which is different than the one used by all users who can not read 'pykotadmin.conf' but can read 'pykota.conf'. The other file, 'pykota.conf' will contain all non-database related configuration settings for PyKota, plus the database username (or LDAP dn) and password needed to access to PyKota's datas in **readonly** mode. So giving access to it to end users is usually no big deal, unless you don't want them to be able to see other users' account balance or quota information. The recommended way however is to protect both 'pykota.conf' and 'pykotadmin.conf' from regular users. Setting secure permissions : $ chown -R pykota.pykota ~pykota $ chmod 600 ~pykota/pykotadmin.conf $ chmod 640 ~pykota/pykota.conf Depending on your operating system, you might want to do this instead : $ chown -R pykota.lpadmin ~pykota $ chmod 640 ~pykota/pykotadmin.conf ~pykota/pykota.conf Because the user your printing system is run as **MUST** be able to read both 'pykota.conf' and 'pykotadmin.conf' to be able to update PyKota's database each time an user prints something.