13.7 CUPS


The Common Unix Printing System (CUPS) is another project aimed at improving, and ultimately superceding, the traditional printing subsystems. CUPS is distinguished by the fact that it was designed to address printing within a networking environment from the beginning, rather than being focused on printing within a single system. Accordingly, it has features designed to support both local and remote printing, as well as printers directly attached to the network. We will take a brief look at CUPS in this section. The homepage for the project is http://www.cups.org.

CUPS is implemented via the Internet Printing Protocol (IPP). This protocol is supported by most current printer manufacturers and operating systems. IPP is implemented as a layer on top of HTTP, and it includes support for security-related features such as access control, user authentication, and encryption. Given this structure, CUPS requires a web server on printer server systems.

Architecturally, CUPS separates the print job handling and device spooling functions into distinct modules. Print jobs are given a identifier number and also have a number of associated attributes: their destination, priority, media type, number of copies, and so on. As with other spooling subsystems, filters may be specified for print queues and/or devices in order to process print jobs. TheCUPS system provides many of them. Finally, backend programs are responsible for sending print jobs to the actual printing devices.

CUPS also supports printer classes: groups of equivalent printers fed by a single queue (we've previously also referred to such entities as printer pools). CUPS extends this construct by introducing what it calls "implicit classes." Whenever distinct printers and/or queues on different servers are given the same name, the CUPS system treats the collection as a class, controlling the relevant entities as such. In other words, multiple servers can send jobs to the same group of equivalent printers. In this way, implicit classes may be used to prevent any individual printing device or server system from becoming a single point of failure. Classes may be nested: a class can been a member of another class.

13.7.1 Printer Administration

CUPS supports the lpr, lpq, and lprm commands and the lp, lpstat, and cancel commands from the BSD and System V printing systems, respectively. For queue and printer administration, it offers two options: command-line utilities, including a version of the System V lpadmin command, or a web-based interface. The latter is accessed by pointing a browser at port 631: for example, http://localhost:631 for the local system.

The following commands are available for managing and configuring print queues. Note that all of them except lpinfo specify the desired printer as the argument to the -p option:

lpstat

View queue status.

accept and reject

Allow/prevent jobs from being sent to the associated printing device.

enable and disable

Allow/prevent new print jobs from being submitted to the specified queue.

lpinfo

Display information about available printers (-v) or drivers (-m).

lpadmin

Configure print queues.

Here is an example lpadmin command, which adds a new printer:

# lpadmin -plj4 -D"Finance LaserJet" -L"Room 2143-A" \           -vsocket://192.168.9.23 -mlaserjet.ppd

This command add a printer named lj4 located on the network using the indicated IP address. The printer driver to be used is laserjet.ppd (several are provided with the CUPS software). The -D and -L options provide descriptions of the printer and its location, respectively.

In general, the -v option specifies the printing device as well as the method used to communicate with it. Its argument consists of two colon-separated parts: a connection-type keyword (which selects the appropriate backend module), followed by a location address. Here are some syntax forms:

parallel:/dev/device        Local parallel port serial:/dev/device          Local serial port usb:/dev/usb/device         Local USB port ipp://address/port          IPP-based network printer lpd://address/DEVICE        LPD-based network printer socket://address[:port]     Network printer using another protocol (e.g., JetDirect)

The CUPS version of lpadmin has several other useful options: -d to specify a system default printer (as under System V), -c and -r to add/remove a printer from a class, and -x to remove the print queue itself.

Under CUPS, printers need only be configured on the server(s) where the associated queues are located. All clients on the local subnet will be able to see them once CUPS is installed and running on each system.

13.7.1.1 CUPS configuration files

CUPS maintains several configuration files, stored in the /etc/cups directory. Most of them are maintained by lpadmin or the web-based administrative interface. The one exception, which you may need to modify manually, is the server's main configuration file, cupsd.conf.

Here are some sample annotated entries (all non-system-specific values are the defaults):

ServerName painters.ahania.com         Server name. ServerAdmin root@ahania.com            CUPS administrator's email address. ErrorLog /var/log/cups/error_log       Log file locations. AccessLog /var/log/cups/access_log PageLog /var/log/cups/page_log         Printer accounting data. LogLevel info                          Log detail (other  levels: debug, warn, error). MaxLogSize 1048571                     Rotate log files when current is bigger than this. PreserveJobFiles No                    Don't keep files after print job completes.  RequestRoot /var/spool/cups            Spool directory. User lp                                Server user and group owners. Group sys TempDir /var/spool/cups/tmp            CUPS temporary directory. MaxClients 100                         Maximum client connections to this server.  Timeout 300                            Printing timeout period in seconds. Browsing On                            Let clients browse for printers. ImplicitClasses On                     Implicit classes are enabled.

Readers familiar with the Apache facility will notice many similarities to its main configuration file (httpd.conf).

13.7.1.2 Access control and authentication

Printer access control, user authentication, and encryption are also enabled and configured in the cupsd.conf configuration file.[9]

[9] These features are somewhat in flux as of this writing, so there may be additional capabilities in your version of CUPS. Consult the CUPS documentation for details on the current state of things.

Encryption is controlled by the Encryption entry:

Encryption IfRequested

The entry indicates whether or not to encrypt print requests (in order to use encryption, the OpenSSL library must be linked into the CUPS facility). The default is to encrypt files if the server requests it; other values are Always and Never. Additional keywords may be added as other encryption methods become available.

There are two main entries related to user authentication:

AuthType

Source of authentication data, one of: None, Basic (use data in the Unix password and group file, transmitted Base64-encoded), and Digest (use the file passwd.md5 in /etc/cupsd for authentication data). The last method offers a medium level of security against network sniffing. The CUPS system provides the lppasswd command for maintaining the passwd.md5 file.

AuthClass

Method of authentication. The default is Anonymous (perform no authentication). Other options are User (valid username and password are required), System (user must also belong to the system group, which can be defined using the SystemGroup entry), and Group (user must also belong to the group specified in the AuthGroupName entry).

The encryption- and user authentication-related entries are used to specify requirements for specific printers or printer classes. These are defined via stanzas like the following in the configuration file:

<Location /item> [Encryption entry]            The ordering here is not significant. [Authentication entries] [Access control entries] </Location>

The pseudo-HTML directives delimit the stanza, and the item specified in the opening tag indicates the entities to which the stanza applies.[10] It can take one of the following forms:

[10] Again, note the similarity to the Apache configuration file syntax.

/                             Defaults for the CUPS system. /printers                     Applies to all non-specified printers. /printers/name                Applies to a specific printer. /classes                      Applies to all non-specified classes. /classes/name                 Applies to the specified class. /admin                        Applies to CUPS administrative functions.

Here a some example stanzas (which also introduce the access control directives):

<Location />                  System defaults. Order Deny,Allow              Interpret Allow list as overrides to Deny list. Deny From All                 Deny all access . . .  Allow From 127.0.0.1           . . . except from the local host. </Location> <Location /printers> Order Allow,Deny              Interpret Deny list as exceptions to Allow list. Allow From .ahania.com        Allow access from these domains . . .  Allow From .essadm.com Deny From 192.168.9.0/24       . . . but exclude this subnet. </Location> <Location /classes/checks>    Applies to class named checks. Encryption Always             Always encrypt. AuthType Digest               Require valid user account and password. AuthClass Group               Restrict to members of the finance group. AuthGroupName finance Order Deny,Allow Deny From All                 Deny all access . . .  Allow From 10.100.67.0/24      . . . except from this subnet. </Location> <Location /admin>             Access for administrative functions. AuthType Digest               Require valid user account and password. AuthClass System              Limit to system group members. Order Deny,Allow Deny From All                 Restrict access to the local domain. Allow From .ahania.com </Location>

Consult the CUPS documentation for information about the facility's other features as well as its installation procedure.



Essential System Administration
Essential System Administration, Third Edition
ISBN: 0596003439
EAN: 2147483647
Year: 2002
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net