RHEL comes with one print service, the Common Unix Printing System (CUPS). It's the successor to the Line Print Daemon (LPD) and the companion Line Printer Next Generation (LPRng), which is no longer offered with RHEL or Fedora Linux. You can configure printers directly through the CUPS configuration files in the /etc/cups directory. Alternatively, RHEL includes two quality GUI tools that you can use to configure local and remote printers on your network. One is a Web-based interface; Red Hat has a companion printer configuration utility.
It doesn't matter how you configure a print server for the Red Hat exams. Whether you use Red Hat's utility or the Web-based tool, or you edit the configuration files directly, all that matters is that you get the result specified on your exam.
CUPS is the Linux/Unix implementation of the Internet Printing Protocol (IPP). I expect IPP to become a fairly universal standard for printer configuration sometime in the future. Microsoft Print servers can now use IPP; Apple systems starting with OS 10.2 use CUPS with IPP.
CUPS and a number of print databases are installed with the Printing Support package group. It includes 10 RPM packages, some of which appear unrelated. If you haven't already installed this package group during the RHEL installation process, it's likely most efficient to install it using the yum groupinstall printing command or the Package Manager described in Chapter 5. If you want to learn to install the packages on your own, you can review the packages and groups as listed in the Package Manager.
It's easy to start and configure CUPS to launch when Linux boots on your computer. The cups service script works like most of the other services on RHEL. In other words, you can start it with the following command:
# service cups start
By substituting restart, stop, or reload for start, you can restart or stop the CUPS service or reload the CUPS configuration files. And, as always, you need to make sure the CUPS service starts the next time you (or the person grading your exam) boots your system:
# chkconfig cups on
There are a number of printer configuration files in the /etc/cups directory. Each of these files includes a substantial number of commands and comments. Table 7-6 describes some of these files; I describe some of the commands associated with these files shortly.
CUPS Configuration File
Configures groups of printers in a class
Sets the default CUPS server for this computer; it can be local or another remote print server
The main CUPS configuration file
Includes file format filters, such as images and documents
Sets file types that can be processed through CUPS printers
Specifies additional files for language-specific PDF fonts
Documents printers configured by the CUPS Web-based tool
Includes a conversion filter that supports PostScript printers
Configures network printer discovery
Adds a list of printers for sharing; used by Samba
Includes a directory with customized printer settings
Includes a directory with SSL certificates
Includes a directory with interface scripts, such as filters
While I still believe that it's best in general to edit configuration files directly, the commands associated with CUPS can be difficult to learn. Several of the files in /etc/cups don't include the same quality of comments as seen for other services. And, in my opinion, the Red Hat and the Web-based configuration tools provide an excellent level of functionality.
The main Red Hat Printer Configuration tool works well. You can start it with the system-config-printer command, which opens the utility shown in Figure 7-2. It is a "front end" that can help you configure the files in the /etc/cups directory.
Figure 7-2: Red Hat's Printer Configuration utility
You can use this tool to manage printers and configure print queues to local ports or through remote systems:
Local CUPS serial/parallel ports
Networked CUPS ports (using the IPP)
Remote Unix/Linux LPD print services
Shared Windows printers
Novell NCP print queues
HP JetDirect print servers
Any other printer with a URI
|On the Job|| |
Red Hat no longer includes the text-mode version of the Printer Configuration tool.
First, you can use the Printer Configuration tool to configure a printer on a remote system, assuming it also has the same Printer Configuration tool (and authorized remote access). In the tool's main window, click Goto Server. In the Connect To CUPS Server dialog box shown in Figure 7-3, enter the name (or IP address) of the remote system you want to administer, as well as the authorized username, and whether encryption is required. You may be prompted for a password. If successful, you'll see a new Printer Configuration tool with the name of the remote system.
Figure 7-3: Connecting to a remote CUPS server
Now try defining a local printer. Click New Printer. This should automatically start the New Printer wizard shown in Figure 7-4, where you can enter the name, description, and location of the printer similar to what's shown.
Figure 7-4: Starting the printer configuration process
Click Forward. In the next New Printer screen, select the type of connection. If the printer is local and automatically detected, it's shown in this screen. So what you see will vary, depending on your hardware and attached printers. As shown in Figure 7-5, the detected printer is labeled HPLaserJet 4L LPT parport0 HPLIP. Try the other options, and look at the information that you would need.
Figure 7-5: Selecting a connection
The information you need corresponds to Table 7-7. Make any appropriate entries and click Forward to continue.
URI (Universal Resource Identifier)
a specific printer
Serial Port #1
Baud rate, parity, data bits, flow control
App Socket / HP JetDirect
Host name or IP address and port number (default is 9100)
Internet Printing Protocol (IPP)
Host name, such as ipp://enterprise5.example.net and printer name
LPD/LPR Host or Printer
Host name or IP address and printer name
Windows Printer via SAMBA
Workgroup/Domain; computer and printer name; authentication information
Now you can select a printer manufacturer, or enter a driver, as shown in Figure 7-6. If you have a print driver, in .ppd format, you can enter it here. Otherwise, select a printer manufacturer and click Forward to continue.
Figure 7-6: Selecting a manufacturer
Next, as shown in Figure 7-7, select the appropriate model. If multiple drivers are available, select the one most appropriate for your configuration. If you do not want to choose the default, the comments may be helpful.
Figure 7-7: Selecting a printer and driver
Click Forward. Before the Printer Configuration tool creates a print queue, it documents what it's about to do. If you're satisfied with the configuration, click Apply. This returns you to the main Printer Configuration window shown in Figure 7-2.
The main Printer Configuration window should now include the name of your printer. The changes should already be written to the configuration files in the /etc/ cups directory as well as /etc/printcap.
If you have trouble here, you may not have shared the CUPS printer at the server. To do so at the server, highlight the Server Settings option. Five options are available, as described in Table 7-8.
Show Printers Shared By Other Systems
Searches the network for shared printers, such as through Samba
Share Published Printers Connected To This System
Allows remote CUPS servers to access printers configured on this system
Allow Remote Administration
Allows remote connections to the local CUPS server
Allow Users To Cancel Any Job
Supports the use of lprm by any user on any print job
Save Debugging Information For Troubleshooting
Adds more information to the appropriate log file in the /var/log/cups/ directory
Any time you make changes, click Apply to implement them on the local system.
After you have added more than one printer, you may want to create different classes of printers. A printer class typically includes more than one printer, and the class can be cited as a printer. When you print to a class, CUPS prints to the first available printer in that class. All printers in a class are usually located in the same area or room.
For example, assume you've created a print class named Class1, which consists of HPLaserJ4La and HPLaserJ4Lb. If you print to a printer named Class1, CUPS prints to either HPLaserJ4La or HPLaserJ4Lb, whichever is not busy at the time.
Figure 7-8: Sharing a CUPS printer
Creating a print class using the Red Hat Printer Configuration tool is easy. Click New Class, and you'll be able to enter a name, description, and location for the class, similar to Figure 7-4. You can then select the printers to add to that class.
Even though RHEL uses CUPS, you can still control your print system with LPD commands. Three major commands are associated with the lpd service: lpr, lpq, and lprm. They are used to add print requests, list queued print requests, and remove print requests, respectively. One more command can help you administer one or more print queues: lpc.
There are several more line print commands available, but these are the basics. And I'm not sure that every exam facility includes printers connected to test networks.
To view all known queues, run the lpc status command; it implements the result shown in Figure 7-9. As you can see, the output helps you easily scan all configured print devices and queues.
Figure 7-9: Status of configured printers
|On the Job|| |
The lpc command that comes with CUPS does not support starting or stopping of print queues.
Any user can use lpr to send print requests to any local print queue. You can lpr any files to a queue, or you can redirect any output via lpr. If you wanted to print to the queue named color, for example, you'd use a command like this: lpr -Pcolor filename. Note that there is no space between the -P switch and the name of the queue (though a space is now allowed in RHEL 5).
Now, to examine how the lpq command works, you can start by queuing up a new job by issuing these commands:
# lpq WinPrint1 is ready and printing Rank Owner Job Files Total Size active root 373 smbprn.000486.6JkBaq 10240 bytes 1st root 374 smbprn.000487.6JkBaq 10240 bytes 2nd root 376 smbprn.000488.6JkBaq 10240 bytes
Now you can delete the jobs of your choice. It's simple; just use the lprm command with the job number:
# lprm 376
RHEL includes a GUI front end for printer management on the GNOME desktop, which allows you to switch default printers. To view the printers that you've configured on the GUI, choose System | Preferences | More Preferences | Default Printer. As shown in Figure 7-10, it allows you to set a different default printer.
Figure 7-10: GNOME Default Printer manager
Another way to configure CUPS is through the Web-based interface. Open up the browser of your choice on the local Linux computer. Direct it to the http:// localhost:631 address to get to the main CUPS configuration menu, as shown in Figure 7-11.
Figure 7-11: CUPS Web-based interface
There are six virtual tabs atop the main page:
Home Brings you to the introductory page shown in Figure 7-11, which introduces CUPS as a GPL licensed product of Easy Software Products (www.easysw.com).
Administration A basic interface that allows you to add or manage classes of printers, manage print jobs, and add or manage printers. You can also navigate directly to the options from the Home page tab.
Classes Supports viewing and management of installed printer classes.
Documentation/Help Provides extensive documentation.
Jobs Enables you to view and manage active print jobs.
Printers Enables you to manage existing printers.
You can manage Classes, Jobs, and Printers from the Administration tab. (You can read the Documentation/Help section on your own; software upgrades to CUPS are not covered in this book.) The heart of CUPS is in the Administration tab. At some point during administrative commands, you're prompted to enter your administrative root username and password.
Finally, the CUPS Web-based interface supports the same extensive database of printers that you see in the Red Hat Printer Configuration tool. And with RHEL 5, the Red Hat tool supports the creation of printer classes and the complete variety of print protocols supported by CUPS.
Select the Administration tab, which brings you to the Administration management page, shown in Figure 7-12. It includes four sections: The Printers section is where you add or manage configured printers. In the Classes section, you can configure a group of printers together. When you use a specific class, CUPS directs your print job to the first available printer in this class. The Jobs section helps you manage the print jobs currently in the print queue. In the Servers section, you can edit the configuration file, view logs, and modify various server settings. Before actually executing an administrative command, you'll be prompted for administrative authentication.
Figure 7-12: CUPS Administration management page
As the Red Hat Printer Configuration tool supports a wider variety of printers, I won't explain the Add Printer dialog box in this book. However, if you want to create a printer class, the CUPS Web-based tool is the easiest way to go. As described earlier, a CUPS printer class allows you to print to a group of printers. CUPS then selects the first available printer in that class when you print to that class.
To proceed, click Add Class. You'll see a dialog box, as shown in Figure 7-13:
Name The name of the printer class. If you want to print to this printer group, you'll call or connect to this printer class name.
Location Must be set to the name or IP address of the local print server.
Description Allows you to add the comment of your choice to help identify the printer class.
Figure 7-13: Configuring a printer class
After you click Add Class, you'll get to include one or more configured printers in your printer class. If you haven't previously entered administrative authentication for CUPS, you're prompted to do so at this time. The CUPS Web-based tool now creates a print class. Click the Classes tab to see your new print class, as shown in Figure 7-14.
Figure 7-14: The new printer class
Once you've configured security for a CUPS printer, you can verify it in three CUPS configuration files in the /etc/cups directory: cupsd.conf, printers.conf, and classes.conf.
The security commands in this file are fairly straightforward. By default, access to a CUPS printer is limited to the local computer with a directive such as:
If you configure a CUPS printer to be shared with the local network, you'll see it replaced with the following commands. The key is BrowseAddress @LOCAL, which limits browsing access to the LAN connected directly to the local network card. In contrast, @ALL would support access from all connected networks. The DefaultAuthType Basic directive uses the /etc/passwd configuration file to search for allowed users.
Browsing On BrowseOrder allow,deny BrowseAddress @LOCAL DefaultAuthType Basic
For example, printer administrators are as specified in the following cupsd.conf container, which supports basic authentication using /etc/passwd based on users in the @SYSTEM group, also known as sys in /etc/group. Remote access to the Web-based tool is supported on the @LOCAL network.
<Location /admin/conf> AuthType Basic Require user @SYSTEM # Allow remote access to the configuration files... Order allow,deny Allow @LOCAL </Location>
You can limit access to specific IP address networks. For example, to support access from the 192.168.30.0 LAN, add the following directive:
Allow From 192.168.30.0/255.255.255.0
You can also substitute computer or domain names. For example, the following command allows access from the example.com domain:
Allow From *.example.com
You can't configure these limits using the Red Hat Printer Configuration utility (system-config-printer). If you want to set up host-based security in this way, you'll have to edit the cupsd.conf configuration file directly.
However, you can now configure user-based access control per printer in the Printer Configuration utility. Just select the configured printer and click the Access Control tab. You'll be able to add a set of users, and you can limit access to these users (or prohibit access to just those users).
To limit access to a specific printer or print class, add appropriate directives to the printers.conf and classes.conf configuration files.
If you're configuring SELinux, you can disable SELinux protection for various CUPS services, including:
cupsd Backend Server Disables protection for CUPS configuration files, per the cupsd_config_disable_trans boolean, associated with the now obsolete cups-config-daemon service.
cupsd daemon Disables protection for the CUPS service, per the cups_disable_trans boolean.
cups_lpd service Disables protection for the cups-lpd xinetd service, per the cupsd_lpd_disable_trans boolean, which supports communication from LPD printers.
CUPS hplip daemon Disables protections for the HP Linux Imaging and Printing service, per the hplip_disable_trans boolean.
If you want to substitute the LPD daemon for CUPS, you'll also need to activate the Use Lpd Server Instead Of CUPS option, also known as the use_lpd_server boolean. These options are available in the SELinux Management Tool, as described in Chapter 15.