Certification Objective 7.02-The CUPS Printing System

RHEL comes with one print service, the Common Unix Printing System (CUPS). It's the successor to the Line Print Daemon (LPD) and the companion Line Printer Next Generation (LPRng), which is no longer offered with RHEL or Fedora Linux. You can configure printers directly through the CUPS configuration files in the /etc/cups directory. Alternatively, RHEL includes two quality GUI tools that you can use to configure local and remote printers on your network. One is a Web-based interface; Red Hat has a companion printer configuration utility.

image from book
Exam Watch

It doesn't matter how you configure a print server for the Red Hat exams. Whether you use Red Hat's utility or the Web-based tool, or you edit the configuration files directly, all that matters is that you get the result specified on your exam.

image from book

CUPS is the Linux/Unix implementation of the Internet Printing Protocol (IPP). I expect IPP to become a fairly universal standard for printer configuration sometime in the future. Microsoft Print servers can now use IPP; Apple systems starting with OS 10.2 use CUPS with IPP.

Installing and Starting CUPS

CUPS and a number of print databases are installed with the Printing Support package group. It includes 10 RPM packages, some of which appear unrelated. If you haven't already installed this package group during the RHEL installation process, it's likely most efficient to install it using the yum groupinstall printing command or the Package Manager described in Chapter 5. If you want to learn to install the packages on your own, you can review the packages and groups as listed in the Package Manager.

It's easy to start and configure CUPS to launch when Linux boots on your computer. The cups service script works like most of the other services on RHEL. In other words, you can start it with the following command:

 # service cups start 

By substituting restart, stop, or reload for start, you can restart or stop the CUPS service or reload the CUPS configuration files. And, as always, you need to make sure the CUPS service starts the next time you (or the person grading your exam) boots your system:

 # chkconfig cups on 

CUPS Configuration Files

There are a number of printer configuration files in the /etc/cups directory. Each of these files includes a substantial number of commands and comments. Table 7-6 describes some of these files; I describe some of the commands associated with these files shortly.

Table 7-6: CUPS Configuration Files

CUPS Configuration File



Configures groups of printers in a class


Sets the default CUPS server for this computer; it can be local or another remote print server


The main CUPS configuration file


Includes file format filters, such as images and documents


Sets file types that can be processed through CUPS printers


Specifies additional files for language-specific PDF fonts


Documents printers configured by the CUPS Web-based tool


Includes a conversion filter that supports PostScript printers


Configures network printer discovery


Adds a list of printers for sharing; used by Samba


Includes a directory with customized printer settings


Includes a directory with SSL certificates


Includes a directory with interface scripts, such as filters

While I still believe that it's best in general to edit configuration files directly, the commands associated with CUPS can be difficult to learn. Several of the files in /etc/cups don't include the same quality of comments as seen for other services. And, in my opinion, the Red Hat and the Web-based configuration tools provide an excellent level of functionality.

The Red Hat Printer Configuration Tool

The main Red Hat Printer Configuration tool works well. You can start it with the system-config-printer command, which opens the utility shown in Figure 7-2. It is a "front end" that can help you configure the files in the /etc/cups directory.

image from book
Figure 7-2: Red Hat's Printer Configuration utility

You can use this tool to manage printers and configure print queues to local ports or through remote systems:

  • Local CUPS serial/parallel ports

  • Networked CUPS ports (using the IPP)

  • Remote Unix/Linux LPD print services

  • Shared Windows printers

  • Novell NCP print queues

  • HP JetDirect print servers

  • Any other printer with a URI

On the Job 

Red Hat no longer includes the text-mode version of the Printer Configuration tool.

First, you can use the Printer Configuration tool to configure a printer on a remote system, assuming it also has the same Printer Configuration tool (and authorized remote access). In the tool's main window, click Goto Server. In the Connect To CUPS Server dialog box shown in Figure 7-3, enter the name (or IP address) of the remote system you want to administer, as well as the authorized username, and whether encryption is required. You may be prompted for a password. If successful, you'll see a new Printer Configuration tool with the name of the remote system.

image from book
Figure 7-3: Connecting to a remote CUPS server

Now try defining a local printer. Click New Printer. This should automatically start the New Printer wizard shown in Figure 7-4, where you can enter the name, description, and location of the printer similar to what's shown.

image from book
Figure 7-4: Starting the printer configuration process

Click Forward. In the next New Printer screen, select the type of connection. If the printer is local and automatically detected, it's shown in this screen. So what you see will vary, depending on your hardware and attached printers. As shown in Figure 7-5, the detected printer is labeled HPLaserJet 4L LPT parport0 HPLIP. Try the other options, and look at the information that you would need.

image from book
Figure 7-5: Selecting a connection

The information you need corresponds to Table 7-7. Make any appropriate entries and click Forward to continue.

Table 7-7: Entries Associated with Different Printer Devices


Required Information


URI (Universal Resource Identifier)

a specific printer


LPT #1


Serial Port #1

Baud rate, parity, data bits, flow control

App Socket / HP JetDirect

Host name or IP address and port number (default is 9100)

Internet Printing Protocol (IPP)

Host name, such as ipp://enterprise5.example.net and printer name

LPD/LPR Host or Printer

Host name or IP address and printer name

Windows Printer via SAMBA

Workgroup/Domain; computer and printer name; authentication information

Now you can select a printer manufacturer, or enter a driver, as shown in Figure 7-6. If you have a print driver, in .ppd format, you can enter it here. Otherwise, select a printer manufacturer and click Forward to continue.

image from book
Figure 7-6: Selecting a manufacturer

Next, as shown in Figure 7-7, select the appropriate model. If multiple drivers are available, select the one most appropriate for your configuration. If you do not want to choose the default, the comments may be helpful.

image from book
Figure 7-7: Selecting a printer and driver

Click Forward. Before the Printer Configuration tool creates a print queue, it documents what it's about to do. If you're satisfied with the configuration, click Apply. This returns you to the main Printer Configuration window shown in Figure 7-2.

The main Printer Configuration window should now include the name of your printer. The changes should already be written to the configuration files in the /etc/ cups directory as well as /etc/printcap.

If you have trouble here, you may not have shared the CUPS printer at the server. To do so at the server, highlight the Server Settings option. Five options are available, as described in Table 7-8.

Table 7-8: Entries Associated with Different Printer Devices

Server Setting


Show Printers Shared By Other Systems

Searches the network for shared printers, such as through Samba

Share Published Printers Connected To This System

Allows remote CUPS servers to access printers configured on this system

Allow Remote Administration

Allows remote connections to the local CUPS server

Allow Users To Cancel Any Job

Supports the use of lprm by any user on any print job

Save Debugging Information For Troubleshooting

Adds more information to the appropriate log file in the /var/log/cups/ directory

Any time you make changes, click Apply to implement them on the local system.

After you have added more than one printer, you may want to create different classes of printers. A printer class typically includes more than one printer, and the class can be cited as a printer. When you print to a class, CUPS prints to the first available printer in that class. All printers in a class are usually located in the same area or room.

For example, assume you've created a print class named Class1, which consists of HPLaserJ4La and HPLaserJ4Lb. If you print to a printer named Class1, CUPS prints to either HPLaserJ4La or HPLaserJ4Lb, whichever is not busy at the time.

image from book
Figure 7-8: Sharing a CUPS printer

Creating a print class using the Red Hat Printer Configuration tool is easy. Click New Class, and you'll be able to enter a name, description, and location for the class, similar to Figure 7-4. You can then select the printers to add to that class.

The Line Print Daemon Commands

Even though RHEL uses CUPS, you can still control your print system with LPD commands. Three major commands are associated with the lpd service: lpr, lpq, and lprm. They are used to add print requests, list queued print requests, and remove print requests, respectively. One more command can help you administer one or more print queues: lpc.

There are several more line print commands available, but these are the basics. And I'm not sure that every exam facility includes printers connected to test networks.

lpc: Line Print Control

To view all known queues, run the lpc status command; it implements the result shown in Figure 7-9. As you can see, the output helps you easily scan all configured print devices and queues.

image from book
Figure 7-9: Status of configured printers

On the Job 

The lpc command that comes with CUPS does not support starting or stopping of print queues.

lpr: Line Print Request

Any user can use lpr to send print requests to any local print queue. You can lpr any files to a queue, or you can redirect any output via lpr. If you wanted to print to the queue named color, for example, you'd use a command like this: lpr -Pcolor filename. Note that there is no space between the -P switch and the name of the queue (though a space is now allowed in RHEL 5).

lpq: Line Print Query

Now, to examine how the lpq command works, you can start by queuing up a new job by issuing these commands:

 # lpq WinPrint1 is ready and printing Rank     Owner   Job  Files                   Total Size active   root   373   smbprn.000486.6JkBaq    10240 bytes 1st      root   374   smbprn.000487.6JkBaq    10240 bytes 2nd      root   376   smbprn.000488.6JkBaq    10240 bytes 

Now you can delete the jobs of your choice. It's simple; just use the lprm command with the job number:

 # lprm 376 

GUI Front End

RHEL includes a GUI front end for printer management on the GNOME desktop, which allows you to switch default printers. To view the printers that you've configured on the GUI, choose System | Preferences | More Preferences | Default Printer. As shown in Figure 7-10, it allows you to set a different default printer.

image from book
Figure 7-10: GNOME Default Printer manager

The CUPS Web-Based Interface

Another way to configure CUPS is through the Web-based interface. Open up the browser of your choice on the local Linux computer. Direct it to the http:// localhost:631 address to get to the main CUPS configuration menu, as shown in Figure 7-11.

image from book
Figure 7-11: CUPS Web-based interface

There are six virtual tabs atop the main page:

  • Home Brings you to the introductory page shown in Figure 7-11, which introduces CUPS as a GPL licensed product of Easy Software Products (www.easysw.com).

  • Administration A basic interface that allows you to add or manage classes of printers, manage print jobs, and add or manage printers. You can also navigate directly to the options from the Home page tab.

  • Classes Supports viewing and management of installed printer classes.

  • Documentation/Help Provides extensive documentation.

  • Jobs Enables you to view and manage active print jobs.

  • Printers Enables you to manage existing printers.

You can manage Classes, Jobs, and Printers from the Administration tab. (You can read the Documentation/Help section on your own; software upgrades to CUPS are not covered in this book.) The heart of CUPS is in the Administration tab. At some point during administrative commands, you're prompted to enter your administrative root username and password.

Finally, the CUPS Web-based interface supports the same extensive database of printers that you see in the Red Hat Printer Configuration tool. And with RHEL 5, the Red Hat tool supports the creation of printer classes and the complete variety of print protocols supported by CUPS.

CUPS Administration

Select the Administration tab, which brings you to the Administration management page, shown in Figure 7-12. It includes four sections: The Printers section is where you add or manage configured printers. In the Classes section, you can configure a group of printers together. When you use a specific class, CUPS directs your print job to the first available printer in this class. The Jobs section helps you manage the print jobs currently in the print queue. In the Servers section, you can edit the configuration file, view logs, and modify various server settings. Before actually executing an administrative command, you'll be prompted for administrative authentication.

image from book
Figure 7-12: CUPS Administration management page

As the Red Hat Printer Configuration tool supports a wider variety of printers, I won't explain the Add Printer dialog box in this book. However, if you want to create a printer class, the CUPS Web-based tool is the easiest way to go. As described earlier, a CUPS printer class allows you to print to a group of printers. CUPS then selects the first available printer in that class when you print to that class.

To proceed, click Add Class. You'll see a dialog box, as shown in Figure 7-13:

  • Name The name of the printer class. If you want to print to this printer group, you'll call or connect to this printer class name.

  • Location Must be set to the name or IP address of the local print server.

  • Description Allows you to add the comment of your choice to help identify the printer class.

image from book
Figure 7-13: Configuring a printer class

After you click Add Class, you'll get to include one or more configured printers in your printer class. If you haven't previously entered administrative authentication for CUPS, you're prompted to do so at this time. The CUPS Web-based tool now creates a print class. Click the Classes tab to see your new print class, as shown in Figure 7-14.

image from book
Figure 7-14: The new printer class

Verifying CUPS Sharing

Once you've configured security for a CUPS printer, you can verify it in three CUPS configuration files in the /etc/cups directory: cupsd.conf, printers.conf, and classes.conf.

The security commands in this file are fairly straightforward. By default, access to a CUPS printer is limited to the local computer with a directive such as:

 Browsing Off 

If you configure a CUPS printer to be shared with the local network, you'll see it replaced with the following commands. The key is BrowseAddress @LOCAL, which limits browsing access to the LAN connected directly to the local network card. In contrast, @ALL would support access from all connected networks. The DefaultAuthType Basic directive uses the /etc/passwd configuration file to search for allowed users.

 Browsing On BrowseOrder allow,deny BrowseAddress @LOCAL DefaultAuthType Basic 

For example, printer administrators are as specified in the following cupsd.conf container, which supports basic authentication using /etc/passwd based on users in the @SYSTEM group, also known as sys in /etc/group. Remote access to the Web-based tool is supported on the @LOCAL network.

 <Location /admin/conf>   AuthType Basic   Require user @SYSTEM   # Allow remote access to the configuration files...   Order allow,deny   Allow @LOCAL </Location> 

You can limit access to specific IP address networks. For example, to support access from the LAN, add the following directive:

 Allow From 

You can also substitute computer or domain names. For example, the following command allows access from the example.com domain:

 Allow From *.example.com 

You can't configure these limits using the Red Hat Printer Configuration utility (system-config-printer). If you want to set up host-based security in this way, you'll have to edit the cupsd.conf configuration file directly.

However, you can now configure user-based access control per printer in the Printer Configuration utility. Just select the configured printer and click the Access Control tab. You'll be able to add a set of users, and you can limit access to these users (or prohibit access to just those users).

To limit access to a specific printer or print class, add appropriate directives to the printers.conf and classes.conf configuration files.

CUPS and SELinux

If you're configuring SELinux, you can disable SELinux protection for various CUPS services, including:

  • cupsd Backend Server Disables protection for CUPS configuration files, per the cupsd_config_disable_trans boolean, associated with the now obsolete cups-config-daemon service.

  • cupsd daemon Disables protection for the CUPS service, per the cups_disable_trans boolean.

  • cups_lpd service Disables protection for the cups-lpd xinetd service, per the cupsd_lpd_disable_trans boolean, which supports communication from LPD printers.

  • CUPS hplip daemon Disables protections for the HP Linux Imaging and Printing service, per the hplip_disable_trans boolean.

If you want to substitute the LPD daemon for CUPS, you'll also need to activate the Use Lpd Server Instead Of CUPS option, also known as the use_lpd_server boolean. These options are available in the SELinux Management Tool, as described in Chapter 15.

RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302)
Linux Patch Management: Keeping Linux Systems Up To Date
ISBN: 0132366754
EAN: 2147483647
Year: 2004
Pages: 227
Authors: Michael Jang

Similar book on Amazon
Linux Quick Fix Notebook
Linux Quick Fix Notebook
Self-Service Linux: Mastering the Art of Problem Determination
Self-Service Linux: Mastering the Art of Problem Determination
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
RHCSA/RHCE Red Hat Linux Certification Study Guide (Exams EX200 & EX300), 6th Edition (Certification Press)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)
Security Strategies in Linux Platforms and Applications (Information Systems Security & Assurance)

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net