Configuring the Common Unix Print System
In many cases, configuring the Common Unix Print System (CUPS) is easy. Since CUPS is the default, if the right packages are installed CUPS may already be activated on your computer. Many LPD commands can be used on CUPS printers; all you need to do is activate the xinetd -managed daemon, cups-lpd .
You can configure many CUPS printers through a web-based interface on TCP/IP port 631, which is the communications channel for IPP. However, if you re configuring a group of CUPS printers, you need to know how to directly edit the CUPS configuration files in the /etc/cups directory.
Check your current CUPS RPM packages. Install them if they re not already on your computer. These packages are summarized in Table 25.3.
| Package | Description |
|---|---|
| cups-* | The main CUPS package, which includes basic commands and default configuration files. |
| cups-libs-* | A package that allows you to use access CUPS commands without having to use LPD commands such as lpr . |
| cups- devel -* | The CUPS development libraries. |
| cups-drivers-* | Drivers for CUPS-based printers. You may need to download these from a third-party source such as www. rpmfind .net; alternatively, the redhat-config-printer-* package and command includes a broad list of printer drivers. |
| foomatic-* | A spooler independent database of printers; supports redhat-config-printer . |
| hpijs-* | Print drivers optimized for HP printers. |
In the sections that follow, we start with the web-based interface, and then offer a detailed look at each of the CUPS configuration files in /etc/cups . Finally, we look at some basic CUPS commands and the cups-lpd service that lets you use LPD commands.
| Note | The names of the CUPS files, daemons, and scripts may be a bit confusing. The CUPS daemon is cupsd , in the /usr/sbin directory. However, Red Hat Linux lets you start and stop CUPS with a cups script in the /etc/rc.d/init.d directory. Finally, the main CUPS configuration file is cupsd.conf , in the /etc/cups directory. |
Graphical Configuration
You can set up CUPS printers on the web browser of your choice. It s quite possible that the CUPS RPM packages are installed and the cups daemon is active. In that case, all you need to do is open the local browser of your choice on TCP/IP port 631.
| Note | You can run the CUPS configuration program from a web browser on a remote computer. However, this requires you to have no firewall between those two computers ”at least none that block port 631. While we don t encourage this practice, you may find the risks acceptable if you re on a LAN protected from outside networks with a firewall. |
 |
If you re using Red Hat 8.0 or earlier, your default print server is probably LPD. If you upgrade to Red Hat 9, Red Hat is not supposed to automatically change your print server; LPD remains active on your computer.
Assuming you ve made the decision to move to CUPS, you ll want to make sure that the lpd daemon is no longer active when you start Linux. Then you can make sure that the cupsd daemon (from the /usr/sbin directory) is activated at the appropriate runlevels. The following commands should work:
# chkconfig --level 2345 lpd off # chkconfig --level 2345 cups on
Before you actually use a CUPS printer, you ll need to run redhat-switch-printer to let you switch from LPD and CUPS. (LPD is sometimes known by the name of its RPM package, LPRng, or Line Print Request, next generation.)
Naturally, if you ve just installed Red Hat Linux 9 and want to use LPD instead, you can reverse these steps.
| |
Now open the browser of your choice, and direct it to http://localhost:631 . Figure 25.1 shows the result in the Mozilla web browser.
Figure 25.1: The CUPS printer configurator
| Tip | You may see the following message in your browser: The connection was refused when attempting to contact servername :631. If you do, you haven t activated the cupsd daemon, or you have a firewall that s blocking access to port 631. |
As you can see, there are six different command options; the ESP link at the top of the web page is a link to the people behind CUPS, Easy Software Products at www.easysw.com . The other options are fairly straightforward and are summarized in Table 25.4.
| Option | Description |
|---|---|
| ESP | Navigates to www.easysw.com |
| Administration: Do Administration Tasks | Allows you to add or manage printers, classes, and print jobs |
| Classes: Manage Printer Classes | Lets you add or manage a group of printers as a class |
| Help: On-Line Help | Includes HTML and PDF manuals related to CUPS |
| Jobs: Manage Jobs | Allows you to manage current print jobs in the CUPS system |
| Printers: Manage Printers | Lets you add or manage an individual printer |
| Software: Download The Current CUPS Software | Navigates to www.cups.org for the latest available CUPS packages |
Since the Administration link provides an all-in-one configuration interface, we ll examine these options (except ESP) in reverse order.
| Tip | Before you continue, back up the files in your /etc/cups directory. The original format of these files will be used later in this chapter. |
You can use the redhat-config-printer tool described later in this chapter to configure or edit the printers of your choice. It works with either CUPS or LPD, as long as only one of these (not both) daemons is active. It s in the Red Hat s Printer GUI Tool section.
| Tip | The redhat-config-printer tool provides easy access to a wide variety of print drivers, customized by manufacturer and model. |
Downloading CUPS
If you want to download the latest version of CUPS, it s available from the CUPS website at www.cups.org; see Figure 25.2. As of this writing, downloadable versions from www.cups.org are available only in tarball-style formats and may not be customized for Red Hat Linux.
Figure 25.2: The CUPS home page
| Note | The www.cups.org website is maintained by Easy Software Products; their home page is www.easysw.com . But remember, CUPS is open-source software licensed under the GPL. |
Therefore, it s usually best to download the latest version of CUPS from a Red Hat FTP server. As described in Chapter 10 , there are two basic paths to the latest Red Hat “customized CUPS software: download from a Rawhide directory or use the up2date utility.
Managing Printers
At this point, click on the Printers or Manage Printers link. The CUPS configuration tool takes you to a list of currently configured printers. Click Add Printer. Even if you re logged in as the root user , CUPS should prompt you for your administrative account, as shown in Figure 25.3.
Figure 25.3: Authorized access
Once you ve entered the appropriate username (usually root) and password, you re taken to the Add New Printer screen shown in Figure 25.4.
Figure 25.4: The Add New Printer screen
In this screen, you ll need to enter the name, location, and description of the printer, as defined in Table 25.5.
| Entry | Description |
|---|---|
| Name | A basic name for your printer such as MyLaserJet or HPLaserJet. |
| Location | The hostname or domain name associated with the printer, such as RH81Test or HPLaser.mommabears.com . |
| Description | A descriptive name of your choice; you could include the physical location of the printer. |
Make your entries, click Continue, and move on to the next section.
Specifying a Print Device
As you can see in Figure 25.5, a variety of print devices are available. CUPS can administer printers connected to various physical ports as well as print servers. Some of these options are described in Table 25.6.
Figure 25.5: Specifying a print device
| Device | Description |
|---|---|
| AppSocket/HP JetDirect | For printers connected to a Hewlett-Packard JetDirect print server. |
| Internet Printing Protocol (http) | If you re setting CUPS to communicate on port 80, you can set the address of your printer as http:// printername . |
| Internet Printing Protocol (ipp) | Normally, CUPS uses IPP port 631, which corresponds to a URI of ipp:// printername . |
| LPD/LPR Host Or Printer | For printers managed through an LPD print server. |
| Parallel Printer | For printers connected via a local parallel port. |
| SCSI Printer | For printers connected via a SCSI interface. |
| Serial Port # x | For printers connected to a local serial port. |
| USB Printer # x | For printers connected to a local USB port. |
| Windows Printer Via SAMBA | For shared printers connected via a Microsoft Windows computer; may also apply to Linux computers that connect to a network via Samba. |
Make your selection, click Continue, and proceed to the next section.
Setting a URI
Next, you ll set the URI for the new printer. CUPS prompts you with the first letters of the URI, such as lpd , smb , socket , or http . In the previous step, we selected Internet Print Protocol (IPP) as the print device. In the example shown in Figure 25.6, the printer is connected to the computer named RH90, with the printer name of MyLaserJet.
Figure 25.6: Setting a printer URI
| Tip | If you selected a local physical printer port, no URI is required; CUPS skips this section. |
If your computer includes more than one print port, you can add the device name to the end of the URI:
ipp://RH9/MyLaserJet/dev/lp0
Alternatively, if you were configuring a shared Samba printer, the URI would start with smb: and end with the share name. For example, a shared Samba printer named myprint on a computer named printserv would have the following URI:
smb://printserv/myprint
Enter the appropriate URI, click Continue, and proceed to the next section.
Selecting a Print Model
This section is fairly straightforward. You re telling CUPS what print filter to use for your printer. In this section, you should select the make of your printer, as shown in Figure 25.7. If the make of your computer is not shown, it may be a PostScript printer. Alternatively, your printer may not need a filter; in other words, it can handle raw output. Raw and PostScript options are available here as well.
Figure 25.7: Selecting a print model
If you see only a small list of print models and drivers, that s because Red Hat is focusing more on configuration via redhat-config-printer , which has an extensive collection of print drivers, courtesy of the foomatic-* RPM. Other versions of Linux include additional print drivers with the cups-drivers-* RPM package. This RPM was also a part of Red Hat 8.0. Select your print model, click Continue, and then proceed to the next section.
Selecting a Print Driver
Now you can select a print driver. Depending on the make of your printer, the options can be extensive. If you see more than one driver for your printer in Figure 25.8, some trial and error may be appropriate
Figure 25.8: Selecting a print driver
Select your print model and click Continue. You should see a message like the following:
Printer MyLaserJet has been added successfully.
The name that you set for the printer should now be a link in the browser (indicated by the underline). You can click on the link to see the current status of your newly configured CUPS printer.
Now navigate to http://localhost:631 to return to the main CUPS menu.
Managing Jobs
It is easy to check the current queue of print jobs. Click the Jobs or Manage Jobs link, and you ll see a current list of jobs in the queue. These jobs are stored in files in the /var/spool/cups directory. If there are pending jobs, you ll see them in a format similar to what is shown in Figure 25.9.
Figure 25.9: Pending CUPS print jobs
As shown in the figure, it s easy to Hold or Cancel pending print jobs. Any job that is held is stored in /var/spool/cups; other jobs are processed first. You can then release the job to the queue as desired. More details on each job are available by clicking the associated ID.
One useful CUPS feature is a history of completed jobs. Click the Show Completed Jobs button to inspect your completed jobs, similar to what s shown in Figure 25.10. You can use this feature to monitor the activity of your printers to see if a print job is complete.
Figure 25.10: CUPS completed print jobs
| Tip | If you re having trouble printing from a CUPS configured printer, you might have accidentally switched to LPD. |
Accessing Online Help
Considerable online help is available for CUPS. All you need to do is click Help or On-Line Help. Either link opens the CUPS documents that are installed with the cups-* RPM in your local computer. Briefly , they include the documents shown in Table 25.7. Additional manuals are available for CUPS developers.
| Document | Description |
|---|---|
| An overview of the Common Unix Printing System | Describes the basic structure of CUPS, how it works with IPP 1.1, and compatibility with LPD commands |
| Software Users Manual | Includes a detailed description of the way you can customize printing with the right CUPS commands |
| Software Administrators Manual | Includes a detailed description of the CUPS installation and the language of the /etc/cups configuration files |
| CUPS Implementation of IPP | Compares CUPS functionality to IPP requirements |
Now navigate to http://localhost:631 to return to the main CUPS menu.
Managing Printer Classes
The strength of CUPS is how it allows you to organize groups of printers. Once you ve configured your printers, you can group them into CUPS classes. When you send a print job to a class, the job is processed by the first available printer in that class. Users no longer need to wait until an available printer is free.
Figure 25.11: Adding a new printer class
In the CUPS menu, click Classes. CUPS takes you to a screen with currently configured printer classes. Click Add Class to open the Add New Class screen, shown in Figure 25.11. In this case, the new class name is HPLasers, which is different from any existing printer name. The Location and Description fields are essentially the same as when you added a new CUPS printer; Location corresponds to the hostname or domain name associated with the print server, and Description gives you a chance to add a descriptive comment about the new printer class.
Click Continue; CUPS now takes you to the Members For PrintClassName screen. All configured CUPS printers are included in this screen, even if they re already assigned to a different class. To add the printers shown in Figure 25.12 to the new HPLasers class, highlight them and click Continue. CUPS displays a message that the HPLasers class has been added successfully. Now you can print to HPLasers, and CUPS will send the job to the first available printer in that class.
Figure 25.12: Adding printer class to the new
Click Classes again, and you ll see a screen with your configured printer classes. Figure 25.13 illustrates the class that we created, with the members MyLaserJet and SecondLaserJet1.
Figure 25.13: A defined printer class
Now navigate to http://localhost:631 to return to the main CUPS menu.
Administrative Tasks
When you click Administration or Do Administration Tasks, you re taken to a menu where you can manage printer classes, print jobs, and printers. As shown in Figure 25.14, this is close to an all-in-one CUPS administration menu.
Figure 25.14: The CUPS Administration menu
The lpadmin Command
While it s common for expert Linux administrators to administer from the command-line interface, many have come to trust the CUPS web-based configurator. Many don t trust the extra layer associated with a GUI interface; there is more that can go wrong. Not surprisingly, it s still possible to administer CUPS printers from the command line by using the lpadmin command. So many printer types and models are available, however, that this command becomes impractical .
But you can administer from the command line. One key function is to set up a user-based quota for your printer. This can help you track usage. For example, you can set quotas on a specific printer using the lpadmin command. The following command specifies that all users are limited to 10 pages per day on the printer named MyLaserJet:
# lpadmin -p MyLaserJet -o job-quota-period=86400 -o job-page-limit=10
Alternatively, you could use the -o job-k-limit switch to limit the amount of data sent to the printer in kilobytes.
You can also limit access to a specified printer. For example, the following command limits access to printer MyLaserJet to user ez and tblair:
# lpadmin -p MyLaserJet -u allow:ez,tblair
Alternatively, this command prohibits access to printer MyLaserJet for user mj:
# lpadmin -p MyLaserJet -u deny:mj
The lpadmin command affects the data in /etc/cups/printers.conf .
The lpstat Command
You can check the status of your printers and classes with the lpstat command. It s fairly straightforward; the -c class option lists members of the specified class; the -v printer option lists the device or address for the specified printer.
Configuration Files
The CUPS configuration files are stored in the /etc/cups directory. If you re familiar with the Apache web server described in Chapter 30 , you should be comfortable with CUPS.
The language is similar. Remember, CUPS lists printers by their URIs, such as ipp://RH9/ MyLaserJet . As you know, URLs list locations with addresses such as http://www.sybex.com . The standard configuration files are listed in Table 25.8; we examine /etc/cups/cupsd.conf in detail in the following section.
| File | Description |
|---|---|
| classes.conf | Specifies different groups of printers; when you create a new printer class with the CUPS web-based tool, the details are written here. |
| client.conf | Points to a default CUPS server; you may specify encryption requirements. |
| cupsd.conf | The main CUPS configuration file. |
| mime.convs | Lists filters for various file formats, such as documents and images. |
| mime.types | Lists file types that can be processed through CUPS printers. |
| printers.conf | The configuration file changed by the CUPS web-based tool; the details are written here. |
| pstoraster.convs | Contains a conversion filter for Ghostscript files, the way GNU works with PostScript printers. |
/etc/cups/cupsd.conf
While you can set up CUPS printers and classes with the web-based tool, to administer a group of printers you need to understand the main CUPS configuration file, /etc/cups/cupsd.conf . This section explains the default version of this file in detail; as you ll see, a number of variables are commented out that you can activate for your network of printers.
The variables listed in this section don t exactly match the order shown in the default /etc/cups/ cupsd.conf configuration file; for example, variables related to log files are grouped together in their own section.
Other variables are available for cupsd.conf; for more information see the CUPS Software Administrator s Manual, available in the On-Line Help section of the CUPS GUI configuration program.
| Note | Remember, the # is a comment code; you need to remove it to activate the command. In some cases, the command shown as a comment is the default. |
Server Variables
The ServerName variable is straightforward; it lists the visible name of your CUPS print server computer. By default, it is set to the hostname of the local computer:
#ServerName myhost.domain.com
This name should match the ServerName variable on CUPS client computers in /etc/cups/client .conf . Next, the ServerAdmin variable is essentially set to the e-mail address of the "webmaster" of the CUPS server:
#ServerAdmin root@your.domain.com
Standard Directories
Several files are listed in cupsd.conf; if listed with the relative path , they are relative to the directory listed as ServerRoot; by default, this is set to /etc/cups :
#ServerRoot /etc/cups
By default, the CUPS RPM packages store standard print data in the /usr/share/cups directory. This includes classifications, fonts, character sets, the help documents, and more. You can change where CUPS looks for this directory by changing the following variable:
#DataDir /usr/share/cups
When you send a print job, it is processed into a file that is stored on a spool. Normally, the file stays in the spool directory until the printer physically processes the job. The standard directory is specified with the RequestRoot variable. By default, it s /var/spool/cups :
# RequestRoot /var/spool/cups
CUPS also needs a temporary directory writeable by all users. Filters may be stored in this directory while a print job is being processed. While the default is /var/tmp , Red Hat Linux configures this in the /var/spool/cups/tmp directory, as shown here:
#TempDir /var/spool/cups/tmp
If you create your own temporary CUPS directory as root, you can set the appropriate permissions with this command:
# chmod a+t /tempdir
To help you visualize the result, here is the output from an ls -l /var/spool/cups command:
drwx------T 2 lp sys 4096 Mar 3 12:48 tmp
Log File Variables
As described in Chapter 13 , most log files are stored in the /var/log directory. CUPS log files are no exception; they are stored in the /var/log/cups directory. The standard log file lines are as follows :
#AccessLog /var/log/cups/access_log #ErrorLog /var/log/cups/error_log #PageLog /var/log/cups/page_log
These variables are set to default values. Of course, you can redirect these log files to the directory of your choice. These logs collect data as described in Table 25.9.
| File | Description |
|---|---|
| access_log | Lists HTTP files accessed through the CUPS web management tool |
| error_log | Includes more than just error messages; in standard log format, includes err, warn, info , and debug messages |
| page_log | Notes each page that is sent to a printer |
Chapter 13 describes how log files are rotated on a weekly basis. The MaxLogSize variable also forces the aforementioned logs to be rotated once the log file reaches a certain size . If the variable is not set, the default is 1MB; if it s set to 0, logs aren t rotated unless specified by another job such as those listed in the /etc/cron.daily directory:
MaxLogSize 0
Chapter 13 also describes how logs collect data based on settings in the /etc/syslog.conf configuration file. The available levels for CUPS, which are slightly different, appear in Table 25.10. By default, LogLevel is set to info :
LogLevel info
| Level | Description |
|---|---|
| emerg | Conditions that prevent CUPS from working |
| alert | Items that must be addressed immediately |
| crit | Critical errors that might not prevent CUPS from working |
| error | General errors |
| warn | Warning messages |
| notice | Temporary errors |
| info | All requests |
| debug | Basic debug information |
| debug2 | All debugging information |
Security Printouts
You can set a header on each printed page. If security requirements are associated with printouts on your network, you can uncomment one of the following commands:
#Classification classified #Classification confidential #Classification secret #Classification topsecret #Classification unclassified
By default, there is no Classification . But if there is one, the ClassifyOverride variable may apply. If you set this variable to on, it allows users to change the classification associated with a specific print job. The default is off, as shown here:
#ClassifyOverride Off
The standard font used by the CUPS web-based configuration tool is set by the DefaultCharset variable. Common options include iso-8859-1 and windows-1251 . But this does not apply if a DefaultLanguage variable is present, or if the CUPS client sets a different DefaultCharset :
#DefaultCharset utf-8
The DefaultLanguage specifies the language used for connections to the CUPS web browser tool. By default, it s English (en); alternatives include German (de), Spanish (es), French (fr), and Italian (it):
#DefaultLanguage en
As with Apache, the DocumentRoot variable specifies the base directory for different HTML pages. In this case, these HTML pages are associated with the CUPS web browser tool. By default, it s set to the /usr/share/doc/cups- versionnumber directory.
#DocumentRoot /usr/share/doc/cups- versionnumber
Linux generally implements PostScript files using Ghostscript. When such files are sent to a printer, they need the fonts as currently specified by the FontPath variable. By default, this variable is set as:
#FontPath /usr/share/cups/fonts
Print Job Management
There are four basic variables related to how print jobs are managed. For example, you can configure your CUPS print server to keep a record of past jobs, or even the spool files. The PreserveJobHistory variable, which is set to yes by default, keeps a record of past jobs:
#PreserveJobHistory Yes
You can keep a history of past job spool files. If this variable is set to yes, you can reprint previous jobs until you purge them. However, the PreserveJobFiles variable by default is set to no:
#PreserveJobFiles No
You may not have unlimited hard disk space. The MaxJobs variable sets a limit on the number of previous print jobs that you might preserve. The default is 500:
#MaxJobs 500
Naturally, this goes hand-in-hand with a limit on copies, as defined by the MaxCopies variable:
#MaxCopies 100
Normally, it s a good idea to set quotas to track usage of your CUPS printers, as described earlier with the lpadmin command. Print jobs are normally not purged, so data associated with printer usage remains on your system.
Conversely, if you have not set quotas, you have no need to keep track of the number of print jobs run by any user.
You can then activate the AutoPurgeJobs variable, which automatically deletes print jobs from the system.:
#AutoPurgeJobs No
You can configure a list of available printers in a standard file such as /etc/printcap with a straightforward command:
#Printcap /etc/printcap
Normally, /etc/printcap is based on the LPD system, developed for BSD. However, a similar format is available for the Solaris operating system. While the BSD-style system is the default, you can activate either with one of the following commands:
#PrintcapFormat BSD #PrintcapFormat Solaris
| Note | Don t worry about the PrintcapGUI variable; it s used for printer control only for the SGI IRIX operating system. |
Some print jobs need help from a program; these programs are normally stored in executable format in /usr/lib/cups , as specified by the ServerBin variable:
#ServerBin /usr/lib/cups
Most printers are configured to print graphics in Raster mode, dot by dot. However, the Raster Image Processing Cache variable, RIPCache , is used by specialized print filters such as imagetoraster and pstoraster. By default, the cache is 8MB; you can set caches in kilobytes and gigabytes with values such as 100k or 1g .
#RIPCache 8m
| Note | In this case, RIP has nothing to do with the TCP/IP Routing Information Protocol. |
If you find that the print jobs are taxing the capacity of your server, you may want to set a FilterLimit . Normally, this variable is set to 0, which corresponds to no limit:
#FilterLimit 0
The number that you use will be based on trial and error; a couple of guidelines are available. If you want to print to a regular printer, you should set this value to 200; if you have several regular printers, set this value higher. If you set this value lower than 200, you effectively limit CUPS to processing one job at a time.
Encryption Support
Sometimes network communication is encrypted. You can configure CUPS to read encrypted print requests. The SSL certificate and key are defined by the following variables:
#ServerCertificate /etc/cups/ssl/server.crt #ServerKey /etc/cups/ssl/server.key
And these certificates must be refreshed over a network periodically, as driven by the RootCert- Duration variable, in seconds:
#RootCertDuration 300
CUPS Accounts
While CUPS is started by the root user, CUPS jobs are normally run by other users with less access. And when you access CUPS from a different computer, CUPS assigns you a different username, remroot, as specified by the RemoteRoot variable:
#RemoteRoot remroot
The standard CUPS user is lp and the standard group is sys, as defined by the User and Group variables. You can supersede these with the RunAsUser Yes command:
#User lp #Group sys
Basic Network Settings
CUPS was developed for TCP/IP networks. When you configure CUPS, you can set it to listen for specific computers and/or IP addresses on specific ports. For example, the following commands set CUPS to listen on Port 631, for requests from the computer named linux.mommabears.com , for requests from the 192.168.22.0 network:
Port 631 Listen linux.mommabears.com Listen 192.168.22.0
If you want to listen for a specific hostname, you need to set the HostNameLookups variable to on. You can even combine some of these settings; for example, the following commands set CUPS to listen for requests from the 10.11.12.0 network, on port 80:
Listen 10.11.12.0:80
| Note | In Apache 2.0.x, the Listen directive has replaced the Port directive. See Chapter 30 for more information. |
Normally, you should stick with IP addresses in the cupsd.conf configuration file. Looking up domain names in a DNS server can take time and slow down your CUPS print server. If you want, you can set the HostNameLookup variable to direct CUPS to look for the IP address associated with a domain name. Naturally, the default is off; however, the following commented line is included in the default Red Hat Linux cupsd.conf file:
# HostNameLookups On
CUPS normally keeps open connections with web browsers, courtesy of the KeepAlive On variable. However, if you re administering CUPS through an older web browser such as Netscape 2.x,
KeepAlive doesn t work. In that case, you need to set a time that CUPS will wait for data from the web-based tool. That s defined by the KeepAliveTimeout setting, which keeps the connection open for the noted period of time, in seconds:
#KeepAlive On #KeepAliveTimeout 60
User Limits
When you set up a print server on a network, any user may request access at any time. The MaxClients variable limits the number of users that connect to your CUPS print server; the default limit is 100 users:
#MaxClients 100
You can log into a single host computer multiple time; by default, that s 1/10th the value of MaxClients .
You may also want to regulate the size of jobs sent through your CUPS print server. You might want very large jobs to be sent to other servers. You can set a limit with the MaxRequestSize variable in bytes or megabytes. However, the default is to avoid a limit by using the following command:
#MaxRequestSize 0
Related variables include MaxJobsPerPrinter and MaxJobsPerUser . If you want to set job limits on your CUPS printers or users, these variables are easy to understand.
Sometimes, a user will try to send a print job, but her program doesn t comply . A standard Timeout variable is set to close the CUPS connection; the default is 300 seconds:
#Timeout 300
Network Browsing
The browse parameters in CUPS relate to whether other computers on your network (or even other networks) can see the printers that you ve configured with your CUPS server. By default, Browsing is on; other parameters determine how other computers see your CUPS printers.
There are two protocols that you can configure for CUPS browsing: CUPS and SLPv2. CUPS broadcasts printer information; SLPv2 is the second version of the Service Location Protocol (SLP), which allows other computers to find available services.
Either protocol can be configured to collect and distribute information on shared printers on the network. The default is CUPS; if you want to use SLPv2, your network needs access to at least one SLPv2 directory agent. While CUPS is the default protocol, you can configure either or both with one of the following commands:
#BrowseProtocols cups #BrowseProtocols slp #BrowseProtocols all
When your CUPS server broadcasts data on your shared printers, it needs a broadcast address. This is usually the broadcast IP address for your network, and is designated as BrowseAddress . If your network includes a dial-up connection, you can set BrowseAddress to @LOCAL; or, if you want browsing only on the network connected to your eth2 network card, use @IF(eth2) . You can use as many BrowseAddress commands as you need. Here are some examples:
#BrowseAddress 192.168.99.255 #BrowseAddress 10.255.255.255 #BrowseAddress @IF(eth1)
If your printer names are self-explanatory ( hplaser@joescomp , for example), you don t have to specify the full location of the printer. CUPS assumes that you have some skill in this area, so the BrowseShortNames variable is set to yes. If you re in a big organization with large numbers of printers, and you want extended data on each printer, set it to No . , as shown here:
#BrowseShortNames Yes
Whenever you add or share a new CUPS printer, CUPS needs to update the list of available printers. This is controlled through the BrowseInterval variable, which is set to 30 seconds by default:
#BrowseInterval 30
Alternatively, you could set BrowseInterval to 0, which means that information on new CUPS printers will not be sent automatically to other computers. However, you can configure another CUPS server to find your printer browse list. For example, the following command gets the list of printers from a CUPS server at 192.168.0.222 on port 631:
#BrowsePoll 192.168.0.222:631
Whatever you do, don t set BrowseTimeout to a value lower than BrowseInterval . If you do, printers are removed from your list before they re shared with the rest of the network. The default is 300 seconds:
#BrowseTimeout 300
If you want to provide access to other networks, use the BrowseRelay variable. The following are examples of commands you d use to send the list of your shared CUPS printers to computers on other networks. The first address or interface must be on the local network. If you re using IP addresses, the second address can be a broadcast address for the other network.
#BrowseRelay 192.168.0.222 10.12.15.255 #BrowseRelay 192.168.0.0/24 10.12.15.255
The default port for CUPS broadcasts is the standard TCP/IP port for the Internet Print Protocol (IPP), 631. You could make your system a bit more secure by specifying a different port, but you d have to make sure that all other computers on your network are looking for printers on that different port by using the BrowsePort variable:
#BrowsePort 631
Browse Security
You can limit the computers that are allowed to browse your list of CUPS printers. By default, BrowseAllow accepts data from all addresses and BrowseDeny does not deny access to any computer.
You can specify networks by their IP address, network address, or domain name in a number of ways. Here are examples of valid commands:
# BrowseAllow 10.12.0.0/24 # BrowseAllow 10.12.0.0/255.255.0.0 # BrowseAllow all # BrowseDeny *.example.com # BrowseDeny none # BrowseDeny @IF(eth1)
But what comes first, Allow or Deny? That s determined by the BrowseOrder variable. If it s set to
#BrowseOrder allow,deny
computers are allowed to see your list of shared printers, unless specifically listed in a BrowseDeny command. Conversely, the following command allows access only if the computer is listed in a BrowseAllow command:
#BrowseOrder deny,allow
| Note | Naturally, if you want to specify a domain or a hostname, you need to set HostNameLookups to On . |
System Security
The area of security is where cupsd.conf looks most like an Apache configuration file. While the default CUPS user is sys, as defined by the SystemGroup variable
#SystemGroup sys
you can configure < Location / > containers to regulate access IP addresses, classes, jobs, encryption, and more. The standard Red Hat configuration allows access to the CUPS server only from the local computer:
<Location /> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location>
You can specify other IP addresses in regular or CIDR notation. If you have HostNameLookups set to on (not recommended), you can even use host or domain names. As shown here, you can limit access by class (the first example limits access to a class named AnyPrinter ) or by printer (the second example limits access to a specific printer named HPLaserJet):
<Location /AnyPrinter> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location> <Location /AnyPrinter/HPLaserJet> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location>
Other containers allow you to regulate administrative operations, as shown in Table 25.11.
| Container | Description |
|---|---|
| < Location / > | Associated with all CUPS print operations. |
| < Location /admin > | Associated with CUPS administrative operations; it may be a good idea to limit administrative access to CUPS. |
| < Location /classes > | Associated with limits on all configured CUPS printer classes. |
| < Location /classes/ classname > | Associated with limits on the CUPS printer class named classname . |
| < Location /jobs > | Associated with limits on print job management. |
| < Location /printers > | Associated with limits administrative access on managing all printers. |
| < Location /printers/ printname > | Associated with limits administrative access on managing the printer named printname . |
Don t forget to end your containers with the < /Location > command. Besides Order , Deny , and Allow , there are other commands that you can add to a < Location / > container. They are described in Table 25.12.
| Command | Description |
|---|---|
| Allow | Used for computers or interfaces allowed to access the specified printer or class. |
| Anonymous | Indicates that no username or password is required; generally the default. |
| AuthClass | Specifies required authentication; options include Anonymous , User , System , and Group . |
| AuthGroupName | Sets the name of the group associated with a Group AuthClass . |
| AuthType | Defines the type of required usernames and passwords; options include None , Basic using /etc/passwd , Digest and Basic Digest using /etc/cups/passwd.md5 . |
| Deny | Used for computers or interfaces not allowed to access the specified printer or class. |
| Encryption | Specifies whether encryption is required for usernames and passwords; options include Never , IfRequested , Required , and Always . |
| Limit | Specifies allowed CUPS request commands. |
| LimitExcept | Specifies prohibited CUPS request commands. |
| Order | Specifies how CUPS reads the Deny and Allow commands. |
| Require | Limits access to a group , a user , or all users with valid-user . |
Printer Classes
You don t have to configure a class for each CUPS printer. You can set up ImplicitClasses for different printers with the same name, such as HPLaserJet. Print jobs to an Implicit Class are sent to the printer with the first available queue. ImplicitClasses is on by default:
#ImplicitClasses On
You can set the Implicit Class name to AnyPrinter by setting ImplicitAnyClasses to on. It is off by default:
#ImplicitAnyClasses Off
If you re using ImplicitClasses , your users don t really need to know about individual printers in a class. If ImplicitClasses is on, the HideImplicitMembers variable is on by default.
#HideImplicitMembers On
Printer Management
Once you ve configured CUPS, you can use the CUPS GUI tool to manage current print jobs. You can also set up the cups-lpd service to allow you to use most standard LPD commands, including lpr , lpq , and lprm . These commands are covered later in this chapter. Finally, you can monitor the CUPS log files in the /var/log/cups directory for status, errors, and suspicious access attempts.
Job Management
It s easy to manage active CUPS print jobs. The CUPS Jobs screen in Figure 25.15 shows two different print jobs. If you need to print job MyLaserJet-8 first, you click MyLaserJet-7 s Hold Job button. CUPS displays a message that Job 7 has been held from printing, and Job MyLaserJet-8 starts automatically.
Figure 25.15: Managing CUPS print jobs
Job MyLaserJet-7 is held in the print queue until you return to the Jobs menu and click the Release Job button.
Activating LPD Commands
To activate LPD-style commands for a CUPS server, you need to activate the cups-lpd service in the /etc/xinetd.d directory. You can activate this service with the chkconfig service cups-lpd on command. More information on managing xinetd services is available in Chapter 23 .
You may need to activate cups-lpd for some applications that were originally designed for an LPD-style interface.
CUPS Log Files
CUPS log files, which we briefly described earlier in this chapter, are normally stored in the /var/log/ cups directory. The access_log file lists the computer along with the date and time of access to the CUPS server. The example shown in Figure 25.16 lists access from only the default local computer, localhost.
Figure 25.16: CUPS access_log file
The error_log file lists more than just standard errors; as shown in Figure 25.17, it also lists basic activity of the CUPS server, including on the first line, the print job that was held in the previous section.
Figure 25.17: CUPS error_log lists more than just errors.
Finally, the page_log file lists any job that s been sent to the queue, even if it was cancelled. An example of this file is shown in Figure 25.18.
Figure 25.18: CUPS page_log lists print jobs.
EAN: 2147483647
Pages: 220