Configuring the Common Unix Print System

In many cases, configuring the Common Unix Print System (CUPS) is easy. Since CUPS is the default, if the right packages are installed CUPS may already be activated on your computer. Many LPD commands can be used on CUPS printers; all you need to do is activate the xinetd -managed daemon, cups-lpd .

You can configure many CUPS printers through a web-based interface on TCP/IP port 631, which is the communications channel for IPP. However, if you re configuring a group of CUPS printers, you need to know how to directly edit the CUPS configuration files in the /etc/cups directory.

Check your current CUPS RPM packages. Install them if they re not already on your computer. These packages are summarized in Table 25.3.

Table 25.3: CUPS RPM Packages

Package

Description

cups-*

The main CUPS package, which includes basic commands and default configuration files.

cups-libs-*

A package that allows you to use access CUPS commands without having to use LPD commands such as lpr .

cups- devel -*

The CUPS development libraries.

cups-drivers-*

Drivers for CUPS-based printers. You may need to download these from a third-party source such as www. rpmfind .net; alternatively, the redhat-config-printer-* package and command includes a broad list of printer drivers.

foomatic-*

A spooler independent database of printers; supports redhat-config-printer .

hpijs-*

Print drivers optimized for HP printers.

In the sections that follow, we start with the web-based interface, and then offer a detailed look at each of the CUPS configuration files in /etc/cups . Finally, we look at some basic CUPS commands and the cups-lpd service that lets you use LPD commands.

Note  

The names of the CUPS files, daemons, and scripts may be a bit confusing. The CUPS daemon is cupsd , in the /usr/sbin directory. However, Red Hat Linux lets you start and stop CUPS with a cups script in the /etc/rc.d/init.d directory. Finally, the main CUPS configuration file is cupsd.conf , in the /etc/cups directory.

Graphical Configuration

You can set up CUPS printers on the web browser of your choice. It s quite possible that the CUPS RPM packages are installed and the cups daemon is active. In that case, all you need to do is open the local browser of your choice on TCP/IP port 631.

Note  

You can run the CUPS configuration program from a web browser on a remote computer. However, this requires you to have no firewall between those two computers ”at least none that block port 631. While we don t encourage this practice, you may find the risks acceptable if you re on a LAN protected from outside networks with a firewall.

start sidebar
For Upgraders: Converting from LPD to CUPS

If you re using Red Hat 8.0 or earlier, your default print server is probably LPD. If you upgrade to Red Hat 9, Red Hat is not supposed to automatically change your print server; LPD remains active on your computer.

Assuming you ve made the decision to move to CUPS, you ll want to make sure that the lpd daemon is no longer active when you start Linux. Then you can make sure that the cupsd daemon (from the /usr/sbin directory) is activated at the appropriate runlevels. The following commands should work:

 # chkconfig --level 2345 lpd off # chkconfig --level 2345 cups on 

Before you actually use a CUPS printer, you ll need to run redhat-switch-printer to let you switch from LPD and CUPS. (LPD is sometimes known by the name of its RPM package, LPRng, or Line Print Request, next generation.)

Naturally, if you ve just installed Red Hat Linux 9 and want to use LPD instead, you can reverse these steps.

end sidebar
 

Now open the browser of your choice, and direct it to http://localhost:631 . Figure 25.1 shows the result in the Mozilla web browser.

click to expand
Figure 25.1: The CUPS printer configurator
Tip  

You may see the following message in your browser: The connection was refused when attempting to contact servername :631. If you do, you haven t activated the cupsd daemon, or you have a firewall that s blocking access to port 631.

As you can see, there are six different command options; the ESP link at the top of the web page is a link to the people behind CUPS, Easy Software Products at www.easysw.com . The other options are fairly straightforward and are summarized in Table 25.4.

Table 25.4: CUPS Configuration Menu Options

Option

Description

ESP

Navigates to www.easysw.com

Administration: Do Administration Tasks

Allows you to add or manage printers, classes, and print jobs

Classes: Manage Printer Classes

Lets you add or manage a group of printers as a class

Help: On-Line Help

Includes HTML and PDF manuals related to CUPS

Jobs: Manage Jobs

Allows you to manage current print jobs in the CUPS system

Printers: Manage Printers

Lets you add or manage an individual printer

Software: Download The Current CUPS Software

Navigates to www.cups.org for the latest available CUPS packages

Since the Administration link provides an all-in-one configuration interface, we ll examine these options (except ESP) in reverse order.

Tip  

Before you continue, back up the files in your /etc/cups directory. The original format of these files will be used later in this chapter.

You can use the redhat-config-printer tool described later in this chapter to configure or edit the printers of your choice. It works with either CUPS or LPD, as long as only one of these (not both) daemons is active. It s in the Red Hat s Printer GUI Tool section.

Tip  

The redhat-config-printer tool provides easy access to a wide variety of print drivers, customized by manufacturer and model.

Downloading CUPS

If you want to download the latest version of CUPS, it s available from the CUPS website at www.cups.org; see Figure 25.2. As of this writing, downloadable versions from www.cups.org are available only in tarball-style formats and may not be customized for Red Hat Linux.

click to expand
Figure 25.2: The CUPS home page
Note  

The www.cups.org website is maintained by Easy Software Products; their home page is www.easysw.com . But remember, CUPS is open-source software licensed under the GPL.

Therefore, it s usually best to download the latest version of CUPS from a Red Hat FTP server. As described in Chapter 10 , there are two basic paths to the latest Red Hat “customized CUPS software: download from a Rawhide directory or use the up2date utility.

Managing Printers

At this point, click on the Printers or Manage Printers link. The CUPS configuration tool takes you to a list of currently configured printers. Click Add Printer. Even if you re logged in as the root user , CUPS should prompt you for your administrative account, as shown in Figure 25.3.

click to expand
Figure 25.3: Authorized access

Once you ve entered the appropriate username (usually root) and password, you re taken to the Add New Printer screen shown in Figure 25.4.

click to expand
Figure 25.4: The Add New Printer screen

In this screen, you ll need to enter the name, location, and description of the printer, as defined in Table 25.5.

Table 25.5: Adding a New Printer

Entry

Description

Name

A basic name for your printer such as MyLaserJet or HPLaserJet.

Location

The hostname or domain name associated with the printer, such as RH81Test or HPLaser.mommabears.com .

Description

A descriptive name of your choice; you could include the physical location of the printer.

Make your entries, click Continue, and move on to the next section.

Specifying a Print Device

As you can see in Figure 25.5, a variety of print devices are available. CUPS can administer printers connected to various physical ports as well as print servers. Some of these options are described in Table 25.6.

click to expand
Figure 25.5: Specifying a print device
Table 25.6: CUPS Print Device Types

Device

Description

AppSocket/HP JetDirect

For printers connected to a Hewlett-Packard JetDirect print server.

Internet Printing Protocol (http)

If you re setting CUPS to communicate on port 80, you can set the address of your printer as http:// printername .

Internet Printing Protocol (ipp)

Normally, CUPS uses IPP port 631, which corresponds to a URI of ipp:// printername .

LPD/LPR Host Or Printer

For printers managed through an LPD print server.

Parallel Printer

For printers connected via a local parallel port.

SCSI Printer

For printers connected via a SCSI interface.

Serial Port # x

For printers connected to a local serial port.

USB Printer # x

For printers connected to a local USB port.

Windows Printer Via SAMBA

For shared printers connected via a Microsoft Windows computer; may also apply to Linux computers that connect to a network via Samba.

Make your selection, click Continue, and proceed to the next section.

Setting a URI

Next, you ll set the URI for the new printer. CUPS prompts you with the first letters of the URI, such as lpd , smb , socket , or http . In the previous step, we selected Internet Print Protocol (IPP) as the print device. In the example shown in Figure 25.6, the printer is connected to the computer named RH90, with the printer name of MyLaserJet.

click to expand
Figure 25.6: Setting a printer URI
Tip  

If you selected a local physical printer port, no URI is required; CUPS skips this section.

If your computer includes more than one print port, you can add the device name to the end of the URI:

 ipp://RH9/MyLaserJet/dev/lp0 

Alternatively, if you were configuring a shared Samba printer, the URI would start with smb: and end with the share name. For example, a shared Samba printer named myprint on a computer named printserv would have the following URI:

 smb://printserv/myprint 

Enter the appropriate URI, click Continue, and proceed to the next section.

Selecting a Print Model

This section is fairly straightforward. You re telling CUPS what print filter to use for your printer. In this section, you should select the make of your printer, as shown in Figure 25.7. If the make of your computer is not shown, it may be a PostScript printer. Alternatively, your printer may not need a filter; in other words, it can handle raw output. Raw and PostScript options are available here as well.

click to expand
Figure 25.7: Selecting a print model

If you see only a small list of print models and drivers, that s because Red Hat is focusing more on configuration via redhat-config-printer , which has an extensive collection of print drivers, courtesy of the foomatic-* RPM. Other versions of Linux include additional print drivers with the cups-drivers-* RPM package. This RPM was also a part of Red Hat 8.0. Select your print model, click Continue, and then proceed to the next section.

Selecting a Print Driver

Now you can select a print driver. Depending on the make of your printer, the options can be extensive. If you see more than one driver for your printer in Figure 25.8, some trial and error may be appropriate

click to expand
Figure 25.8: Selecting a print driver

Select your print model and click Continue. You should see a message like the following:

 Printer MyLaserJet has been added successfully. 

The name that you set for the printer should now be a link in the browser (indicated by the underline). You can click on the link to see the current status of your newly configured CUPS printer.

Now navigate to http://localhost:631 to return to the main CUPS menu.

Managing Jobs

It is easy to check the current queue of print jobs. Click the Jobs or Manage Jobs link, and you ll see a current list of jobs in the queue. These jobs are stored in files in the /var/spool/cups directory. If there are pending jobs, you ll see them in a format similar to what is shown in Figure 25.9.

click to expand
Figure 25.9: Pending CUPS print jobs

As shown in the figure, it s easy to Hold or Cancel pending print jobs. Any job that is held is stored in /var/spool/cups; other jobs are processed first. You can then release the job to the queue as desired. More details on each job are available by clicking the associated ID.

One useful CUPS feature is a history of completed jobs. Click the Show Completed Jobs button to inspect your completed jobs, similar to what s shown in Figure 25.10. You can use this feature to monitor the activity of your printers to see if a print job is complete.

click to expand
Figure 25.10: CUPS completed print jobs
Tip  

If you re having trouble printing from a CUPS configured printer, you might have accidentally switched to LPD.

Accessing Online Help

Considerable online help is available for CUPS. All you need to do is click Help or On-Line Help. Either link opens the CUPS documents that are installed with the cups-* RPM in your local computer. Briefly , they include the documents shown in Table 25.7. Additional manuals are available for CUPS developers.

Table 25.7: CUPS Online Documents

Document

Description

An overview of the Common Unix Printing System

Describes the basic structure of CUPS, how it works with IPP 1.1, and compatibility with LPD commands

Software Users Manual

Includes a detailed description of the way you can customize printing with the right CUPS commands

Software Administrators Manual

Includes a detailed description of the CUPS installation and the language of the /etc/cups configuration files

CUPS Implementation of IPP

Compares CUPS functionality to IPP requirements

Now navigate to http://localhost:631 to return to the main CUPS menu.

Managing Printer Classes

The strength of CUPS is how it allows you to organize groups of printers. Once you ve configured your printers, you can group them into CUPS classes. When you send a print job to a class, the job is processed by the first available printer in that class. Users no longer need to wait until an available printer is free.

click to expand
Figure 25.11: Adding a new printer class

In the CUPS menu, click Classes. CUPS takes you to a screen with currently configured printer classes. Click Add Class to open the Add New Class screen, shown in Figure 25.11. In this case, the new class name is HPLasers, which is different from any existing printer name. The Location and Description fields are essentially the same as when you added a new CUPS printer; Location corresponds to the hostname or domain name associated with the print server, and Description gives you a chance to add a descriptive comment about the new printer class.

Click Continue; CUPS now takes you to the Members For PrintClassName screen. All configured CUPS printers are included in this screen, even if they re already assigned to a different class. To add the printers shown in Figure 25.12 to the new HPLasers class, highlight them and click Continue. CUPS displays a message that the HPLasers class has been added successfully. Now you can print to HPLasers, and CUPS will send the job to the first available printer in that class.

click to expand
Figure 25.12: Adding printer class to the new

Click Classes again, and you ll see a screen with your configured printer classes. Figure 25.13 illustrates the class that we created, with the members MyLaserJet and SecondLaserJet1.

click to expand
Figure 25.13: A defined printer class

Now navigate to http://localhost:631 to return to the main CUPS menu.

Administrative Tasks

When you click Administration or Do Administration Tasks, you re taken to a menu where you can manage printer classes, print jobs, and printers. As shown in Figure 25.14, this is close to an all-in-one CUPS administration menu.

click to expand
Figure 25.14: The CUPS Administration menu

The lpadmin Command

While it s common for expert Linux administrators to administer from the command-line interface, many have come to trust the CUPS web-based configurator. Many don t trust the extra layer associated with a GUI interface; there is more that can go wrong. Not surprisingly, it s still possible to administer CUPS printers from the command line by using the lpadmin command. So many printer types and models are available, however, that this command becomes impractical .

But you can administer from the command line. One key function is to set up a user-based quota for your printer. This can help you track usage. For example, you can set quotas on a specific printer using the lpadmin command. The following command specifies that all users are limited to 10 pages per day on the printer named MyLaserJet:

 # lpadmin -p MyLaserJet -o job-quota-period=86400 -o job-page-limit=10 

Alternatively, you could use the -o job-k-limit switch to limit the amount of data sent to the printer in kilobytes.

You can also limit access to a specified printer. For example, the following command limits access to printer MyLaserJet to user ez and tblair:

 # lpadmin -p MyLaserJet -u allow:ez,tblair 

Alternatively, this command prohibits access to printer MyLaserJet for user mj:

 # lpadmin -p MyLaserJet -u deny:mj 

The lpadmin command affects the data in /etc/cups/printers.conf .

The lpstat Command

You can check the status of your printers and classes with the lpstat command. It s fairly straightforward; the -c class option lists members of the specified class; the -v printer option lists the device or address for the specified printer.

Configuration Files

The CUPS configuration files are stored in the /etc/cups directory. If you re familiar with the Apache web server described in Chapter 30 , you should be comfortable with CUPS.

The language is similar. Remember, CUPS lists printers by their URIs, such as ipp://RH9/ MyLaserJet . As you know, URLs list locations with addresses such as http://www.sybex.com . The standard configuration files are listed in Table 25.8; we examine /etc/cups/cupsd.conf in detail in the following section.

Table 25.8: CUPS Configuration Files (in /etc/cups )

File

Description

classes.conf

Specifies different groups of printers; when you create a new printer class with the CUPS web-based tool, the details are written here.

client.conf

Points to a default CUPS server; you may specify encryption requirements.

cupsd.conf

The main CUPS configuration file.

mime.convs

Lists filters for various file formats, such as documents and images.

mime.types

Lists file types that can be processed through CUPS printers.

printers.conf

The configuration file changed by the CUPS web-based tool; the details are written here.

pstoraster.convs

Contains a conversion filter for Ghostscript files, the way GNU works with PostScript printers.

/etc/cups/cupsd.conf

While you can set up CUPS printers and classes with the web-based tool, to administer a group of printers you need to understand the main CUPS configuration file, /etc/cups/cupsd.conf . This section explains the default version of this file in detail; as you ll see, a number of variables are commented out that you can activate for your network of printers.

The variables listed in this section don t exactly match the order shown in the default /etc/cups/ cupsd.conf configuration file; for example, variables related to log files are grouped together in their own section.

Other variables are available for cupsd.conf; for more information see the CUPS Software Administrator s Manual, available in the On-Line Help section of the CUPS GUI configuration program.

Note  

Remember, the # is a comment code; you need to remove it to activate the command. In some cases, the command shown as a comment is the default.

Server Variables

The ServerName variable is straightforward; it lists the visible name of your CUPS print server computer. By default, it is set to the hostname of the local computer:

 #ServerName myhost.domain.com 

This name should match the ServerName variable on CUPS client computers in /etc/cups/client .conf . Next, the ServerAdmin variable is essentially set to the e-mail address of the "webmaster" of the CUPS server:

 #ServerAdmin root@your.domain.com 

Standard Directories

Several files are listed in cupsd.conf; if listed with the relative path , they are relative to the directory listed as ServerRoot; by default, this is set to /etc/cups :

 #ServerRoot /etc/cups 

By default, the CUPS RPM packages store standard print data in the /usr/share/cups directory. This includes classifications, fonts, character sets, the help documents, and more. You can change where CUPS looks for this directory by changing the following variable:

 #DataDir /usr/share/cups 

When you send a print job, it is processed into a file that is stored on a spool. Normally, the file stays in the spool directory until the printer physically processes the job. The standard directory is specified with the RequestRoot variable. By default, it s /var/spool/cups :

 # RequestRoot /var/spool/cups 

CUPS also needs a temporary directory writeable by all users. Filters may be stored in this directory while a print job is being processed. While the default is /var/tmp , Red Hat Linux configures this in the /var/spool/cups/tmp directory, as shown here:

 #TempDir /var/spool/cups/tmp 

If you create your own temporary CUPS directory as root, you can set the appropriate permissions with this command:

  # chmod a+t /tempdir  

To help you visualize the result, here is the output from an ls -l /var/spool/cups command:

 drwx------T   2 lp   sys    4096 Mar 3 12:48 tmp 

Log File Variables

As described in Chapter 13 , most log files are stored in the /var/log directory. CUPS log files are no exception; they are stored in the /var/log/cups directory. The standard log file lines are as follows :

 #AccessLog /var/log/cups/access_log #ErrorLog /var/log/cups/error_log #PageLog /var/log/cups/page_log 

These variables are set to default values. Of course, you can redirect these log files to the directory of your choice. These logs collect data as described in Table 25.9.

Table 25.9: CUPS Log Files

File

Description

access_log

Lists HTTP files accessed through the CUPS web management tool

error_log

Includes more than just error messages; in standard log format, includes err, warn, info , and debug messages

page_log

Notes each page that is sent to a printer

Chapter 13 describes how log files are rotated on a weekly basis. The MaxLogSize variable also forces the aforementioned logs to be rotated once the log file reaches a certain size . If the variable is not set, the default is 1MB; if it s set to 0, logs aren t rotated unless specified by another job such as those listed in the /etc/cron.daily directory:

 MaxLogSize 0 

Chapter 13 also describes how logs collect data based on settings in the /etc/syslog.conf configuration file. The available levels for CUPS, which are slightly different, appear in Table 25.10. By default, LogLevel is set to info :

 LogLevel info 
Table 25.10: CUPS Log Levels

Level

Description

emerg

Conditions that prevent CUPS from working

alert

Items that must be addressed immediately

crit

Critical errors that might not prevent CUPS from working

error

General errors

warn

Warning messages

notice

Temporary errors

info

All requests

debug

Basic debug information

debug2

All debugging information

Security Printouts

You can set a header on each printed page. If security requirements are associated with printouts on your network, you can uncomment one of the following commands:

 #Classification classified #Classification confidential #Classification secret #Classification topsecret #Classification unclassified 

By default, there is no Classification . But if there is one, the ClassifyOverride variable may apply. If you set this variable to on, it allows users to change the classification associated with a specific print job. The default is off, as shown here:

 #ClassifyOverride Off 

The standard font used by the CUPS web-based configuration tool is set by the DefaultCharset variable. Common options include iso-8859-1 and windows-1251 . But this does not apply if a DefaultLanguage variable is present, or if the CUPS client sets a different DefaultCharset :

 #DefaultCharset utf-8 

The DefaultLanguage specifies the language used for connections to the CUPS web browser tool. By default, it s English (en); alternatives include German (de), Spanish (es), French (fr), and Italian (it):

 #DefaultLanguage en 

As with Apache, the DocumentRoot variable specifies the base directory for different HTML pages. In this case, these HTML pages are associated with the CUPS web browser tool. By default, it s set to the /usr/share/doc/cups- versionnumber directory.

 #DocumentRoot /usr/share/doc/cups-  versionnumber  

Linux generally implements PostScript files using Ghostscript. When such files are sent to a printer, they need the fonts as currently specified by the FontPath variable. By default, this variable is set as:

 #FontPath /usr/share/cups/fonts 

Print Job Management

There are four basic variables related to how print jobs are managed. For example, you can configure your CUPS print server to keep a record of past jobs, or even the spool files. The PreserveJobHistory variable, which is set to yes by default, keeps a record of past jobs:

 #PreserveJobHistory Yes 

You can keep a history of past job spool files. If this variable is set to yes, you can reprint previous jobs until you purge them. However, the PreserveJobFiles variable by default is set to no:

 #PreserveJobFiles No 

You may not have unlimited hard disk space. The MaxJobs variable sets a limit on the number of previous print jobs that you might preserve. The default is 500:

 #MaxJobs 500 

Naturally, this goes hand-in-hand with a limit on copies, as defined by the MaxCopies variable:

 #MaxCopies 100 

Normally, it s a good idea to set quotas to track usage of your CUPS printers, as described earlier with the lpadmin command. Print jobs are normally not purged, so data associated with printer usage remains on your system.

Conversely, if you have not set quotas, you have no need to keep track of the number of print jobs run by any user.

You can then activate the AutoPurgeJobs variable, which automatically deletes print jobs from the system.:

 #AutoPurgeJobs No 

You can configure a list of available printers in a standard file such as /etc/printcap with a straightforward command:

 #Printcap /etc/printcap 

Normally, /etc/printcap is based on the LPD system, developed for BSD. However, a similar format is available for the Solaris operating system. While the BSD-style system is the default, you can activate either with one of the following commands:

 #PrintcapFormat BSD #PrintcapFormat Solaris 
Note  

Don t worry about the PrintcapGUI variable; it s used for printer control only for the SGI IRIX operating system.

Some print jobs need help from a program; these programs are normally stored in executable format in /usr/lib/cups , as specified by the ServerBin variable:

 #ServerBin /usr/lib/cups 

Most printers are configured to print graphics in Raster mode, dot by dot. However, the Raster Image Processing Cache variable, RIPCache , is used by specialized print filters such as imagetoraster and pstoraster. By default, the cache is 8MB; you can set caches in kilobytes and gigabytes with values such as 100k or 1g .

 #RIPCache 8m 
Note  

In this case, RIP has nothing to do with the TCP/IP Routing Information Protocol.

If you find that the print jobs are taxing the capacity of your server, you may want to set a FilterLimit . Normally, this variable is set to 0, which corresponds to no limit:

 #FilterLimit 0 

The number that you use will be based on trial and error; a couple of guidelines are available. If you want to print to a regular printer, you should set this value to 200; if you have several regular printers, set this value higher. If you set this value lower than 200, you effectively limit CUPS to processing one job at a time.

Encryption Support

Sometimes network communication is encrypted. You can configure CUPS to read encrypted print requests. The SSL certificate and key are defined by the following variables:

 #ServerCertificate /etc/cups/ssl/server.crt #ServerKey /etc/cups/ssl/server.key 

And these certificates must be refreshed over a network periodically, as driven by the RootCert- Duration variable, in seconds:

 #RootCertDuration 300 

CUPS Accounts

While CUPS is started by the root user, CUPS jobs are normally run by other users with less access. And when you access CUPS from a different computer, CUPS assigns you a different username, remroot, as specified by the RemoteRoot variable:

 #RemoteRoot remroot 

The standard CUPS user is lp and the standard group is sys, as defined by the User and Group variables. You can supersede these with the RunAsUser Yes command:

 #User lp #Group sys 

Basic Network Settings

CUPS was developed for TCP/IP networks. When you configure CUPS, you can set it to listen for specific computers and/or IP addresses on specific ports. For example, the following commands set CUPS to listen on Port 631, for requests from the computer named linux.mommabears.com , for requests from the 192.168.22.0 network:

 Port 631 Listen linux.mommabears.com Listen 192.168.22.0 

If you want to listen for a specific hostname, you need to set the HostNameLookups variable to on. You can even combine some of these settings; for example, the following commands set CUPS to listen for requests from the 10.11.12.0 network, on port 80:

 Listen 10.11.12.0:80 
Note  

In Apache 2.0.x, the Listen directive has replaced the Port directive. See Chapter 30 for more information.

Normally, you should stick with IP addresses in the cupsd.conf configuration file. Looking up domain names in a DNS server can take time and slow down your CUPS print server. If you want, you can set the HostNameLookup variable to direct CUPS to look for the IP address associated with a domain name. Naturally, the default is off; however, the following commented line is included in the default Red Hat Linux cupsd.conf file:

 # HostNameLookups On 

CUPS normally keeps open connections with web browsers, courtesy of the KeepAlive On variable. However, if you re administering CUPS through an older web browser such as Netscape 2.x,

KeepAlive doesn t work. In that case, you need to set a time that CUPS will wait for data from the web-based tool. That s defined by the KeepAliveTimeout setting, which keeps the connection open for the noted period of time, in seconds:

 #KeepAlive On #KeepAliveTimeout 60 

User Limits

When you set up a print server on a network, any user may request access at any time. The MaxClients variable limits the number of users that connect to your CUPS print server; the default limit is 100 users:

 #MaxClients 100 

You can log into a single host computer multiple time; by default, that s 1/10th the value of MaxClients .

You may also want to regulate the size of jobs sent through your CUPS print server. You might want very large jobs to be sent to other servers. You can set a limit with the MaxRequestSize variable in bytes or megabytes. However, the default is to avoid a limit by using the following command:

 #MaxRequestSize 0 

Related variables include MaxJobsPerPrinter and MaxJobsPerUser . If you want to set job limits on your CUPS printers or users, these variables are easy to understand.

Sometimes, a user will try to send a print job, but her program doesn t comply . A standard Timeout variable is set to close the CUPS connection; the default is 300 seconds:

 #Timeout 300 

Network Browsing

The browse parameters in CUPS relate to whether other computers on your network (or even other networks) can see the printers that you ve configured with your CUPS server. By default, Browsing is on; other parameters determine how other computers see your CUPS printers.

There are two protocols that you can configure for CUPS browsing: CUPS and SLPv2. CUPS broadcasts printer information; SLPv2 is the second version of the Service Location Protocol (SLP), which allows other computers to find available services.

Either protocol can be configured to collect and distribute information on shared printers on the network. The default is CUPS; if you want to use SLPv2, your network needs access to at least one SLPv2 directory agent. While CUPS is the default protocol, you can configure either or both with one of the following commands:

 #BrowseProtocols cups #BrowseProtocols slp #BrowseProtocols all 

When your CUPS server broadcasts data on your shared printers, it needs a broadcast address. This is usually the broadcast IP address for your network, and is designated as BrowseAddress . If your network includes a dial-up connection, you can set BrowseAddress to @LOCAL; or, if you want browsing only on the network connected to your eth2 network card, use @IF(eth2) . You can use as many BrowseAddress commands as you need. Here are some examples:

 #BrowseAddress 192.168.99.255 #BrowseAddress 10.255.255.255 #BrowseAddress @IF(eth1) 

If your printer names are self-explanatory ( hplaser@joescomp , for example), you don t have to specify the full location of the printer. CUPS assumes that you have some skill in this area, so the BrowseShortNames variable is set to yes. If you re in a big organization with large numbers of printers, and you want extended data on each printer, set it to No . , as shown here:

 #BrowseShortNames Yes 

Whenever you add or share a new CUPS printer, CUPS needs to update the list of available printers. This is controlled through the BrowseInterval variable, which is set to 30 seconds by default:

 #BrowseInterval 30 

Alternatively, you could set BrowseInterval to 0, which means that information on new CUPS printers will not be sent automatically to other computers. However, you can configure another CUPS server to find your printer browse list. For example, the following command gets the list of printers from a CUPS server at 192.168.0.222 on port 631:

 #BrowsePoll 192.168.0.222:631 

Whatever you do, don t set BrowseTimeout to a value lower than BrowseInterval . If you do, printers are removed from your list before they re shared with the rest of the network. The default is 300 seconds:

 #BrowseTimeout 300 

If you want to provide access to other networks, use the BrowseRelay variable. The following are examples of commands you d use to send the list of your shared CUPS printers to computers on other networks. The first address or interface must be on the local network. If you re using IP addresses, the second address can be a broadcast address for the other network.

 #BrowseRelay 192.168.0.222 10.12.15.255 #BrowseRelay 192.168.0.0/24 10.12.15.255 

The default port for CUPS broadcasts is the standard TCP/IP port for the Internet Print Protocol (IPP), 631. You could make your system a bit more secure by specifying a different port, but you d have to make sure that all other computers on your network are looking for printers on that different port by using the BrowsePort variable:

 #BrowsePort 631 

Browse Security

You can limit the computers that are allowed to browse your list of CUPS printers. By default, BrowseAllow accepts data from all addresses and BrowseDeny does not deny access to any computer.

You can specify networks by their IP address, network address, or domain name in a number of ways. Here are examples of valid commands:

 # BrowseAllow 10.12.0.0/24 # BrowseAllow 10.12.0.0/255.255.0.0 # BrowseAllow all # BrowseDeny *.example.com # BrowseDeny none # BrowseDeny @IF(eth1) 

But what comes first, Allow or Deny? That s determined by the BrowseOrder variable. If it s set to

 #BrowseOrder allow,deny 

computers are allowed to see your list of shared printers, unless specifically listed in a BrowseDeny command. Conversely, the following command allows access only if the computer is listed in a BrowseAllow command:

 #BrowseOrder deny,allow 
Note  

Naturally, if you want to specify a domain or a hostname, you need to set HostNameLookups to On .

System Security

The area of security is where cupsd.conf looks most like an Apache configuration file. While the default CUPS user is sys, as defined by the SystemGroup variable

 #SystemGroup sys 

you can configure < Location / > containers to regulate access IP addresses, classes, jobs, encryption, and more. The standard Red Hat configuration allows access to the CUPS server only from the local computer:

 <Location /> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location> 

You can specify other IP addresses in regular or CIDR notation. If you have HostNameLookups set to on (not recommended), you can even use host or domain names. As shown here, you can limit access by class (the first example limits access to a class named AnyPrinter ) or by printer (the second example limits access to a specific printer named HPLaserJet):

 <Location /AnyPrinter> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location> <Location /AnyPrinter/HPLaserJet> Order Deny,Allow Deny from All Allow From 127.0.0.1 </Location> 

Other containers allow you to regulate administrative operations, as shown in Table 25.11.

Table 25.11: Location Container Options

Container

Description

< Location / >

Associated with all CUPS print operations.

< Location /admin >

Associated with CUPS administrative operations; it may be a good idea to limit administrative access to CUPS.

< Location /classes >

Associated with limits on all configured CUPS printer classes.

< Location /classes/ classname >

Associated with limits on the CUPS printer class named classname .

< Location /jobs >

Associated with limits on print job management.

< Location /printers >

Associated with limits administrative access on managing all printers.

< Location /printers/ printname >

Associated with limits administrative access on managing the printer named printname .

Don t forget to end your containers with the < /Location > command. Besides Order , Deny , and Allow , there are other commands that you can add to a < Location / > container. They are described in Table 25.12.

Table 25.12: Location Directive Commands/Definitions

Command

Description

Allow

Used for computers or interfaces allowed to access the specified printer or class.

Anonymous

Indicates that no username or password is required; generally the default.

AuthClass

Specifies required authentication; options include Anonymous , User , System , and Group .

AuthGroupName

Sets the name of the group associated with a Group AuthClass .

AuthType

Defines the type of required usernames and passwords; options include None , Basic using /etc/passwd , Digest and Basic Digest using /etc/cups/passwd.md5 .

Deny

Used for computers or interfaces not allowed to access the specified printer or class.

Encryption

Specifies whether encryption is required for usernames and passwords; options include Never , IfRequested , Required , and Always .

Limit

Specifies allowed CUPS request commands.

LimitExcept

Specifies prohibited CUPS request commands.

Order

Specifies how CUPS reads the Deny and Allow commands.

Require

Limits access to a group , a user , or all users with valid-user .

Printer Classes

You don t have to configure a class for each CUPS printer. You can set up ImplicitClasses for different printers with the same name, such as HPLaserJet. Print jobs to an Implicit Class are sent to the printer with the first available queue. ImplicitClasses is on by default:

 #ImplicitClasses On 

You can set the Implicit Class name to AnyPrinter by setting ImplicitAnyClasses to on. It is off by default:

 #ImplicitAnyClasses Off 

If you re using ImplicitClasses , your users don t really need to know about individual printers in a class. If ImplicitClasses is on, the HideImplicitMembers variable is on by default.

 #HideImplicitMembers On 

Printer Management

Once you ve configured CUPS, you can use the CUPS GUI tool to manage current print jobs. You can also set up the cups-lpd service to allow you to use most standard LPD commands, including lpr , lpq , and lprm . These commands are covered later in this chapter. Finally, you can monitor the CUPS log files in the /var/log/cups directory for status, errors, and suspicious access attempts.

Job Management

It s easy to manage active CUPS print jobs. The CUPS Jobs screen in Figure 25.15 shows two different print jobs. If you need to print job MyLaserJet-8 first, you click MyLaserJet-7 s Hold Job button. CUPS displays a message that Job 7 has been held from printing, and Job MyLaserJet-8 starts automatically.

click to expand
Figure 25.15: Managing CUPS print jobs

Job MyLaserJet-7 is held in the print queue until you return to the Jobs menu and click the Release Job button.

Activating LPD Commands

To activate LPD-style commands for a CUPS server, you need to activate the cups-lpd service in the /etc/xinetd.d directory. You can activate this service with the chkconfig service cups-lpd on command. More information on managing xinetd services is available in Chapter 23 .

You may need to activate cups-lpd for some applications that were originally designed for an LPD-style interface.

CUPS Log Files

CUPS log files, which we briefly described earlier in this chapter, are normally stored in the /var/log/ cups directory. The access_log file lists the computer along with the date and time of access to the CUPS server. The example shown in Figure 25.16 lists access from only the default local computer, localhost.

click to expand
Figure 25.16: CUPS access_log file

The error_log file lists more than just standard errors; as shown in Figure 25.17, it also lists basic activity of the CUPS server, including on the first line, the print job that was held in the previous section.

click to expand
Figure 25.17: CUPS error_log lists more than just errors.

Finally, the page_log file lists any job that s been sent to the queue, even if it was cancelled. An example of this file is shown in Figure 25.18.

click to expand
Figure 25.18: CUPS page_log lists print jobs.
 


Mastering Red Hat Linux 9
Building Tablet PC Applications (Pro-Developer)
ISBN: 078214179X
EAN: 2147483647
Year: 2005
Pages: 220

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net